RSA SecurID is the most popular and widely used 2-factor authentication mechanism. It has given more convenient access for any user from anywhere.It gives strong and secure access to the enterprise’s infrastructure.
RSA SecurID is based on token-based authentication. Tokens are two types. – hardware and software tokens. The tokens are generated using a built-in clock and embedded factory-encoded-random key ( so-called seeds ). The seed record is unique for each token generated software or hardware tokens.
In RSA Authentication process there are three major components participate. The components are as follow.
- RSA Authentication Manager :
This is responsible handling authentication requests and managing authentication agents, users reports, block the users, backups and etc.
- Agents :
It is responsible to capture user credential from the users and pass the credential to the RSA Authentication Manager for authentications.
- Authenticators ( Tokens ) :
Which mainly available in two formats Software tokens and Hardware tokens(key fobs, cards) they generating tokens within the specified small time intervals.
User Authentication flow in RSA SecurID is mechanishm is As shown in the above image use case is as follow.
- User enters the UserID, PIN and Token Code
- Agent Pass the Credintials to the RSA Authentication Manager
- AuthenticationManager Verifies allow/denied the user and send back the reply to agent.
- Then the user get response either he is allow the access or denied the access.
When we go in detail to each and every component of RSA Authentication flow deeply.
SecurID agents are a piece of software which is sit in front and protect resources. The main functionality of the agent is passing the user credentials to the Authentication Manager. We can use the existing agent or build our own customised agent using authentication agent API.
RSA Authentication Manager
When the credentials present in the authentication manager, Then the RSA Authentication Manager ready to authenticate the user. Rather than user credentials authentication manager also collecting information about what time the authentication request had come.
Finally, these are the information RSA Authentication Manager have before processing the Authentication Request.
- Request Received Time
- RSA User ID
- Token Code
As explain in the above diagram. When the RSA Authentication Manager receives an authentication request then it validates the user id and PIN are correct.
If the userid & PIN are equals, Then the seed record of user’s assigned token is taken from the Identity Source.
Then using token code is generated using seed record and user entered token code received time.
Finally validated generated token code and the user enters token code are equal or not.