|
SecurID is a mechanism developed by Security Dynamics and currently owned by RSA Security for authenticating a user to a network resource. Image File history File linksMetadata Download high resolution version (3072x2048, 2098 KB) RSA SecurID Tokens Photo by Mateusz Adamowski, taken with Canon EOS. File links The following pages link to this file: SecurID Metadata This file contains additional information, probably added from the digital camera or scanner used to create...
Image File history File linksMetadata Download high resolution version (3072x2048, 2098 KB) RSA SecurID Tokens Photo by Mateusz Adamowski, taken with Canon EOS. File links The following pages link to this file: SecurID Metadata This file contains additional information, probably added from the digital camera or scanner used to create...
RSA Security is a public company NASDAQ: RSAS. Its headquarters are in Bedford, Massachusetts, and it maintains offices in Ireland, the United Kingdom, Singapore, and Japan. ...
The SecurID authentication mechanism consists of a "token" -- a piece of hardware assigned to a user that generates an authentication code every sixty seconds using a built-in clock and the card's factory-encoded random key (known as the "seed" and often provided as a *.asc file). The seed is different for each token, and is loaded into the corresponding SecurID server (the "ACE Server") as the tokens are purchased. Some SecurID deployments may use 30 second rotations. Several types of security tokens. ...
The token hardware is designed to be tamper resistant to deter reverse engineering of the token. Despite this, public code has been developed by the security community allowing a user to emulate a SecurID in software, but only if they have access to a current SecurID code, and the original SecurID seed file introduced to the server. In the field of computer security, system hardware is said to be tamper-resistant if it is difficult to modify or subvert, even for an assailant who has physical access to the system. ...
Reverse engineering (RE) is the process of taking something (a device, an electrical component, a software program, etc. ...
A user authenticating to a network resource -- say, a dial-in server or a firewall -- needs to enter both a PIN (something you know) and the number being displayed at that moment in time on their SecurID token (something you have). Some systems using SecurID disregard PIN implementation altogether, and rely on password / SecurID code combinations. The server, which also has a real-time clock and a database of valid cards with the associated seed records, computes what number the token is supposed to be showing at that moment in time, checks it against what the user entered, and makes the decision to allow or deny access. A personal identification number (PIN) is a numeric value (sometimes expressed as text using the standard telephone dial mapping) that is used in certain systems to gain access, and authenticate. ...
On systems implementing PINs, a "duress PIN" may be used -- an alternate code which creates a security event log showing that a user was forced to enter their PIN, while still providing transparent authentication.
While the SecurID system can add a layer of security to a network, difficulty can occur if the authentication server's clock becomes out of sync with the clock built in to the authentication tokens. However, typically the ACE Server automatically corrects for this without affecting the user. It is also possible to manually re-sync a token in the ACE server. Also, providing authentication tokens to everyone who might need to access a network resource can be expensive, particularly as the tokens are programmed to "expire" at a fixed time, usually three years, requiring purchase of a new token.
Other network authentication systems, such as S/Key (sometimes known as OTP, as S/Key is a trademark of Bellcore,) attempt to provide the "something you have" level of authentication without requiring a hardware token. S/KEY is a one-time password system developed for Unix-like operating systems. ...
Telcordia Technologies, formerly Bellcore, is an American telecommunications company created in 1984 after the breakup of AT&T. It was split from the original Bell Labs as part of the negotiated consent decree with the US government, and served Research & Development and standards setting functions for the resulting seven Baby...
External links
Technical details
Published attacks against the SecurID hash function |
Feeds |
Contact