| The name of the base system (platform): | RSA Authentication Manager |
| Developers: | RSA (Security Division of EMC) |
| Technology: | Cybersecurity - Authentication |
Content |
The software constructed based on RSA SecurID technology allows to use the mobile device as the identity certificate at gaining access to corporate systems and data. The solution provides a possibility of carrying out high-quality two-factor authentication of users and minimizes the probability of unauthorized access to resources.
The product is addressed to those organizations which already use the RSA SecurID system for authentication of users. Software of RSA SecurID Software Token can directly be established on Android device by loading of an install packet from the website Android Market and is used for generation of the one-time password updated each 60 seconds and providing secure access to resources. For deployment of the offered protection gears and centralized operation the product RSA Authentication Manager can be used by them.
Key advantage of the solution is that non-management employees of the organization will be able to use it independently, asking for the help IT specialists only in case of problems. RSA also brings to attention of developers new SDK tools for the Android platform which will allow creators of the mobile software to guarantee the increased security of own products due to integration into them of industry-leading mechanisms of two-factor authentication RSA SecurID.
2017: RSA SecurID Access
The RSA company announced at the beginning of a year the large updating of the SecurID platform providing more than options of access and the analysis of security to help the organizations to maintain security of identification data and access[1].
Among enhanced capabilities of the guaranteed identification in a portfolio of SecurID Access there are cloud and mobile options and also the developed means of risk analysis.
Mobile application for multifactor authentication which is a part of an expanded portfolio of SecurID Access provides new options of authentication, including biometrics. In addition RSA added contextual analysis of risks to technology of mobile authentication now.
In a portfolio of RSA there are also other technologies of the analysis of security, including the product NetWitness which uses analytics to help to identify the potential attacks and to strengthen security. Dyusharm explained that SecurID applies risk analysis to providing higher degree of integrity of authentication of users.
Deployment of functions of the guaranteed identification in a cloud belongs to the improved opportunities of a new portfolio of RSA SecurID Access. Protection of access to cloud applicaions is that area in which Cloud Access Security Broker (CASB) technologies are often applied.
2012: RSA SecurID cracked in 13 minutes
The vulnerability detected by researchers allows to compromise the cryptographic devices working at a PKCS#11 standard basis.
Researchers Romain Bardou, Lorenzo Simionato, Graham Steel, Joe-Kai Tsay, Riccardo Focardi and to Yusuke Kawamoto published the report of "Efficient padding oracle attacks on cryptographic hardware" in which described the vulnerability allowing to open the imported keys from different cryptographic devices which work at a PKCS#11 standard basis.
This standard is used among other things and in RSA SecurID tokens from the EMC company which is one of the largest producers in this sphere. Large corporations, public institutions and small business purchase these charms for the employees that they could undergo safely authorization on the systems.
Experts managed to develop the cracking method requiring only 13 minutes for a compromise of the cryptographic device. The representative of EMC Kevin Kempskie, in turn, commented on the report, having said that their own experts studied it whether to check "this research truthful is".
According to K. Kempski, researchers managed to reduce average amount of the requests necessary for cracking of a 1024-bit key from 215 thousand to 9.4 thousand. This statistics, according to the representative of EMC, demonstrates that this attack "is rather effective to be practical".
The group of researchers also noted that their method of cracking is applicable to such products as Aladdin eTokenPro, Siemens CardOS and Gemalto CyberFlex. Besides, similar vulnerability contains in the Estonian identification smart cards which are comparable to the passport
Notes
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |