RSA: RSA puts a token into a browser toolbar

RSA Security expanded its line of tokens in two directions on Tuesday, launching both a browser toolbar and a hardware token that can electronically "sign" online transactions.

The introductions at RSA Conference 2006, in San Jose, are meant to help retailers and financial institutions serve businesses and consumers online. The Bedford, Massachusetts, company already sells a variety of products for authentication, access management, identity administration and data protection.

Both new products provide a pseudo-random number at the time of each transaction that users enter as part of establishing their identity. The code they enter needs to match one that a validation server generates. The process can be used in conjunction with a password or PIN (personal identification number) for two-factor authentication.

The RSA SecurID Toolbar Token is designed as an inexpensive and easy-to-use system for authenticating consumers and business partners using an organization's Web site. The users can simply download the toolbar and have it added to their Microsoft Corp. Internet Explorer or Mozilla Corp. Firefox browser. Web sites protected by the system, such as an online store, can grant users a "seed" that subsequently will give users a code number every time they return. To send that code to the server, the user simply has to click a button on the page, said Karl Wirth, RSA's director of product management for authentication.

A consumer can use the toolbar for authentication at as many as 20 Web sites, Wirth said. RSA will provide an SDK (software development kit) so developers can integrate the product's functionality into their own toolbars.

The SecurID SID900, a hardware device about the size of a credit card, can also perform authentication. But it can also be used to electronically sign individual transactions, Wirth said. This functionality could be useful for financial institutions that want to enable individuals or companies to carry out large transactions online, he said.

After initiating an online transaction, the customer will also enter the amount of the transaction on the token, which has a numeric keypad. Matching that input with the transaction just made online at roughly the same time, the SecurID server will generate a code number and send it to the token. Then the user can "sign" the transaction by entering that code on the Web site, Wirth said.

The toolbar will be priced comparably to other RSA token software products and the SID900 will cost about the same as the company's other hardware tokens, Wirth said.