Language Selection

English French German Italian Portuguese Spanish

RSA Security Sees Hope in Online Fraud

Filed under

It was a Friday afternoon for the computer encryption folks at RSA Security Inc., and summertime greenery filled the countryside view from Art Coviello's office.

Even so, the RSA chief could have been excused if he didn't seem relaxed. RSA had just announced its second straight set of quarterly results that didn't dazzle Wall Street analysts, and RSA's stock was flirting with a 52-week low.

But Coviello shrugged it off. Analysts, schmanalysts. More importantly, he said, lots of factors are about to turn in RSA's favor, namely the need for more secure, traceable financial transactions in a world beset by online fraud and identity theft.

"The whole thing's moving a lot more slowly than it ought to," Coviello said. "We've got to keep pounding and pounding until we reach a tipping point, and we will take advantage of it."

The lack of an obsession over quarterly results isn't the only unusual thing about RSA, which still bears the marks of an academic past despite being a $300 million company with 1,200 employees and customers in government, banking and health care.

RSA is named for three Massachusetts Institute of Technology professors, Ron Rivest, Adi Shamir and Len Adelman. Though they are no longer involved with the company they founded in 1986, their invention of a seminal method of cryptography set the tone for the company and is crucial in online commerce.

Today RSA is perhaps best known for staging a prestigious annual security conference and for selling 20 million little devices that display a six-digit code computer users must type to gain access to computer networks. The code, which changes every minute as determined by an RSA-created algorithm, is unique to each "SecureID" token, making it useless to a snoop.

The requirement that users enter the code in addition to a password is known as two-factor authentication, an approach that figures to gain ground over simple passwords as more and more sensitive data move online.

Indeed, RSA's sales of authentication products jumped 16 percent last year, as RSA's overall profits more than doubled, to $35 million. E-Trade Financial Corp. and America Online Inc. began offering SecureID devices to some customers over the past year. The Associated Press also uses the tokens for network access.

"It is the Kleenex or Q-Tip of two-factor identification," said Gregg Moskowitz, an analyst with the Susquehanna Financial Group. "SecureID is the brand name."

But wide deployment in consumer applications has come slowly.

In theory, every institution that does business on a Web site could increase its security by offering its users RSA tokens.

But practically, it would be a nightmare to have 20 different devices with their own codes. And banks apparently don't trust one another enough to accept a competitor's authentication token.

RSA hopes to smash such hang-ups by acting as an intermediary, launching a new "hosted" service this fall in which its servers will check whether a consumer entered the proper token code - even if the token was made by an RSA rival - then relay the "yea" or "nay" back to the bank. RSA already provides such a service for companies' internal access control, but has yet to offer it for consumer applications.

Investors will be watching closely. Although Coviello is confident that wider trends in access control - such as rampant identity theft and abuse of Social Security numbers - should play to RSA's strengths, he acknowledges that RSA needs to do more to push the market rather than wait for it.

That means RSA has to be much more than the company known for authentication tokens - a product that some analysts say is coming down in price because of competition. RSA also hopes to expand its sales of software and security consulting services, where heftier rivals such as VeriSign Inc. and International Business Machines Corp. also lurk.

"When you consider all the identity theft that is taking place now, the challenge for RSA is to monetize that," Moskowitz said. "It's easier said than done."

RSA believes one key differentiator can be its research arm, including the eight people in "RSA Labs," a group so focused on the advanced mathematics behind cryptography that it is described as an academic institution within the company.

RSA researchers are expected to dream up ways to expand the use of two-factor authentication, though sometimes that puts the company a bit ahead of the market.

One system being developed would use radio-frequency chips in keyless office access cards so employees wearing one can automatically access their secured computers as soon as they near them. Such a system would use a fingerprint reader on the computer to confirm identity. That product won't be ready, though, for a year or two.

Then there's an effort, led by labs director Burt Kaliski, to give users a better way to confirm the legitimacy of Web sites - and avoid "phishers" who set up phony sites to lure passwords and account information from the unsuspecting.

Kaliski envisions a system in which Web browsers or even computer operating systems act as an intermediary between a user and a site. Through the principles of encryption, the intermediary software could tell the Web site that the user entered the proper password without sending the actual password.

In another realm, RSA has created a "blocker tag" that ensures that radio-frequency identification chips can be scanned only by designated readers. It could be an elegant answer to the question of whether RFID chips, which are designed to streamline corporate inventory systems, might pose privacy risks for consumers. (The chips also are coming to U.S. passports, raising fears that American travelers overseas could be surreptitiously, remotely tracked.)

But for now this and other RFID solutions sit on the shelf, since the deployment of such tags has been slower than predicted.

"That is the hardest thing for a technology company to do," Coviello said. "You have to anticipate a market, not get too far ahead of customers, but you want to be there when they come around."

But he quickly added: "We've been around 20 years, and I think the market opportunity ahead of us is richer than ever before."

Associated Press

More in Tux Machines

today's howtos

Linux Kernel News

  • Applying the Linus Torvalds “Good Taste” Coding Requirement
    In a recent interview with Linus Torvalds, the creator of Linux, at approximately 14:20 in the interview, he made a quick point about coding with “good taste”. Good taste? The interviewer prodded him for details and Linus came prepared with illustrations. He presented a code snippet. But this wasn’t “good taste” code. This snippet was an example of poor taste in order to provide some initial contrast.
  • DTrace for Linux 2016
    With the final major capability for BPF tracing (timed sampling) merging in Linux 4.9-rc1, the Linux kernel now has raw capabilities similar to those provided by DTrace, the advanced tracer from Solaris. As a long time DTrace user and expert, this is an exciting milestone! On Linux, you can now analyze the performance of applications and the kernel using production-safe low-overhead custom tracing, with latency histograms, frequency counts, and more.
  • The initial bus1 patch posting

OSS Leftovers

  • Pitt, partners create open source software for cancer genome data
    Researchers at the University of Pittsburgh, UPMC and the Pittsburgh Supercomputing Center have created software to help investigators more easily navigate genomic cancer data. The free, open-source software, profiled Thursday in the journal PLOS ONE, processes data generated by The Cancer Genome Atlas project. Funding for the new software was provided by the Institute of Precision Medicine and the University of Pittsburgh Cancer Institute.
  • Starting a Career as an Open Source Developer
    "Disney, John Deere and Walmart. Any idea what these three companies have in common?" The question was asked on Wednesday by Brandon Keepers, GitHub's head of open source. He was about three minutes into a session he was conducting called "Contributing to Your Career" at the All Things Open conference. "All three of these companies are actually software companies," he answered after taking a moment to tease the audience. "They do other things. They build tractors, protect trademarks and build amusement parks, and sell groceraies and things that you need everyday. But they've also become software companies and they've become really active in open source -- and they're not alone."
  • A look at how retail giant Walmart is becoming open source first
    It’s rare that we speak to large, global enterprises that are redesigning their technology stack and culture around an open source first policy. More often than not companies stick to their legacy vendors of choice, or they shift to ‘reliable’ cloud/digital vendors where similar buying rules apply. However, that’s exactly what Walmart is doing. Since acquiring performance lifecycle management start-up OneOps four years ago, in order to implement a DevOps approach to its e-commerce environment, the retailer is also prioritising open source over everything else – with it having made a big investment in OpenStack for its infrastructure.
  • Open source no longer scares the enterprise
    Open source breaks the rules on corporate procurement, but developers never play by the rules and now open source has sneaked in through the back door A study by Vanson Bourne for Rackspace reports that businesses are making big savings by using open source. In the survey of 300 organisations, three out of five respondents cited cost savings as the top benefit, reducing average cost per project by £30,146.
  • Defining MANO: Open Source vs. Standards
    As service providers are working to deploy NFV-based services, they are finding that management and orchestration (MANO) is a pain point. One of the big questions about MANO is how we go from a high-level architecture diagram to interoperable implementations. Do we take the traditional telco path and work through standards bodies? Or do we take a cloud-centric path and focus on open source development projects?
  • Eclipse Kapua IoT Project Gets Code from Eurotech and Red Hat
    The nascent Eclipse Kapua project got a big boost this week from its chief sponsors, open source solutions provider Red Hat and M2M/IoT platform provider Eurotech. The two companies announced their first official code contributions to the recently approved project, through which they are developing a modular, cloud-based platform for managing IoT gateways and smart edge devices. Red Hat and Eurotech collaborated to propose the project last June.

Red Hat and Fedora

  • ESDS Teams Up With Red Hat On Managed Cloud Hosting Services
    ESDS Software Solution has announced that it has joined hands with Red Hat to bring together the benefits of cloud solutions to legacy applications and enterprise databases. Customers can now avail managed data and cloud hosting services on ESDS eNlight Cloud platform that allows vertical auto scaling of virtual machines. ESDS can now offer needed agility to enterprises that may not otherwise reap the benefits of cloud, given the architecture of their systems. eNlight Cloud is a state-of-the-art cloud hosting solution with a built-in ability to automatically scale CPU and RAM on-the fly. Customers can now access the benefits of automatic load sensing and scaling, pay-per-consumption metered billing, root access to enterprise databases and managed OS, database and network services by using Red Hat Enterprise Linux on patented eNlight Cloud. This solution is targeted at customers across several verticals including aviation, banking, manufacturing, oil & gas, shipping and telecommunications.
  • Swisscom, UKCloud Adopt Red Hat OpenStack Platform
    Red Hat announced today that both Swisscom and UKCloud will be leveraging its OpenStack platform as the companies transition toward cloud computing. Swisscom will use the platform to develop its own cloud platform, and UKCloud will provide its customers with the ability to deliver digital services directly to UK citizens.
  • Red Hat Inc. (RHT) Stake Increased by Rail Splitter Capital Management LLC
  • Bodhi 2.3.0 released
    Bodhi 2.3.0 is a feature and bug fix release.
  • Fedora at Ohio Linuxfest 2016
    We arrived at the our hotel around 1PM on Friday. After checking in we headed over to find the new site in the Hyatt Regency Hotel. The first things we noticed was the Columbus Convention Center is doing a major renovation and one of those renovations was they removed the escalators from the food court to the second floor. At first we thought this may be a issue to move the event stuff in but there was an elevator close by. Also no signage for OLF in the Food Court area. After getting off the elevator on the second floor there was a sign pointing around the corner to the Ohio Linuxfest registration table. This year Ohio Linuxfest charged $10 for general attendees (free to students with student ID). We checked in and out our badges (yes insert favorite Blazing Saddles joke here). We walked down to the Vendor Expo hall which this year had a grand total of 28 exhibitors (see website for vendor lists). While the Expo was setup ready for Vendors to move in but the Vendor Expo was not open to the public on Friday.