LLMpediaThe first transparent, open encyclopedia generated by LLMs

RSA SecurID

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Auth0 Hop 4
Expansion Funnel Raw 123 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted123
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
RSA SecurID
NameRSA SecurID
CaptionRSA SecurID hardware token (representative)
DeveloperRSA Security
Introduced1986
TypeTwo-factor authentication

RSA SecurID is a proprietary two-factor authentication system introduced by RSA Security that combines a physical or software token with a personal identification number to produce one-time passwords. It has been used by corporations, financial institutions, technology companies, and government agencies to protect access to networks, remote access appliances, and cloud services. The product played a prominent role in the evolution of multifactor authentication alongside contemporaries in identity and access management.

History

RSA Security introduced the system in the mid-1980s amid growing corporate interest in digital security and remote access, during eras when companies such as IBM, Microsoft, Sun Microsystems, Hewlett-Packard, and Cisco Systems were expanding enterprise networking. Adoption accelerated through the 1990s with deployments by American Express, Bank of America, Citibank, Deutsche Bank, and Goldman Sachs; government clients included United States Department of Defense, United States Department of Homeland Security, General Services Administration, and various United States intelligence community elements. Acquisitions and corporate shifts involved firms like EMC Corporation and Dell Technologies, with RSA assets at times connected to broader enterprise portfolios such as EMC² and sales channels linked to Accenture and Capgemini. High-profile cybersecurity events in the 2000s and 2010s, involving vendors like Symantec, McAfee, and service providers such as Amazon Web Services, influenced product roadmaps and enterprise adoption. Industry standards bodies and consortia including FIDO Alliance, OASIS, IETF, ISO, and NIST also shaped the trajectory of token-based authentication through published guidance and interoperability efforts.

Technology and Components

The system centers on a cryptographic algorithm implemented in tokens and servers, integrating elements comparable to approaches from vendors like VeriSign, Microsoft Azure, Google, Yubico, and Okta. Components include hardware tokens manufactured in facilities associated with suppliers used by Motorola, Philips, and Semiconductors, software tokens deployed on platforms from Apple (iOS, macOS), Google (Android), and Microsoft Windows, and an authentication server component that interoperates with directory services such as Microsoft Active Directory, LDAP, and access control products from Palo Alto Networks and Fortinet. Enterprise integration often leverages single sign-on appliances from CA Technologies, Ping Identity, and CyberArk as well as remote access infrastructure from Juniper Networks and F5 Networks. Cryptographic underpinnings relate to standards and research associated with figures and organizations like Ron Rivest, Adi Shamir, Leonard Adleman, Whitfield Diffie, and Martin Hellman.

Token Types and Variants

RSA produced multiple token families and software formats similar to lines offered by Yubico and Google Authenticator alternatives. Hardware tokens varied by display and connectivity, paralleling devices used by Token2, HID Global, and Entrust: credit-card form factors, keyfob models, and display tokens. Software tokens ran on platforms associated with Apple Inc., Google LLC, Microsoft Corporation, and embedded systems found in products by Samsung and LG Electronics. Enterprise editions integrated with virtualized environments from VMware, cloud providers such as Microsoft Azure, Google Cloud Platform, and Amazon Web Services, and mobile device management systems from AirWatch and MobileIron. Specialized variants addressed regulated industries like finance and healthcare where firms such as JPMorgan Chase, Wells Fargo, Morgan Stanley, UnitedHealth Group, and Kaiser Permanente required tailored provisioning and lifecycle management.

Authentication Protocol and Security

The authentication model combines something you have (token) with something you know (PIN) and produces a time- or event-based one-time password, a model comparable to mechanisms promoted by OATH initiatives and standards referenced by NIST and ISO. Server-side components integrate with identity providers and federation technologies like SAML, OAuth, and OpenID Connect implemented by vendors such as Auth0 and Okta. Deployment often uses security appliances and access gateways from Cisco Systems, F5 Networks, and Citrix Systems to mediate sessions and enforce policies derived from governance teams at organizations like Verizon Business and Accenture. Cryptographic key management and provisioning touch suppliers and integrators including Thales Group, Gemalto, and Entrust Datacard.

Vulnerabilities and Incidents

RSA tokens and administrative systems have been implicated in notable incidents that drew attention across the cybersecurity community, alongside breaches involving firms like Target Corporation, Equifax, Yahoo, Sony Pictures Entertainment, and Marriott International. High-profile attacks influenced responses from security vendors such as Kaspersky Lab, CrowdStrike, FireEye, and Mandiant and spurred coordination with law enforcement agencies including FBI, NSA, and INTERPOL. Vulnerability disclosure and analysis were discussed in venues and conferences like Black Hat, DEF CON, RSA Conference, and publications from SANS Institute and IEEE Security and Privacy. Mitigations and incident response involved consultancies such as Deloitte, PwC, KPMG, and Ernst & Young.

Deployment and Use Cases

Enterprises and public institutions deployed the system for remote VPN access, privileged account management, cloud access, and workforce mobility scenarios used by companies like Amazon, Apple Inc., Microsoft Corporation, IBM, and financial institutions including HSBC and Barclays. Use cases extended to industrial control systems and critical infrastructure where operators such as Siemens, Schneider Electric, General Electric, and ABB required strong authentication for supervisory control access. Managed service providers and telecommunications firms like AT&T, Verizon Communications, BT Group, and Orange S.A. offered token-based authentication as part of enterprise security bundles.

Legal and privacy concerns around token issuance, data residency, and breach notification involved regulators and frameworks such as European Commission directives, General Data Protection Regulation, Federal Trade Commission, Securities and Exchange Commission, and national privacy laws in jurisdictions including United Kingdom, Germany, France, and Japan. Litigation and contractual issues engaged law firms and policy bodies including International Chamber of Commerce, World Bank, and standards organizations like ISO and IETF when interpreting obligations for incident reporting, export controls, and cryptographic export regulations historically influenced by agencies such as United States Department of Commerce.

Category:Authentication systems