Release name: Protector OATH SDK 5.3.0
Release date: March 02, 2020
Supported platforms & processor architectures
- iOS 10 up to 13.3.
- Processor architectures: ARM64, x86_64 (ARMv7 and i386 are no longer supported)
- Android 5 up to 10 (Android 4.4 is no longer supported)
- Default package
- Processor architectures: armeabi-v7a, arm64-v8a, x86, x86_64
- FaceID package
- Processor architectures: armeabi-v7a, arm64-v8a
Android & iOS
- Added a new FastTrack API layer which simplifies integration of the SDK by reducing the number of API calls to the SDK. The new API is compatible to cross-platform frameworks such as Cordova, React Native, and Xamarin. Refer to FastTrack for more details.
- Added a new sample application that includes the OTP, OOB, and MSP features in a single app.
Fixed issues and bugs
- Resolved the issue of biometric authentication when the end user enrolls the fingerprint again on Android 8 or later.
- There is a memory leak in the Secure Storage feature due to the string-terminating character. However, the leak does not contain any sensitive information.
- Vulnerability in secure keypad allows the screen recording through ADB shell when it is configured in dialog mode.
- The predefined template #0 (
INPUT_FURTHER_INPUTS) is not supported for dynamic signatures.
- For CAP on iOS platforms, the length of the elements encoded in BER-TLV (such as CDOL definition) cannot be longer than 127 bytes.
- Secure keypad does not support custom-designed top section of the keypad screen in dialog mode.
- On iOS platform, the top element of secure keypad is not vertically aligned if the keypad controller is presented modally as a view controller for the navigation controller.
- SHA-256 algorithm for HOTP is supported on SAS Authentication Server only.
- The Secure Storage feature in iOS does not support multiple instances with different device fingerprint source configurations.
- Dual seed tokens are only supported with TOTP and time-based OCRA.
- OCRA HEX challenge with odd length is not supported.
- Additionally, the setting OCRA suites with odd length HEX challenge format is not supported.
- When using provisioning protocol v1 (PPV1) with EPS 1.x, the provisioned Token Sequence Number (that is, GIDV) cannot be used as part of the CAP OTP calculation (that is, configured to be included in the IPB).
- When using PPV1 with EPS 1.x, the provisioned Token Sequence Number (that is, GIDV) can only be a decimal and is in the range 0-99. The length varies depending on the configured GIDV length in the backend.
- DSKPP provisioning only supports DSKPP provisioning protocol V1 which is based on Thales proprietary servers SPA and SAS.
- On Android device with an in-screen fingerprint scanner, Android will prompt a system fingerprint UI on top of the application custom fingerprint UI. The fingerprint authentication will still work as expected.
- On Android device Google Pixel 4/4 XL, the system biometric authentication is not supported.
- Upgrading a token to biometric user authentication fails on iOS Simulator from version 13 to 13.3:
isAuthModeActivewill always return a “NO” value. This is due to an iOS backward compatibility issue and has been reported to Apple. This issue is only specific to simulator, it works well on real devices.
- Migration of Android 10 will fail if targetSdkVersion is set to 29. Current workaround is to set targetSdkVersion to 28.
Supported authentication algorithms
- Thales DIS Verify Issuer function (FRS Protector OATH ZEN token - version 1.0)
- CAP: Version 2007 (all modes)
- Dynamic Signature: Thales DIS Proprietary Formatting (TPF), CAP Mode 2 TDS Formatting
- OATH: HOTP (RFC 4226 - Dec 2005), TOTP (RFC 6238 - May 2011), OCRA (RFC 6287 - June 2011)
- Thales DIS – Digital Banking OATH options (Version 1.1)
- 10.3.3: Apple iPad Air
- 11.2.5: Apple iPad Pro
- 12.0.0: Apple iPhone 7 Plus (jailbroken)
- 12.1.0: Apple iPhone 7 Plus
- 12.4.3: Apple iPhone 5s
- 13.3.1: Apple iPhone 6s
- 13.4 Beta 1: Apple iPhone XS Max
- 5.0.2: Xiaomi Mi 4i
- 5.0.2: HTC One
- 5.1.1: OnePlus One
- 5.1.1: Blackberry Priv
- 6.0.0: Wiko Sunny
- 6.0.1: OnePlus Two
- 6.0.1: Samsung Galaxy S6
- 7.0.0: Samsung Galaxy S7
- 7.0.0: Samsung Galaxy Feel
- 7.0.0: Sony Xperia Z5
- 7.1.1: Oppo R11s
- 8.0.0: LG V30+
- 8.0.0: Huawei Nexus 6P
- 8.1.0: Huawei Nexus 6P(rooted)
- 9.0.0: Samsung Galaxy S10
- 10.0.0: Google Pixel 2
- 10.0.0: Google Pixel 3A