The Risk Evaluation API (arcot-riskfort-evaluaterisk.jar) is the interface to RiskMinder Server, which provides the logic for evaluating risk associated with a transaction and returning an appropriate advice.
Based on the various factors collected from user’s system and the result of configured rules that are triggered, this API returns a score and a corresponding advice. If RiskMinder recommends additional authentication (which is performed by your application), then this API also returns a final advice based on the feedback of this secondary authentication received from your application.
During risk evaluation, a Device ID is passed to the API, which is then used by RiskMinder Server to form a user-device association in the database. The Device ID is stored on the end user's device.
This association (or device binding) helps identify the risk for transactions originating from a system used by the user for a transaction. Users who are not bound are more likely to be challenged in order to be authenticated. You can also list and delete these associations by using this API.
Note: Users can be bound to more than one device (for example, someone using a work and home computer) and a single device can be bound to more than one user (for example, a family sharing a computer).
|
Copyright © 2013 CA.
All rights reserved.
|
|