RSA Security is to launch a secure Internet sign-on technology that
uses a mobile phone in conjunction with conventional Web site
access controls.
The system, dubbed RSA Mobile, sends a one-off code to Internet or
intranet users via SMS (Short Message Service) after they have
logged on to a Web site using their user name and Pin code. The SMS
code will allow the user final access to the Web site.
Your Communications, an amalgamation of Norweb Telecom, Intercell
and Netforce, has been trialling the technology. Mark Charlesworth,
the organisation's product manager, said it has allowed field
engineers to access the company intranet remotely without the need
for smartcard security.
"As a subsidiary of United Utilities we are finding that other
companies in the group are becoming very interested in the system,"
he said. "It is not as secure as RSA's SecureID cards, but it has
the advantage that field engineers do not have to carry anything
extra with them."
Gary Barnett, an analyst with Ovum, said, "This is a new spin on
RSA's SecureID theme and is quite exciting because it does not
require the user to carry anything they normally don't possess. Nor
does it require them to download any software. The idea certainly
has legs and will appeal to companies that have portals where a
basic level of security is not enough.
"The only issue may be areas where mobile phone coverage is weak
and providing alternatives for people who do not own a mobile
phone."
RSA is charging on a per-user basis and it estimates that the cost
for one million users will be about £1.10 per year. RSA said SMS
charges can be minimised by negotiating with telecoms companies
using the leverage of the quantity of messages that will be used.