From next month, users of Web sites and corporate networks can
authenticate their identities with their mobile phones.
RSA's latest product, RSA Mobile, consists of a server-side
software component and a link to a GSM mobile phone network for the
transmission of SMS (Short Message Service) text messages. No extra
hardware or software is needed.
Visitors to a Web site equipped with RSA Mobile enter their
username and password in the usual way. The system then searches
for the mobile phone number associated with each user name, and
sends a one-time access code in an SMS to the mobile phone. The
user then types the access code to log in.
Future versions of the software could be developed to deliver
access codes by e-mail, or to other portable communications devices
such as Research in Motion's BlackBerry.
RSA has carried out trials of the system in the UK, Australia,
Denmark, France, Germany, Hong Kong, Italy, New Zealand, Sweden and
the US, although it has not yet built an interface between RSA
Mobile and the Japanese I-mode mobile data service. Japanese mobile
networks do not offer the same support for SMS as the GSM networks
used elsewhere in Asia, in Europe and in the Americas.
Pricing for the RSA Mobile software will be announced on 4
September. Pricing for the link to the mobile phone network, and
transmission of the messages containing the access codes, must be
negotiated with the network operator.
Large organisations such as banks probably already have a direct
link with a preferred mobile network operator, perhaps for
notifying customers by SMS of their account balances.
Smaller organisations may choose to negotiate such a direct link
with the network operator, but another option is to turn to
intermediaries such as Red Message in Sweden, which specialise in
linking businesses and mobile networks.
RSA Mobile is aimed at enterprises for use by their employees or
their customers, although network operators or service providers
could use this as a managed service.