RSA SecurID Soft Token client for the iPhone

RSA iPhone Soft Token

On Monday RSA launched a soft-token application for the iPhone. Similar to the BlackBerry soft token application, this will store a single token and allow you to generate a one-time password.

You can download the RSA iPhone SecurID application from iTunes (ITMS link) and read more about it on the RSA site at http://rsa.com/iphone.

Screenshots

RSA iPhone SecurID Application - Enter PIN RSA iPhone SecurID Application - Token Information RSA iPhone SecurID Application - Passcode

Installation

Read Deploying tokens to the RSA SecurID iPhone Application for a rundown of the various deployment and provisioning options.

Updated June 16, 2009: Misread documentation; the application will only store one token.

Tags: , , ,
Posted in iPhone, Software, Technology on June 10th, 2009 at 01:06pm

Comments (5)  | 

Cisco VPN connections from an iPhone

While there currently isn't any BES-like point of entry for an iPhone to gain access to a corporate network, it's trivial to establish a Cisco IPsec VPN connection.

Getting Started

You'll need the following information:

  • VPN Server
  • User account name
  • User password
  • Group name
  • Group password

You should know your user account name and password and you can obtain the VPN Server, Group name and Group password from your .pcf file. A PCF file typically contains an encrypted password which you can decrypt using my Cisco VPN Password Decryption page. You can also ask your VPN administrator for the plain text password.

Sample PCF File

The VPN server can be found after Host= in the pcf file. Group Name is after GroupName=, Group Password is after enc_GroupPwd= or GroupPwd=. Asterisks added below for emphasis.

[main]
Description=Connect to Company VPN
****Host=your-vpn-server.coreygilmore.com
AuthType=1
****GroupName=accounting
GroupPwd=
****enc_GroupPwd=9196FE0075E359E6A2486905A1EFAE9A11D652B2C588EF3FBA15574237302B74C194EC7D0DD16645CB534D94CE85FEC4
EnableISPConnect=0
ISPConnectType=0
ISPConnect=
ISPCommand=
Username=
SaveUserPassword=0
UserPassword=
enc_UserPassword=
NTDomain=CorpDomain
EnableBackup=0
BackupServer=
EnableMSLogon=1
MSLogonType=1
EnableNat=1
CertStore=0
CertName=
CertPath=
CertSubjectName=
CertSerialHash=00000000000000000000000000000000
DHGroup=2
ForceKeepAlives=0
PeerTimeout=90

Adding the Connection

From the Home screen on the iPhone open the Settings application. Navigate through General > Network > VPN. Tap Add VPN Configuration and choose IPSec.

Using the information provided to you by your VPN administrator or gleaned from the PCF file, fill out the fields. If you use a SecurID for authentication leave the Password field empty and you will be prompted for it each time you connect.

About the Fields

Description – This can be anything you want.
Server – The VPN server IP or domain name. Host from your PCF file.
Account – Your VPN (or SecurID) username.
Password – Your VPN password. Leave blank to be prompted (or if you use a SecurID or other token).
Group Name – Your VPN group name. GroupName in the PCF file.
Secret – The Group Password. GroupPwd or Enc_GroupPwd from the PCF file. If the password is encrypted (the PCF only contains Enc_GroupPwd) you will need to decrypt it using my Cisco VPN Password Decryption page.

Below is a sample VPN connection configuration:

Connecting

Once the fields are populated and the connection is saved you can connect to your VPN server by opening
Settings > VPN and sliding the toggle into the On position.

Updated Jan 30, 2009: Added a more detailed description of the account fields for clarity.

Tags: , , , ,
Posted in iPhone, Technology on July 29th, 2008 at 03:07pm

Comments (9)  | 

Pushing RSA SecurID Tokens to a BlackBerry

I had to resort to this after upgrading to the leaked beta of BlackBerry OS 4.5 on my Curve the email-import method did not work. It's a perfectly legitimate method of importing a SecurID token on your handheld, and now I actually prefer it because it is significantly less problematic than emailing the seed file to yourself. For more information see the RSA BlackBerry Soft Token page.

What you need

If your BES' MDS Connection Service port (default is 8080) is open you do not need to run this on the BES. Mine is not, so I pushed my soft token out from my BES.

Preparing your BlackBerry

Install the SecurID software.You can install it from your desktop, from an internal server or using OTA links from RSA.  Install version 3.5.0 Standard OTA from http://rsa.com/bb350

Storm2 (9520/9550) users running OS 5.0.0.602 and SecurID Token 3.0.2 should upgrade to version 3.5.x or install the Storm2-specific hotfix from http://www.rsa.com/storm2hotfix

NOTE Sep 20, 2010: BlackBerry 9800 Torch users should use the 3.5.1 hotfix available from http://rsa.com/torchhotfix

Launch it, accept the EULA and open the Settings. Make sure that Listen for Token is set to Yes. When the security prompt appears choose Yes to allow the application to run as a server.

Pushing out the Soft Token with PushToken

  1. Download and unzip bb350_utils.zip
  2. Make sure your .SDTID is on the same disk
  3. Open a command prompt (Start > Run > cmd)
  4. From the command prompt:
    java -classpath <path_to_bb350utils>\PushToken.jar PushToken -e<email address or pin> -h<BES address> <path to .sdtid file>
    In my case I ran:
    java -classpath bb350_utils\PushToken.jar PushToken -ecorey@mydomain.com -hlocalhost x-rimdevice-xxxxxxxx.sdtid
  5. If the .sdtid file was valid and you gave the SecurID application permission to run as a server on your BB you should see a prompt on your handheld about receiving a token.
  6. You may be prompted for a password, if so enter the password you were given with the token.
  7. If you entered the correct password you will receive notification of the token being imported. You can rename the token by choosing Manage Tokens from the menu.
  8. That's it. When you open the application you'll be prompted for your passphrase and PIN, and then be shown the generated token. One nice change between versions 2.x and 3.x of the SecurID application is that the numbers are much larger and split into two groups. Think 14 point font instead of 10.

PushToken Command Line Options

java -classpath PushToken.jar PushToken [options] file
 
Options:
-e      E-mail or device ID of BlackBerry
-h                  Address of BES host (default: localhost)
-p
                  Port on which BES is listening (default: 8080)
Examples:
java -classpath PushToken.jar PushToken -h123.45.67.89 -p8765 -ejsmith@company.com token.sdtid

Archived Versions

Older versions of the RSA Soft Token for BlackBerry app and server utilities.

UPDATED Jan 29, 2009: Links to token app and utilities changed from version 3.0.0 to version 3.0.1.

UPDATED Mar 06, 2009: Links to token app and utilities changed from version 3.0.1 to version 3.0.2, added Archived Versions, OTA installation links.

UPDATED Sep 20, 2010: Links to token app and utilities updated to 3.5.0, added hotfixes for Storm2 and Torch.

Tags: , , , , ,
Posted in BlackBerry, Software, Technology on July 11th, 2008 at 11:07am

Comments (44)  | 


© 2007-2013, Corey Gilmore | Posts RSS Feed | Comments RSS Feed | Contact

 

The views expressed on these pages are mine alone and not those of any past or present employer. All information presented on this site was obtained lawfully and not through disclosure under the terms of an NDA.