RSA Delivers Integrated Strong and Invisible Authentication for Mobile Applications

RSA Conference Europe 2011 – London - October 11, 2011 -

News Summary:

• RSA announces the release of software developer kits (SDKs) designed for mobile application developers to seamlessly integrate strong one-time password (OTP) or risk-based authentication into mobile applications without the need for a separate authentication device
• Developers can leverage world-class security of RSA SecurID® technology or RSA® Adaptive Authentication within mobile applications for leading device platforms including Android™ devices, Blackberry® devices and Apple® iOS
• Built-in security helps provide higher assurance for mobile business applications, simple user experience and reduced costs to deploy authentication
• Organizations adopting mobile applications can reduce risk of unauthorized access from mobile devices by implementing RSA strong authentication solutions

Software developers now have the ability to build additional layers of security and access control into mobile applications for leading mobile device platforms including Android devices, Blackberry devices and Apple iOS through the integration of RSA's award-winning RSA SecurID and RSA Adaptive Authentication solutions. Developers of mobile applications for business, banking, e-commerce and data access can now help increase security and confidence by integrating strong one-time password (OTP) and risk-based authentication in their mobile products.

"Mobile device shipments are now outpacing PCs, yet concerns over security persist, especially for enterprises, because of their use on networks that are usually outside of the control of IT departments," said Dan Schiappa, RSA Senior Vice President& Group GM, Identity and Data Protection. "RSA believes the implementation of strong OTP and risk-based authentication within mobile applications - in a manner that doesn't diminish the user experience - can help address some of those concerns and help advance development of secure mobile applications across the industry."

New Implementation of RSA SecurID Technology Combines OTP Strength with Simple User Experience

Mobile applications developers can embed RSA SecurID technology to provide strong one-time password authentication without impacting the familiar experience of entering a username and password. RSA has developed an API that is designed to enable end users to seamlessly authenticate through mobile applications with the RSA SecurID software token. However, instead of prompting the user to manually enter the one-time token code, the mobile application integrated with the RSA SecurID solution does this automatically. The same software token can still be outside the mobile application for traditional authentication tasks, for instance, if the user also needs a one-time password to access an online application from a personal computer such as a VPN or web portal.

"This is one of our most innovative implementations of the RSA SecurID software token because it is optimized to run in mobile apps in a manner that makes the strong authentication completely hidden from the user," said Sam Curry, CTO, Identity and Data Protection at RSA. "Users can securely access a mobile app with their familiar username and PIN while the strong authentication happens in the background. It's a great example of providing stronger security without sacrificing the simple user experience required in good mobile apps."

Existing customers can leverage their current investment in RSA SecurID technology to protect mobile applications. The RSA SecurID mobile SDK is engineered to allow IT organizations to seamlessly and securely provision software tokens to mobile devices with minimal user interaction to enable interoperability with internally developed enterprise applications as well as with popular mobile VPN and virtual desktop clients.

RSA is partnering with leading mobile VPN and virtual desktop solution providers to deliver strong OTP authentication on mobile applications through the use of the SDK. RSA Secured® Partners such as Citrix, Juniper and VMware are using the SDK to enable interoperability with popular enterprise applications such as Citrix Receiver® technology, Juniper JUNOS® Pulse technology and VMware View® technology.

The use of RSA SecurID software tokens helps decrease total cost of ownership for organizations as they don't require any physical shipping, can be revoked and automatically redeployed, eliminating the need for replacement tokens. Additionally, having the software authenticator embedded in the mobile device to be used for secure access to multiple applications can help reduce the number of costly technical support calls for misplaced tokens.

RSA Adaptive Authentication Delivers Risk-based Security for Mobile

RSA Adaptive Authentication is a risk-based authentication and fraud detection platform used by more than 10,000 organizations worldwide for authentication of more than 300 million users through risk indicators powered by the RSA® Risk Engine, such as device identification, geo-location, behavioral profiling, and fraud data from the RSA eFraudNetwork^SM community.

The RSA Adaptive Authentication mobile SDK has been designed to enable a seamless mobile application user experience with nothing additional to deploy on user mobile devices and no change to familiar login processes. RSA Adaptive Authentication is engineered to be embedded into mobile applications to help protect both login and post-login user activities by measuring risk indicators to identify high-risk and suspicious activities. Popular use cases include protecting mobile access to online banking, e-commerce, private portals and VPNs.

"It's designed for security and convenience and users typically don't even know they are being protected," adds Sam Curry. "Users can quickly authenticate through the mobile channel while RSA Adaptive Authentication helps maintain protection in the background."

Mobile applications that directly integrate RSA SecurID technology or RSA Adaptive Authentication can help provide organizations with assurance that their resources are designed to be protected from unauthorized access without any usability impact to the end user.