One keystone of access protection is authentication; which is the unambiguous
and authentic identification of the user. The most widespread solution to this
is the application of the username-password combination, which however, has several
attackable features (it can be passed on, guessed, eavesdropped, etc.). A different,
so-called “strong authentication system”, which in addition to the password also
requires a physical device to identify the user in an authentic manner, has been
developed to eliminate these inadequacies. The strong authentication systems can
be installed around two types of physical devices. The benefit of the ‘time +
secret key’ based token card is that it does not require a special reading hardware
on the client side, while in the event of applying the smart card this is necessary.
In the events including increased risks a further identification factor can also
be used, that is the biometric identification, which examines a certain individual
body feature (fingerprint, voice, etc.) of the person to be identified.
The RSA’s Security SecurID system is one of the most widely used user identification
systems in the world.
The system identifies the users by means of a hardware token in their possession
and the relevant PIN code. The core of the system is a central identification
server, server group (load distribution). A code which is modified at the intervals
of one minute appears on the token and this, together with the relevant PIN code,
unambiguously identifies the user. The system is also protected against eavesdropping
because the user identifier changes at intervals of one minute and the system
will accept the same code only once. The identification code is generated by the
token on the basis of an installed mechanism and a factory SID code, only known
by the given token and the central identification system.
An agent, who in the event of access to the system requires the user identification
and transmits the correct identification information to the central identification
server, shall be logged onto the device in which the strong user identification
is intended to be used. In the event of a successful identification, the user
can sign in on the system.
The system is applicable in all events when no device (e.g.: smart card reader)
can be installed onto the client side, but strong identification is required.
One of the most well-spread application areas is the safe signing on into the
RAS servers. The system can be integrated for signing on into an operation system,
authentication on firewalls and in several other events. Several manufacturers,
such as Checkpoint and Cisco, have recognized the opportunities inherent in the
SecurID system and integrated the agent software into its solutions. The complete
list is available on the Internet at www.rsasecured.com