Cyota gives RSA token-less authentication

RSA Security's proposed acquisition of privately held Cyota will allow the company to offer a relatively cheap two factor, non token-based authentication system for its banking customers. RSA is probably best known for its SecureID tokens, which are used by the majority of large corporates and government departments to provide users with two factor authentication for accessing their network.

RSA Security's proposed acquisition of privately held Cyota will allow the company to offer a relatively cheap two factor, non token-based authentication system for its banking customers.

RSA is probably best known for its SecureID tokens, which are used by the majority of large corporates and government departments to provide users with two factor authentication for accessing their network. The tokens have also been deployed by banks to provide their high value customers with more secure access to online banking facilities.

However, banks have generally held off deploying token-based authentication for the majority of their customers because of the costs involved. Tim Pickard, vice president of international marketing at RSA Security told ZDNet Australia on Wednesday that the Cyota acquisition will allow RSA to provide banks with a means to reliably authenticate their customers without having to supply them with SecureID tokens.

Pickard explained that one of Cyota's products is a product called eSphinx, which collects information about the user during the usual authentication process and creates a risk assessment to help decide if the user should be treated suspiciously.

"[Cyota] has machine-based authentication -- it scans your laptop or PC and takes a number of sample readings of the setup," said Pickard who said the system is likely to be 'suspicious' if a user that usually accesses their online bank from a certain laptop in Sydney suddenly logs in from a different machine based in Eastern Europe or China.

"It manages the risk by profiling - such as the number of times you have logged in, the time of day, the place you are logging in from. All these things go into creating a risk score," said Pickard.

Pickard said that anybody that is flagged 'suspicious' may have to answer additional security questions or authenticate by phone before being given access.

"If your risk score is below this number then you are in, if it is above that number then you have to do another form of authentication -- such as another question, a phone call, even a one time password," he said.

According to Cyota's Web site, its software currently flags up around one percent of banking logins as suspicious.

Pickard said the authentication system is currently only being targeted at financial institutions, but it could also benefit online gaming sites and even retailers such as Amazon.com.

"It is mainly focused at banks but… there are definitely other areas where it could be useful. RSA has not directly spoken to companies [such as Amazon.com and ] about this but that is the type of company," said Pickard.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All