3

From Wikipedia: RSA SecurID is a mechanism developed by RSA Security for performing two-factor authentication for a user to a network resource.

I just read about this device, and it seems interesting to me. However, I'm not sure how (or even if) software (networked or non-networked) can utilize this method of authentication.

I'm making this a community wiki post as this isn't a specific question, but a general overview of addressing authentication with SecurID and similar technologies.

Thomas Owens
  • 114,398
  • 98
  • 311
  • 431

4 Answers4

4

There's a similar technology called YubiKey.

Eugene Yokota
  • 94,654
  • 45
  • 215
  • 319
2

Verisign's OpenID provider supports such tokens (sold at a discount by EBay and PayPal), which is certainly the easiest way to get started using dual-factor authentication for web applications.

Charles Duffy
  • 280,126
  • 43
  • 390
  • 441
1

To actually answer the original question, there are several ways to integrate with SecurID, from "simplest" to "requires a bit more work":

  1. See if the application is already integrated/certified. A list of applications that have been integrated and validated by RSA can be found at http://www.rsasecured.com. Only applications that have opted to be validated are listed; it's possible that an application can integrate but has not undergone validation.
  2. Leverage one of the existing RSA Authentication Agents (pieces of code that talk to the Authentication Manager server) and that integrate, for example, with the OS/Application Server/Web server, so that the authentication can be "offloaded" to the agent, and the application only has to take care of the core functionality. The Agents that RSA develops can be downloaded from http://www.emc.com/security/rsa-securid/rsa-securid-authentication-agents.htm (RSA is the Security Division of EMC).
  3. If the application/device can leverage the RADIUS protocol for external authentication (see http://en.wikipedia.org/wiki/RADIUS), the Authentication Manager server is also a RADIUS server.
  4. Lastly, if you want to integrate the application directly with RSA, the RSA SecurID Agent SDK allows you to embed the needed functionality in the application itself, so the app can talk directly to the Authentication Manager server, send authentication requests, receive the answers, leverage the HA functionality of the authentication server etc... This is how devices such as VPN SSL Concentrators, Firewalls, and many many others integrate (see the list in point 1).

Hope this helps

Sergey Nudnov
  • 1,327
  • 11
  • 20
JJarava
  • 552
  • 10
  • 18
0

My company, WiKID Systems, has a dual-source two-factor authentication system. In addition to radius, ldap etc, we have a very simple API called wAuth and packages available in PHP, Python, Ruby, Java and C#. These 'network client' packages are LGPL so you can put them in open source or commercial licensed software. You can download here. It would be pretty simple to do others too.

Also, we have an open source version of the software token, so you can embed that if you like and you can really see how the system works from end-to-end.

Matthew Murdoch
  • 30,874
  • 30
  • 96
  • 127