Compared to other forms of two-factor authentication, the advantages are that:

• such a system would need no extra infrastructure, so deployment costs on a per-user basis will be low;
• because the user is familiar with the hardware, there are no additional training or help desk costs to be borne;
• in some cases, it may help compliance with government, industry, or enterprise regulations for data protection;
• it can be deployed in very large numbers to cover mass markets;
• the user need carry no extra devices around, adding convenience and enabling enterprises to differentiate themselves;
• consumer confidence both in the strength of that security and the protection of their investments from access by the unauthorised will be increased, leading to customer satisfaction and retention.

Only the need for a mobile phone network limits coverage and, even in the US where SMS is not as popular as it is in Europe, trials show that messages both work and travel quickly -- one outer limits trial reported a delay between the UK and the US west coast of just four seconds.

Applications

When authentication via SMS becomes widespread, businesses and consumers will benefit. In the financial services area, banks and insurance companies are clear beneficiaries. In business to consumer applications, healthcare -- ensuring that the consumer is matched, critically, with the right medical records -- and bill payment will be transformed. Service providers and enterprises will be able to offer unfettered access to remote users' desktops no matter where they are, secure that the user can prove their identity.

From a business-to-business perspective, such technology can facilitate supply and buy-side e-commerce, with partners and suppliers being able to authenticate and so gain access to secured extranets, increasing trust between the parties conducting transactions.

Future

Right now, access to information is critical for businesses and consumers alike and this trend is set to grow. What's needed is a way of authenticating people on a mass-market scale, and using a widely-adopted, easy-to-use technology such as SMS means that access can be secure, more cost-effective and more convenient.


RSA Security's RSA Mobile, built on its patented, time-synchronous technology and algorithms that deliver proven security to around 13 million end users, provides a platform for consumer-facing organisations to build such a solution. So with RSA Security ready to bring its secure technologies to this market and to fully incorporate industry standards such as Liberty and SAML into future releases, the time is right for this technology.

Both industry and consumers need it, the pre-conditions have been met and the demand is there.



Infosecurity Europe is Europe's largest and most important information security event. Now in its 8th year, the show features Europe's most comprehensive FREE education programme, and over 200 exhibitors at the Grand Hall at Olympia from 29th April - 1st May 2003. www.infosec.co.uk