Skip to main content

What is RSASecure ID and How it works


RSA SecureID is in use from long time, I think even before GPS. It uses two factor authentication mechanism. **RSA SecurID**, formerly referred to as **SecurID**, is a mechanism developed by Security Dynamics (later RSA Security and now RSA, The Security Division of EMC (RSA Security)) for performing two-factor authentication (Two-factor authentication) for a user to a network resource.

RSA secureID generates token which is then transmitted to the server where it is matched against the stored value in the server database. to understand it clearly we need to go through one use case and i hope that will make things pretty clear. This token can be transmitted using USB port or directly by user input. so 2 type of device is being used.


John Smith joins a new company, According to new company's information security policy John is instructed to use RSASecureID to authenticate himself in corporate network. From the companies IT infrastructure department he got his brand new RSASecureID
This RSASecureID has a serial number in the back. This serial ID is stored in the server database and mapped to the John's email address and few other attributes which are unique to Mr. Smith. This will be used later to match againt the input of John Smith while logging into the corporate network.
Is this the only values stored in the Server ? obviously not !

 So how is works -
There is 128 bit key which is stored in the server mapped to the serial number and user id of John Smith. This Key id often called as Seed. Point to make note is, this seed is also hardcoded in the RSASecureID. so up untill this point we know that the Seed value is constant and is available both in RSASecureID device and server. This Seed value and the timestamp is passed in to the algorithm as input which genates long length output and 8 digit hash is calculated from this long length encrypted value.
Important point to make note is the clock in the server side and in RSASecureID is synched. There are some additional intellegence built into the server, if the values does not match server calculates this by adjusting the clock to plus or minus one minite.
In the server side same process gets repeated and generated hash is compared against the one which comes from the user, if the match is successful then users gets authenticated without any issues.

 How John Smith Uses it-
John open the authentication portal and propmted to enter the username and password. His username is his email (could be anything, but lets take email for simplifying this) and password is combination of his password and the hash generated in the RSASecureID devive. This value is then transfered to server securely.
Server finds the serial number mapped to his ID and from there it picks the seed value. Server goes on to generate the encrypted value by taing the timstamp and seed. It genrates the hash and append it to the John Smith password. It will then compare it with the entered value, if the match is success then Mr. Smith is authenticated.
Labels:

Comments

Post a Comment

Popular posts from this blog

Mobile Message Organizer

Got a basic requirement that i think every mobile should have, all the mail clients have this facility and i dont see any big difficulties on this other than the storage problem which is not a problem at all as we got GB of spaces in our memory cards. Well i am talking about the organizing the messages in Inbox , categorization of messages. Suppose i want to store all the messages from one of my friend say A in a folder called Personal, my existing mobile device Nokai E71 doesn't have this feature inbuilt (Ofcourse if you want you can make a folder and move the messages manually but here i am talking about the idea of automating this procedure). Only thing we need to do is , we have to store the rules in separate location , rules will be defined by the user and then device will follow these rules.There are no or very less software available which satisfy this requirement for mobile device.this is so simple but basic requirement as per the end user. I am going to make this one ...
2 comments
Read more

Interview : Shiv Khera

Winning as a way of life Shiv Khera, motivational expert, speaker, consultant and author of three best-selling books, does not necessarily speak about new things. His subject is human life – the individual vis-à-vis society, and how the two can win. But it is the use of the right word at the right time in the right context in simple, evocative terms that sets him apart. Rajeev Nair met him in Dubai Charged – that is one word to describe the infectious persona of Shiv Khera, the motivational expert, hot in demand in the US professional circles to turn around company fortunes and develop the man power base. The Indian has been a US-resident for nearly three decades but hasn’t relinquished his Indian citizenship; he even contested the general elections from Delhi.
1 comment
Read more

Indian Education System : Let's shape it

Good advice is always certain to be ignored, but that's no reason not to give it.                                                                                        By Agatha Christie   This is one of the things that I wanted to write from long back and per my opinion it should be matter of at most important for any educated person of India. Today in this article I would like  focus on reminding people about the importance of education and educational departments  no matter those are government related or privately held. Whatever we are to...
1 comment
Read more