Added Security With Strong Authentication - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

02:13 PM
Connect Directly

Added Security With Strong Authentication

VeriSign and RSA Security intro security tools that could help combat the upswing in E-commerce threats.

It's hard to say what's growing faster, security threats or security solutions. Attacks on E-commerce sites have quadrupled, according to Symantec Corp. In the first six months of 2004, E-commerce sites were hit by nearly 16% of online attacks, up from the 4% reported during the previous six months, according to Symantec's latest Internet Security Threat Report.

Earlier this week, online security and infrastructure provider VeriSign Inc. added yet another security system to the industry with VeriSign Unified Authentication. The authentication system, available either as a service or software, is an extension of the company's VeriSign Intelligence and ControlSM Services. It integrates with a company's current IT infrastructure, including popular directory and application servers such as Active Directory, LDAP, and ODC databases, to enable businesses to address strong authentication needs with a single system.

Meanwhile, RSA Security Inc. revealed this week AOL PassCode, a new consumer service that provides America Online accounts with strong authentication via a key-chain-sized device that generates onetime pass codes every minute.

Strong authentication typically uses something you have (a token) and something you know (a pass code) to authenticate a user's identity.

The double dose of security that VeriSign and RSA are offering may be for naught. Laura Koetzle, a principal analyst at Forrester Research, says it remains to be seen whether strong authentication will catch on. Companies outside high-security industries, such as financial services, aerospace, defense, and high-tech manufacturing, have found the technology too costly for the benefits it provides, she says.

But VeriSign's announcement brings much-needed competition to a market dominated by RSA Security, she says. "It's good for customers because it gives them choice," she says, noting that VeriSign's tokens cost less.

"The fact that these two announcements came simultaneously is not coincidental," says Koetzle, who notes that users of RSA's strong authentication products among financial-services companies have expressed a desire for more-affordable protection. But if RSA and AOL can deliver the technology to consumers for a onetime fee of $9.95 and from $1.95 to $4.95 per month, the cost to businesses may come down, too.

VeriSign is rolling out two USB tokens, one of which features onetime password capabilities. "Identity theft has been a challenge," says Mark Griffiths, VP of security services at VeriSign. "Enterprises that are trying to integrate either business partners or consumers are saying, 'We need to find a better way of doing stronger authentication of the person logging into our network or Web-based application.' "

The technology will appeal to companies concerned about workers accessing the network remotely or business partners connecting to an extranet, Griffiths says.

It may also interest those concerned about Windows login authentication. In a separate but related announcement, VeriSign said that its United Authentication system delivers on a plan disclosed last year to bring strong authentication to the Microsoft Windows environment.

VeriSign's security infrastructure has been integrated with the Microsoft Windows Server 2003 platform to take advantage of Microsoft technologies, including Active Directory, Microsoft Certificate Server, and the Microsoft Internet Authentication Services components. It will be available at the end of September.

Soon thereafter, a new service component, VeriSign's Certificate Interoperability Service, will allow those who are using the Microsoft CA server as part of a Windows Server 2003 or Windows 2000 Server installation to extend encrypted communication beyond their own networks to external partners.

VeriSign officials claim their strong authentication offering will ease the costs and complexities associated with the technology. That could reduce some of the awkward workarounds companies have implemented, Griffiths says. For example, he says Australian banks have turned to cell phones and Short Message Service technology to distribute onetime passwords for online access. In Sweden, some companies rely on scratch cards with 30 or so preprinted onetime passwords, Griffiths says.

To demonstrate the potential of its new service, VeriSign has partnered with i-Safe, a government funded nonprofit that promotes Internet safety for children, to offer the i-Stik. This USB token, to be issued by participating schools, will authorize access to youth-oriented chat rooms that might otherwise attract pedophiles or similarly undesirable visitors. VeriSign is donating the infrastructure and hardware.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

New Storage Trends Promise to Help Enterprises Handle a Data Avalanche
John Edwards, Technology Journalist & Author,  4/1/2021
11 Things IT Professionals Wish They Knew Earlier in Their Careers
Lisa Morgan, Freelance Writer,  4/6/2021
How to Submit a Column to InformationWeek
InformationWeek Staff 4/9/2021
Register for InformationWeek Newsletters
Current Issue
Successful Strategies for Digital Transformation
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll