One keystone of access protection is authentication; which is the unambiguous and authentic identification of the user. The most widespread solution to this is the application of the username-password combination, which however, has several attackable features (it can be passed on, guessed, eavesdropped, etc.). A different, so-called “strong authentication system”, which in addition to the password also requires a physical device to identify the user in an authentic manner, has been developed to eliminate these inadequacies. The strong authentication systems can be installed around two types of physical devices. The benefit of the ‘time + secret key’ based token card is that it does not require a special reading hardware on the client side, while in the event of applying the smart card this is necessary. In the events including increased risks a further identification factor can also be used, that is the biometric identification, which examines a certain individual body feature (fingerprint, voice, etc.) of the person to be identified.

RSA SecurID

The RSA’s Security SecurID system is one of the most widely used user identification systems in the world.

The system identifies the users by means of a hardware token in their possession and the relevant PIN code. The core of the system is a central identification server, server group (load distribution). A code which is modified at the intervals of one minute appears on the token and this, together with the relevant PIN code, unambiguously identifies the user. The system is also protected against eavesdropping because the user identifier changes at intervals of one minute and the system will accept the same code only once. The identification code is generated by the token on the basis of an installed mechanism and a factory SID code, only known by the given token and the central identification system.

An agent, who in the event of access to the system requires the user identification and transmits the correct identification information to the central identification server, shall be logged onto the device in which the strong user identification is intended to be used. In the event of a successful identification, the user can sign in on the system.

The system is applicable in all events when no device (e.g.: smart card reader) can be installed onto the client side, but strong identification is required. One of the most well-spread application areas is the safe signing on into the RAS servers. The system can be integrated for signing on into an operation system, authentication on firewalls and in several other events. Several manufacturers, such as Checkpoint and Cisco, have recognized the opportunities inherent in the SecurID system and integrated the agent software into its solutions. The complete list is available on the Internet at www.rsasecured.com