||An automated process has detected links on this page on the local or global blacklist.|
|Type||Division of EMC Corporation|
|Traded as||NASDAQ: RSAS|
|Industry||Encryption and Network Security|
|Fate||Acquired by EMC Corporation|
|Headquarters||Bedford, Massachusetts, United States|
|Products||Encryption and network security software|
|Revenue||Not separately disclosed by EMC|
|Employees||1,319 (as of 2007)|
RSA Security LLC, formerly RSA Security, Inc. and doing business as RSA, is an American computer and network security company. RSA was named after the initials of its co-founders, Ron Rivest, Adi Shamir, and Len Adleman, after whom the RSA public key cryptography algorithm was also named. Among its products include the RSA BSAFE cryptography libraries and the SecurID authentication token. It also organizes the annual RSA Conference, an information security conference.
RSA is based in Bedford, Massachusetts, maintaining offices in Australia, Ireland, Israel, the United Kingdom, Singapore, India, China, Hong Kong and Japan.
- In 1995 RSA sent a handful of people across the hall to found Digital Certificates International, better known as VeriSign.
- The company then called Security Dynamics acquired RSA Data Security in July 1996 and DynaSoft AB in 1997.
- In January 1997 it proposed the first of the DES Challenges which led to the first public breaking of a message based on the Data Encryption Standard.
- In February 2001, it acquired Xcert International, Inc., a privately held company that developed and delivered digital certificate-based products for securing e-business transactions.
- In May 2001, it acquired 3-G International, Inc., a privately held company that developed and delivered smart card and biometric authentication products.
- In August 2001, it acquired Securant Technologies, Inc., a privately held company that produced ClearTrust, an identity management product.
- In December 2005, it acquired Cyota, a privately held Israeli company specializing in online security and anti-fraud solutions for financial institutions.
- In April 2006 it acquired PassMark Security.
- On September 14, 2006, RSA stockholders approved the acquisition of the company by EMC Corporation for $2.1 billion.
- On 2007 RSA acquired Valyd Software, a Hyderabad based Indian company specializing in File and Data Security .
- In 2009 RSA launched the RSA Share Project. As part of this project, some of the RSA BSAFE libraries were made available for free. To promote the launch, RSA ran a programming competition with a US$10,000 first prize.
- RSA introduced a new CyberCrime Intelligence Service designed to help organisations identify computers, information assets and identities compromised by trojans and other online attacks.
|This section requires expansion. (December 2012)|
RSA enVision is a security information and event management (SIEM) platform, with centralised log-management service that enables organisations to simplify compliance process as well as optimise security-incident management as they occur.
On March 17, 2011, approximately a month after announcing its CyberCrime Intelligence Service, RSA disclosed that it had been hacked. It categorized the attack on its two-factor authentication products as an Advanced Persistent Threat. The breach has links to the Sykipot attacks, the July 2011 SK Communications hack and the NightDragon series of attacks. These links are what suggest that the same attackers are behind each of the attacks, and therefore that RSA was hacked by an APT.
As part of the Snowden leaks, it has been revealed that the US National Security Agency has been actively working to "Insert vulnerabilities into commercial encryption systems, IT systems, networks, and endpoint communications devices used by targets" as part of the Bullrun program. RSA has shipped the products BSAFE toolkit and Data Protection Manager with a setting to use the Dual_EC_DRBG random number generator by default, which New York Times reported in 2013 contained a backdoor from the NSA. Encryption keys generated by a predictable random number generator would then be much easier to break by NSA. Because Dual_EC_DRBG had been shown already in 2006 and 2007 to be both a very poor random number generator, and to potentially contain the later confirmed backdoor, Professor Matthew Green has noted that no competent cryptographer would have used Dual_EC_DRBG, with the implicit underlying accusation that RSA security (or an RSA security employee) was pressured by the US government to insert the backdoor into their products. RSA Security recommended that users switch away from Dual_EC_DRBG after the New York Times' revelation of the backdoor in 2013, but denied that they had inserted a backdoor on purpose.
So why would RSA pick Dual_EC as the default? You got me. Not only is Dual_EC hilariously slow -- which has real performance implications -- it was shown to be a just plain bad random number generator all the way back in 2006. By 2007, when Shumow and Ferguson raised the possibility of a backdoor in the specification, no sensible cryptographer would go near the thing. And the killer is that RSA employs a number of highly distinguished cryptographers! It's unlikely that they'd all miss the news about Dual_EC.—Matthew Green, cryptographer and research professor at Johns Hopkins University, 
- "Distributed Team Cracks Hidden Message in RSA's 56-Bit RC5 Secret-Key Challenge". October 22, 1997. Retrieved February 22, 2009.
- Kaliski, Burt (October 22, 1997). "Growing Up with Alice and Bob: Three Decades with the RSA Cryptosystem". Retrieved February 22, 2009.
- "RSA Security LLC Company Profile". Retrieved May 15, 2013.
- "RSA History". Retrieved June 8, 2011.
- "EMC Announces Definitive Agreement to Acquire RSA Security, Further Advancing Information-Centric Security". Rsasecurity.com. 2006-06-29. Retrieved 2012-05-12.
- "EMC Newsroom: EMC News and Press Releases". Emc.com. Retrieved 2012-05-12.
- "EMC Completes RSA Security Acquisition, Announces Acquisition of Network Intelligence". Rsasecurity.com. 2006-09-18. Retrieved 2012-05-12.
- "RSA Share Project". Retrieved 4 January 2013.
- "Announcing the RSA Share Project Programming Contest". 24 Mar 2009. Retrieved 4 January 2013.
- "RSA launches CyberCrime Intelligence Service". Cbronline.com. Retrieved 2012-05-12.
- "RSA Envision". EMC. Retrieved 19 December 2012.
- "RSA hit by advanced persistent threat attacks". Computer Weekly. March 18, 2011. Retrieved May 4, 2011.
- "Command and Control in the Fifth Domain". Command Five Pty Ltd. February, 2012. Retrieved February 10, 2012.
- "Secret Documents Reveal N.S.A. Campaign Against Encryption". New York Times.
- Matthew Green. "RSA warns developers not to use RSA products".
- "We don’t enable backdoors in our crypto products, RSA tells customers". Ars Technica.
- Oral history interview with James Bidzos, Charles Babbage Institute University of Minnesota, Minneapolis. Bidzos discusses his leadership of software security firm RSA Data Security as it sought to commercialize encryption technology as well as his role in creating the RSA Conference and founding Verisign. Oral history interview 2004, Mill Valley, California.
- Oral history interview with Martin Hellman Oral history interview 2004, Palo Alto, California. Charles Babbage Institute, University of Minnesota, Minneapolis. Hellman describes his invention of public key cryptography with collaborators Whitfield Diffie and Ralph Merkle at Stanford University in the mid-1970s. He also describes the commercialization of cryptography with RSA Data Security and VeriSign.