Language Selection

English French German Italian Portuguese Spanish

RSA Security Sees Hope in Online Fraud

Filed under
Security

It was a Friday afternoon for the computer encryption folks at RSA Security Inc., and summertime greenery filled the countryside view from Art Coviello's office.

Even so, the RSA chief could have been excused if he didn't seem relaxed. RSA had just announced its second straight set of quarterly results that didn't dazzle Wall Street analysts, and RSA's stock was flirting with a 52-week low.

But Coviello shrugged it off. Analysts, schmanalysts. More importantly, he said, lots of factors are about to turn in RSA's favor, namely the need for more secure, traceable financial transactions in a world beset by online fraud and identity theft.

"The whole thing's moving a lot more slowly than it ought to," Coviello said. "We've got to keep pounding and pounding until we reach a tipping point, and we will take advantage of it."

The lack of an obsession over quarterly results isn't the only unusual thing about RSA, which still bears the marks of an academic past despite being a $300 million company with 1,200 employees and customers in government, banking and health care.

RSA is named for three Massachusetts Institute of Technology professors, Ron Rivest, Adi Shamir and Len Adelman. Though they are no longer involved with the company they founded in 1986, their invention of a seminal method of cryptography set the tone for the company and is crucial in online commerce.

Today RSA is perhaps best known for staging a prestigious annual security conference and for selling 20 million little devices that display a six-digit code computer users must type to gain access to computer networks. The code, which changes every minute as determined by an RSA-created algorithm, is unique to each "SecureID" token, making it useless to a snoop.

The requirement that users enter the code in addition to a password is known as two-factor authentication, an approach that figures to gain ground over simple passwords as more and more sensitive data move online.

Indeed, RSA's sales of authentication products jumped 16 percent last year, as RSA's overall profits more than doubled, to $35 million. E-Trade Financial Corp. and America Online Inc. began offering SecureID devices to some customers over the past year. The Associated Press also uses the tokens for network access.

"It is the Kleenex or Q-Tip of two-factor identification," said Gregg Moskowitz, an analyst with the Susquehanna Financial Group. "SecureID is the brand name."

But wide deployment in consumer applications has come slowly.

In theory, every institution that does business on a Web site could increase its security by offering its users RSA tokens.

But practically, it would be a nightmare to have 20 different devices with their own codes. And banks apparently don't trust one another enough to accept a competitor's authentication token.

RSA hopes to smash such hang-ups by acting as an intermediary, launching a new "hosted" service this fall in which its servers will check whether a consumer entered the proper token code - even if the token was made by an RSA rival - then relay the "yea" or "nay" back to the bank. RSA already provides such a service for companies' internal access control, but has yet to offer it for consumer applications.

Investors will be watching closely. Although Coviello is confident that wider trends in access control - such as rampant identity theft and abuse of Social Security numbers - should play to RSA's strengths, he acknowledges that RSA needs to do more to push the market rather than wait for it.

That means RSA has to be much more than the company known for authentication tokens - a product that some analysts say is coming down in price because of competition. RSA also hopes to expand its sales of software and security consulting services, where heftier rivals such as VeriSign Inc. and International Business Machines Corp. also lurk.

"When you consider all the identity theft that is taking place now, the challenge for RSA is to monetize that," Moskowitz said. "It's easier said than done."

RSA believes one key differentiator can be its research arm, including the eight people in "RSA Labs," a group so focused on the advanced mathematics behind cryptography that it is described as an academic institution within the company.

RSA researchers are expected to dream up ways to expand the use of two-factor authentication, though sometimes that puts the company a bit ahead of the market.

One system being developed would use radio-frequency chips in keyless office access cards so employees wearing one can automatically access their secured computers as soon as they near them. Such a system would use a fingerprint reader on the computer to confirm identity. That product won't be ready, though, for a year or two.

Then there's an effort, led by labs director Burt Kaliski, to give users a better way to confirm the legitimacy of Web sites - and avoid "phishers" who set up phony sites to lure passwords and account information from the unsuspecting.

Kaliski envisions a system in which Web browsers or even computer operating systems act as an intermediary between a user and a site. Through the principles of encryption, the intermediary software could tell the Web site that the user entered the proper password without sending the actual password.

In another realm, RSA has created a "blocker tag" that ensures that radio-frequency identification chips can be scanned only by designated readers. It could be an elegant answer to the question of whether RFID chips, which are designed to streamline corporate inventory systems, might pose privacy risks for consumers. (The chips also are coming to U.S. passports, raising fears that American travelers overseas could be surreptitiously, remotely tracked.)

But for now this and other RFID solutions sit on the shelf, since the deployment of such tags has been slower than predicted.

"That is the hardest thing for a technology company to do," Coviello said. "You have to anticipate a market, not get too far ahead of customers, but you want to be there when they come around."

But he quickly added: "We've been around 20 years, and I think the market opportunity ahead of us is richer than ever before."

By BRIAN BERGSTEIN
Associated Press

More in Tux Machines

ConnochaetOS 14.2 Officially Released Based on Slackware 14.2 and Salix Linux

Henry Jensen from ConnochaetOS was happy and proud to announce the official release and general availability of the ConnochaetOS 14.2 GNU/Linux-libre operating system. Read more

GNU/FSF/GPL

  • Unifont 9.0.02 Released
    Unifont 9.0.02 is released. The package and related files can be downloaded at ftp://ftp.gnu.org/gnu/unifont/unifont-9.0.02/
  • GCC 7 To Continue Improving Debug Messages, More Helpful Assembly Output
    Early on LLVM's Clang compiler offered much better debugging / error messages than GCC but in the past few years the GNU Compiler Collection developers have been working on generating more helpful messages too.
  • The Last LinuxCon, MariaDB Goes Open Core & More… [Ed: And a day later publicly attacks the Conservancy over GPL compliance against VMware]
    Linus Torvalds being interviewed by VMware’s Dirk Hohndel on the last day of the last LinuxCon North America. Next year’s event in Los Angeles will be renamed Open Source Summit.
  • GPL compliance suit against VMware dismissed
    In a setback to the Christoph Hellwig's efforts to enforce the GPL on code that he wrote in the Linux kernel, his suit against VMware in Germany has been dismissed on procedural grounds. The court ruled that he had not provided enough specificity about the code he was claiming had been used by the company. The merits of the GPL and whether the two main parts of VMware's product constitute a derived work of the kernel were not even considered. There may be another chance for the court to do so, however, as Hellwig will appeal the dismissal.

Games for GNU/Linux

  • Atom Zombie Smasher is being updated, Linux version to finally come to Steam
    Atom Zombie Smasher came to Linux a long time ago, but the Linux version never did make it to Steam. It is now being updated by Ethan Lee and the Linux version will be put onto Steam.
  • The Curious Expedition to release in full on September 2nd with Linux support
    The Curious Expedition is a roguelike expedition simulation set in the late 19th century, it is soon to leave Early Access and has full Linux support. It has been on Linux since the early days, so it's one title that has supported us for quite a while. I have never tried it, but the reviews seem pretty good!
  • Speculation: It's looking like Rocket League may finally arrive on Linux in September
    Rocket League is way overdue, we all know that, but honestly I am fully expecting it to arrive with the patch due in September named the 'Rumble Update'. This update will come with a bunch of stuff including a new game mode. I'm speculating of course, so don't take this as solid confirmation of anything. The evidence is starting to come together though and I will be extremely surprised if Linux isn't released with the Rumble update next month. Every time Rocket League is updated on SteamDB, the Linux depot is now also updated and this has been true for about two weeks now. This is the single most activity the Linux side of RL has ever seen being pushed into branches on Steam.

Linux-compatible Hardware

  • EOMA68 modular laptop/desktop raises more than $150 thousand through crowdfunding, here’s what’s next
    The EOMA68 project is an effort to design a system of modular computing devices that use interchangeable PC cards. The processor, memory, storage, and operating system are all on a card that you can pop out of a laptop or desktop and replace with a different card. Theoretically any type of processor and operating system can run from an EOMA68 card, but the project is also designed to support free and open source software, which restricts some of the hardware that can be used… so the when founder Luke Kenneth Casson Leighton took to Crowd Supply to raise money to begin production of the first PC cards and laptop and desktop shells, the focus is on first-gen cards with low-power Allwinner A20 processors, 2GB of RAM, and 8GB of storage.
  • Seeed Studio’s ReSpeaker Speaks All the Voice Recognition Languages
    Seeed Studio recently launched its third Kickstarter campaign: ReSpeaker, an open hardware voice interface. After their previous Kickstarted IoT hardware, such as the RePhone, mostly focused on connectivity, the electronics manufacturer from Shenzhen now tackles another highly contested area of IoT: Voice recognition.
  • Open-source Piton CPU can scale into million-core system
  • Open Source SNES to USB Converter Lets You Emulate Legally
    [Andrew Milkovich] was inspired build his own Super Nintendo cartridge reader based on a device we covered an eternity (in internet years) ago. The device mounts a real cartridge as a USB mass storage device, allowing you to play your games using an emulator directly from the cart.