Password-less Ultrasonic Authentication (PLUS-Auth)

Idea created by Paul Mcavoy Employee on Jul 29, 2019
    Information Requested
    • Ricardo Armand
    • Shinn Ho
    • Venkatesh Thulasiram

    The following idea is part of an RSA internal innovation contest. We are sharing these ideas to gather feedback from customers and help employees improve on their concepts.  Please share your reactions to this idea by Voting and/or Commenting below. There are 8 total ideas to review now through Aug 23. You can find additional ideas here.

    If you are interested in being a potential development partner on this or another idea, please use the comment button or send an email to


    ** REMINDER ** This is an internal RSA concept ONLY and has not been committed to development or product roadmap.


    Thank you!

    - RSA Labs



    Password-Less Ultrasonic Authentication is a novel technique that may be added to the suite of Multi-factor authentication methods. Utilizing randomly generated token codes, a registered mobile device can be a communications medium for the requesting device.


    Utilizing a registered mobile device as a transmission medium, a token code may be delivered via ultrasonic sound waves to a requesting device. This simplifies the 2nd factor of authentication by minimizing manual processing of a token code.


    When a user is prompted for a token code in a browser, a PLUS-Auth request can be generated utilizing a laptop / PC speaker. The mobile device, after receiving the PLUS-Auth request decrypts the message and metadata. The message is validated and a PLUS-Auth response is generated then sent back to the laptop or PC. Once validated by the application access may be granted as required.


    The ubiquity of audio provides a simple and straightforward method of authentication reducing user friction and minimizing auth failures.