Versions Compared

Old Version 2

changes.mady.by.user Sudeep Tuladhar (Unlicensed)

Saved on

compared with

New Version 3

changes.mady.by.user Sudeep Tuladhar (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

NSError *error; [threeDSService cleanup:&error]; if(error){ //Error Cleaning Up the ThreeDSService. Check error for detail. }

Excerpt

Following are some of the security guidance to be followed by the Requestor App for secure use of the SDK.

Check Warnings

After you configure "cardinalSession" defined in Step 3 of the Flow Documentation, call "getWarnings" method on cardinal session to get a list of all the Warnings detected by the SDK. 

For Example, 

Code Block
NSArray<Warning *> *warnings = [session getWarnings];


Following five vulnerabilities are detected by SDK:

Security Warnings IDDescriptionSeverity
SW01The device is jailbroken.High
SW02

The integrity of the SDK has tampered.

High

SW03

An emulator is being used to run the App.

High

SW04

A debugger is attached to the App.

Medium

SW05

The OS or the OS version is not supported.

High
SW06

The application is not installed from a trusted source.

High


Analyze the list of warnings to take further action.


Check SDK Version

After you initialize Call "threeDSService" defined in Step 3 of the Flow Documentation, call "getSDKVersion" method on threeDSService getSDKBuildVersion" and "getSDKBuildNumber" method from Cardinal class to get the build version and number of the SDK.

For Example, 

Code Block
NSError *error;
NSString *sdkVersionsdkBuildVersion = [threeDSService getSDKVersion:&errorCardinalSession getSDKBuildVersion];
if(error){
	//Check error object for detail.
}NSString *sdkBuildNumber = [CardinalSession getSDKBuildNumber];

After initializing, check the SDK Version to make sure you are using the latest version of the SDK.

Secure Deletion

of

Sensitive Data

After using the sensitive data returned by the SDK, make sure to secure delete all the local variables. For example, AuthenticationRequestParameters returns sensitive data. As soon as it's used, clear the object those sensitive data are referenced to.

Secure Deletion can be obtained either by a random value assignment after usage or use approved third-party solution for secure memory like: https://github.com/project-imas/memory-security

Closing Transaction Object

After completion of the transaction, always close the transaction object. This helps to clear all the memory consumed during that transaction. 

For example,

Code Block
[transaction close];

CleanUp ThreeDSSerive Object

After completion of the whole flow, always clean the threeDSService object. This helps to clear all the memory consumed during that ThreeDSService object. 

For example,

Code Block