As the industry gears up to build in the concept of integrated identity management, token-based authentication technology promises the perfect union between physical and virtual identity.

This technology is also clearly set to find great play in the Middle East with two players geared to make UAE their base for the Middle East region. RSA Security Inc., for one with its token-based authentication play is all set to push harder in the Middle East and another player -- Secure Computing Corp. plans to also move ahead in this space for the Middle East market with its Safeword token and software.

RSA Security after having signed on a large bank in the region to implement its technology will enable close to 20,000 of the bank?s Internet banking services users the option of enabling greater security with their specialized security tokens.

As part of its business thrust, the company has also announced plans to establish a direct presence in Q1 next year in Dubai, which will be the hub for its Middle East operations. The company already has close to 10,000 users of its various security technologies in the region. One of them is the Emirates Airlines, which uses token for its flight crew while accessing the company portal.

?The Middle East is now at a point where such technologies will play a definitive role in enabling enterprise security. Interestingly, token-based authentication can tie-in across all levels, including a unified identity system, federated identity, single sign on, etc,? said RSA Security Country Manager Middle East Kieran Hernon.

According to Miles Rippon, RSA Security Regional Sales Director (Southern & Eastern Europe, Nordic, MEA the company was pursuing a strategy to play across three key areas -- secure remote access (authentication), single sign-on (access management) and PKI (Public Key Infrastructure).

?Authentication is a segment that can tie in physical and virtual identity and RSA has been in this business having won deals worth US$190-$200 million and servicing 15,000 clients globally,? said Rippon.

The token-based authentication solutions are aimed at enabling a layered yet tightly integrated security layer. While the token itself targets the consumers, this is very much an enterprise play.

?Such security technology is a great solution for any enterprise that wants to secure its online systems and avoid single points of failure. This technology is aimed at replacing the system of having passwords to access each and every segment, by using a single PIN and a token instead,? said Rippon.

Interestingly, RSA?s other complementary technologies especially the web access management using single sign on and PKI, which underpins the security infrastructure are linked together as well. For Secure Computing, the key focus areas for the Middle East will be the online authentication segment especially for its Safeword offering. With a view to support secure remote access; Regional Director MEA Peter Barlow said the company will even offer a low cost Safeword offering for this market.

?At a price of $120 per user for the entire solution consisting of a server, software and a token, this authentication technology will be aimed at the mid market enterprises,? Barlow said. ?Incidentally, the large component of mid-sized enterprises in the Middle East is a big draw for security players like us. Enterprises are keen to understand and secure their enterprises end to end. Remote access and security is therefore an important part of the deal.?

For a start, the Middle East?s banking industry is expected to be a major user of tokens going forward. Industry watchers say the oil and gas sector will also be an early adopter.

Side bar

How does a token-based solution work?

In a token-based system, each user is handed a special token for his/her personal identification. The solution generally consists of a server-based software, which provides the integrating infrastructure for the identity/access management functionality and a piece of hardware -- the physical token. When the user tries to log into to the site, say his online bank, the total solution enables a two level authentication. First the user is asked to identify himself with a PIN that is provided by the bank, and second by entering the exact number flashing on the token at that moment.

Interestingly, the numbers on the token are continuously changing and cannot be memorized. The number combinations provided on each token is stored and encrypted on the server. When a user enters the token number, the system performs a quick handshake with the server and verifies the number by matching it with the combinations stored, before giving access.

?The good thing about a token is that a person cannot save, store or even remember. The authentication is dynamic, which ensures great security. The device is also handy and can be carried around, which means you can safely access your website at any point. Incase the token is stolen or lost, the solution can easily disable that particular token to prevent unauthorized access,? said Rippon of RSA.

-- Kavitha Rajasekhar