Identity Management, Authentication Shine At RSA: Page 2 of 3

ID Analytics, meanwhile, used the conference to launch an identity risk management solution that promises to prevent all types of identity-related fraud both within the enterprise and among a company's customers. The new Identity Risk Management Suite consists of four separate modules which automates the process of authenticating suspicious identities, accesses risk before opening a new customer identity account, and pinpoints possible identity fraud. The suite relies on ID Analytics' global network of identity fraud indication detectors, which adds hundreds of thousands of new indicators each day, said the company.

On the authentication front, the big news from the 150-vendor RSA Conference was the announcement of a partnership between show sponsors RSA Security and Microsoft to lock down Windows with a two-factor authentication token.

Rather than simply enter usernames and passwords -- the default authentication scheme Windows users apply to gain access to, say, a desktop or laptop PC, or the corporate network -- the new authentication will rely on a known PIN (Personal Identification Number) as well as a one-time password generated and displayed on a key fob-sized token that plugs into the computer's USB port.

The one-time password, which changes every minute, is generated by RSA Security server software within the enterprise.

Windows users will have to wait a while for the RSA SecurID to hit their desks, however. Beta testing is scheduled to start in the second quarter, and if schedules are met, it should be available in the third quarter of 2004. SecurID will work with the Windows 2000, Windows XP, and Windows Server 2003 operating systems, and companies will need to deploy the RSA ACE/Server 6.0 Advanced, the RSA ACE/Agent 6.0 for Windows, and, of course, RSA SecurID tokens for end users.