RSA launches ACE/Server 5.0 for remote security

RSA Security announced the release of version 5.0 of its ACE/Server user authentication security software on Monday.

RSA ACE/Server is one component of the company's SecurID authentication system, which also includes RSA SecurID Authenticator and RSA ACE/Agent. SecurID Authenticator is a small device, or token, given to users and ACE/Agent is software that is installed on the protected systems. ACE/Server is "the brains behind SecurID," as the system won't work without it, said John Worrall, the director of product management for strong authentication at RSA.

The SecurID suite of products uses two-factor authentication to validate user access to systems, meaning that users must supply something they know, in this case a PIN (personal identification number) issued to them, and something they have, a random number generated by the token, a physical token, according to Amy Speare, senior product manager for SecurID. The tokens RSA sells are small devices with LCD (liquid crystal display) screens that generate numbers that must be used for authentication, though in the future they could become software for mobile phones and handhelds, she said.

RSA ACE/Server is used to authenticate remote users who connect to corporate networks over VPNs (virtual private networks), for instance, as well as partners in business-to-business sites, among other things, Speare said. Companies already using the server are in the financial sector and offer home banking, brokerages and investment services, as well as remote access, she said.

The new version of the software adds three features: Better user management, a Web-based administration tool and greater scalability for improved performance, the company said. ACE/Server 5.0 supports LDAP (lightweight directory access protocol), which will allow user information to be entered into directories once and then shared across all LDAP-compatible directories, saving administrators from having to enter the data separately in each directory, Speare said.

The new Web-based administration tool, called Quick Admin, will allow administrators to manage user and token information from a centralized, browser-based tool.

Lastly, ACE/Server now sports a replicated architecture, meaning that up to 10 copies, or replicas, of the server and its information can be made to communicate with and automatically update each other, Speare said. This will allow for load-balancing of users, increasing the number of users who can log onto the servers simultaneously and also will improve the servers' performance, she said.

Two-factor authentication is superior to authentication based solely on passwords and encryption because passwords are a weak and uncertain form of security, Worrall said. Even with an encrypted password system, there's no way to be sure who's on the other end of the computer, as passwords may have been stolen or shared, he said. However, when a token is required for authentication, that risk is significantly lowered.

Having the stronger security afforded by RSA SecurID can open up new avenues of business and innovation, he said.

Companies ought not "to think of security as a fence around (their business)," but rather as "a way to enable business in a way never done before." Such security can lead to different types of business relationships with suppliers, partners and customers, he said.

ACE/Server will be available worldwide by the end of June and will be sold on a per-user basis, with, for example, 500 users costing US$26,000 and 10,000 users running $189,000. Tokens must also be purchased on a per-user basis, though pricing for them was not immediately available.