Press Release

RSA Delivers Integrated, Strong and Invisible Authentication for Mobile Applications

New Capabilities Help Make Mobile Devices More Trusted for Business and e-Commerce

RSA Conference Europe 2011 – London, Oct. 11, 2011 - 

News Summary:

  • RSA announces the release of software developer kits (SDKs) designed for mobile application developers to seamlessly integrate strong one-time password (OTP) or risk-based authentication into mobile applications without the need for a separate authentication device
  • Developers can leverage world-class security of RSA SecurID® technology or RSA® Adaptive Authentication within mobile applications for leading device platforms including Android™ devices, Blackberry® devices and Apple® iOS
  • Built-in security helps provide higher assurance for mobile business applications, simple user experience and reduced costs to deploy authentication
  • Organizations adopting mobile applications can reduce risk of unauthorized access from mobile devices by implementing RSA strong authentication solutions

Software developers now have the ability to build additional layers of security and access control into mobile applications for leading mobile device platforms including Android devices, Blackberry devices and Apple iOS through the integration of RSA's award-winning RSA SecurID and RSA Adaptive Authentication solutions. Developers of mobile applications for business, banking, e-commerce and data access can now help increase security and confidence by integrating strong one-time password (OTP) and risk-based authentication in their mobile products.

"Mobile device shipments are now outpacing PCs, yet concerns over security persist, especially for enterprises, because of their use on networks that are usually outside of the control of IT departments," said Dan Schiappa, RSA Senior Vice President& Group GM, Identity and Data Protection. "RSA believes the implementation of strong OTP and risk-based authentication within mobile applications - in a manner that doesn't diminish the user experience - can help address some of those concerns and help advance development of secure mobile applications across the industry."

New Implementation of RSA SecurID Technology Combines OTP Strength with Simple User Experience

Mobile applications developers can embed RSA SecurID technology to provide strong one-time password authentication without impacting the familiar experience of entering a username and password. RSA has developed an API that is designed to enable end users to seamlessly authenticate through mobile applications with the RSA SecurID software token. However, instead of prompting the user to manually enter the one-time token code, the mobile application integrated with the RSA SecurID solution does this automatically. The same software token can still be outside the mobile application for traditional authentication tasks, for instance, if the user also needs a one-time password to access an online application from a personal computer such as a VPN or web portal.

"This is one of our most innovative implementations of the RSA SecurID software token because it is optimized to run in mobile apps in a manner that makes the strong authentication completely hidden from the user," said Sam Curry, CTO, Identity and Data Protection at RSA. "Users can securely access a mobile app with their familiar username and PIN while the strong authentication happens in the background. It's a great example of providing stronger security without sacrificing the simple user experience required in good mobile apps."

Existing customers can leverage their current investment in RSA SecurID technology to protect mobile applications. The RSA SecurID mobile SDK is engineered to allow IT organizations to seamlessly and securely provision software tokens to mobile devices with minimal user interaction to enable interoperability with internally developed enterprise applications as well as with popular mobile VPN and virtual desktop clients.

RSA is partnering with leading mobile VPN and virtual desktop solution providers to deliver strong OTP authentication on mobile applications through the use of the SDK. RSA Secured® Partners such as Citrix, Juniper and VMware are using the SDK to enable interoperability with popular enterprise applications such as Citrix Receiver® technology, Juniper JUNOS® Pulse technology and VMware View® technology.

The use of RSA SecurID software tokens helps decrease total cost of ownership for organizations as they don't require any physical shipping, can be revoked and automatically redeployed, eliminating the need for replacement tokens. Additionally, having the software authenticator embedded in the mobile device to be used for secure access to multiple applications can help reduce the number of costly technical support calls for misplaced tokens.

RSA Adaptive Authentication Delivers Risk-based Security for Mobile

RSA Adaptive Authentication is a risk-based authentication and fraud detection platform used by more than 10,000 organizations worldwide for authentication of more than 300 million users through risk indicators powered by the RSA® Risk Engine, such as device identification, geo-location, behavioral profiling, and fraud data from the RSA eFraudNetworkSM community.

The RSA Adaptive Authentication mobile SDK has been designed to enable a seamless mobile application user experience with nothing additional to deploy on user mobile devices and no change to familiar login processes. RSA Adaptive Authentication is engineered to be embedded into mobile applications to help protect both login and post-login user activities by measuring risk indicators to identify high-risk and suspicious activities. Popular use cases include protecting mobile access to online banking, e-commerce, private portals and VPNs.

"It's designed for security and convenience and users typically don't even know they are being protected," adds Sam Curry. "Users can quickly authenticate through the mobile channel while RSA Adaptive Authentication helps maintain protection in the background."

Mobile applications that directly integrate RSA SecurID technology or RSA Adaptive Authentication can help provide organizations with assurance that their resources are designed to be protected from unauthorized access without any usability impact to the end user.

About EMC

The SDKs are available free of charge to all RSA Secured partners and RSA SecurID customers. RSA SecurID Mobile SDKs are now available for leading mobile platforms including:

  • iPhone and iPad devices, Android devices, Symbian platform, Windows® Mobile 6.x platform, Java® ME platform
  • RSA Adaptive Authentication Mobile SDKs will be available in November 2011 for the following platforms: iPhone and iPad devices, Android devices, BlackBerry devices

RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world's leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments.

Combining business-critical controls in identity assurance, encryption & key management, SIEM, Data Loss Prevention and Fraud Protection with industry leading eGRC capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the data that is generated. For more information, please visit and

Press Contacts

Kevin Kempskie
RSA, the Security Division of EMC

EMC, RSA, SecurID, Secured and eFraudNetwork are registered trademarks of EMC Corporation in the United States and other countries. Android is a trademark of Google Inc. The Trademark Blackberry is owned by Research In Motion Limited and is registered in the United States and may be pending or registered in other countries. RSA is not endorsed, sponsored, affiliated with or otherwise authorized by Research In Motion Limited. Apple is a registered trademark of Apple Inc. Citrix Receiver is a trademark of Citrix Systems, Inc. and/or one or more of its subsidiaries, and may be registered in the United States Patent and Trademark Office and in other country. Juniper Networks and JUNOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. Windows is either a registered trademark or trademark of Microsoft Corporation in the United States and/or other countries. Oracle and Java are registered trademarks of Oracle and/or its affiliates. All other products and/or services are trademarks of their respective owners.

This release contains "forward-looking statements" as defined under the Federal Securities Laws. Actual results could differ materially from those projected in the forward-looking statements as a result of certain risk factors, including but not limited to: (i) adverse changes in general economic or market conditions; (ii) delays or reductions in information technology spending; (iii) the relative and varying rates of product price and component cost declines and the volume and mixture of product and services revenues; (iv) competitive factors, including but not limited to pricing pressures and new product introductions; (v) component and product quality and availability; (vi) fluctuations in VMware, Inc.'s operating results and risks associated with trading of VMware stock; (vii) the transition to new products, the uncertainty of customer acceptance of new product offerings and rapid technological and market change; (viii) risks associated with managing the growth of our business, including risks associated with acquisitions and investments and the challenges and costs of integration, restructuring and achieving anticipated synergies; (ix) the ability to attract and retain highly qualified employees; (x) insufficient, excess or obsolete inventory; (xi) fluctuating currency exchange rates; (xii) threats and other disruptions to our secure data centers or networks; (xiii) our ability to protect our proprietary technology; (xiv) war or acts of terrorism; and (xv) other one-time events and other important factors disclosed previously and from time to time in the filings of EMC Corporation, the parent company of RSA, with the U.S. Securities and Exchange Commission. EMC and RSA disclaim any obligation to update any such forward-looking statements after the date of this release.