Following are some of the security guidance to be followed by the Requestor App for secure use of the SDK. After you configure "cardinalSession" defined in Step 3 of the Flow Documentation, call "getWarnings" method on cardinal session to get a list of all the Warnings detected by the SDK. For Example, Following five vulnerabilities are detected by SDK: The integrity of the SDK has tampered. SW03 An emulator is being used to run the App. SW04 A debugger is attached to the App. SW05 The OS or the OS version is not supported. Analyze the list of warnings to take further action. After you initialize "threeDSService" defined in Step 3 of the Flow Documentation, call "getSDKVersion" method on threeDSService to get the version of the SDK. For Example, After initializing, check the SDK Version to make sure you are using the latest version of the SDK. After using the sensitive data returned by the SDK, make sure to secure delete all the local variables. For example, AuthenticationRequestParameters returns sensitive data. As soon as it's used, clear the object those sensitive data are referenced to. Secure Deletion can be obtained either by a random value assignment after usage or use approved third-party solution for secure memory like: https://github.com/project-imas/memory-security After completion of the transaction, always close the transaction object. This helps to clear all the memory consumed during that transaction. For example, After completion of the whole flow, always clean the threeDSService object. This helps to clear all the memory consumed during that ThreeDSService object. For example,Check Warnings
NSArray<Warning *> *warnings = [session getWarnings];
Security Warnings ID Description Severity SW01 The device is jailbroken. High SW02 High High Medium High Check SDK Version
NSError *error;
NSString *sdkVersion = [threeDSService getSDKVersion:&error];
if(error){
//Check error object for detail.
}
Secure Deletion of Sensitive Data
Closing Transaction Object
[transaction close];
CleanUp ThreeDSSerive Object
NSError *error;
[threeDSService cleanup:&error];
if(error){
//Error Cleaning Up the ThreeDSService. Check error for detail.
}
General
Content
Integrations