Drumbeat of security products to roll across RSA Conference

The RSA Conference 2005 this week will be a showcase for product rollouts from established vendors and start-ups, with RSA Security, the show’s organizer, grabbing the spotlight to announce its authentication server will be offered in appliance form for the first time.

After twenty years as software-only, the RSA server for authenticating user identity by means of dynamic passwords generated by the SecurID handheld token will be made available in a hardware-based appliance in late March for small to midsized businesses. Gary Wood, senior product manager at RSA Security, said the appliance, which will be demoed during the conference, should make it easier for smaller firms to deploy strong two-factor authentication because systems administrators won’t have to configure SecurID on hardware themselves.

“With the Web-based GUI, we think customers would be able to deploy this in 15 minutes,” said Wood, adding RSA may also make others products available in appliance form in the future as well. The product is targeted for use by firms with up to 1,000 employees and it will be sold in bundles of between 10 to 250 SecurID tokens.

Passlogix, which makes the v-GO line of single sign-on (SSO) authentication and password re-set software, is also rolling out new products it will have on display at RSA.

The v-GO Provisioning Manager is server software that works with v-GO SSO so that a number of third-party provisioning products, including those from BMC, IBM and Sun, can add and revoke user network privileges and be recognized by the v-GO SSO server.

The second new Passlogix product, the v-GO Authentication Manager, adds support to v-GO SSO beyond simple passwords, including biometric forms of authentication, smart cards from Gemplus and RSA’s SecurID dynamic-password tokens. “This allows us to grade the authentication used in SSO according to the determined strength of the authentication method,” Passlogix President and CEO Mark Boroditsky said.

A third product, v-GO Session Manager, is used to add v-GO SSO to shared kiosks. V-GO Provisioning Manager is expected to cost about $10 per user, v-GO Authentication Manager will cost $15 per user and v-GO Session Manager will cost $30 per user. All three products are expected to ship this quarter.

TriCipher, in San Mateo, Calif., will also be showcasing a specialized server appliance called the TriCipher Armored Credential System, which works to improve password-based security in a novel way.

TriCipher’s server appliance can take a simple password and sign it with an encryption key stored in the PC or smart card so that when the user enters the password at a Web site it is only recognized in its encryption-altered and digitally signed form.

The purpose for this is to reduce the risk of stolen passwords gained through scams such as pfishing by ensuring the password is only recognized and accepted when used at a specific computer. The TriCipher Armored Credential System, which costs about $5 per seat, according to CEO Ravi Ganesan, will be shown at RSA working with stronger forms of authentication as well, including the SafeNet dynamic-password authentication tokens.