TriCipher offers strong authentication as a service

The CIO-level business angle on the latest tech

I first encountered TriCipher a few years ago when I was researching multifactor authentication within the banking industry. I learned then that the company has a layered solution called the TriCipher Armored Credential System (TACS) that the vendor likens to a ladder; the security level gets more stringent as you go up the ladder. The technology provides a range of authentication methods including passwords, browser cookies/certificates, PCs, portable devices, tokens, smart cards and biometrics.

What makes the TriCipher authentication solution so secure is that one part of a user’s credential is generated on his own computer and the other part of the credential is stored on a remote appliance called the ID Vault. For the user to successfully authenticate, both parts of the credential must be combined. This makes it hard for a hacker to steal the entire credential in order to log into an account.

The TriCipher ID Vault is a FIPS 140-2 Level 2 rated appliance that securely manages user information, digitally signs transactions, and authenticates users as part of the TACS.

Companies that want to deploy a TriCipher authentication solution can purchase an ID Vault and deploy it as part of their internal infrastructure. Or, as an alternative deployment method, customers can allow TriCipher to host the ID Vault and subscribe to a new service called myOneLogin. End users access the hosted authentication service through a myOneLogin portal. Business subscribers choose the TriCipher level of authentication that best meets their needs.

To continue reading, register here to become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

I first encountered TriCipher a few years ago when I was researching multifactor authentication within the banking industry. I learned then that the company has a layered solution called the TriCipher Armored Credential System (TACS) that the vendor likens to a ladder; the security level gets more stringent as you go up the ladder. The technology provides a range of authentication methods including passwords, browser cookies/certificates, PCs, portable devices, tokens, smart cards and biometrics.

What makes the TriCipher authentication solution so secure is that one part of a user’s credential is generated on his own computer and the other part of the credential is stored on a remote appliance called the ID Vault. For the user to successfully authenticate, both parts of the credential must be combined. This makes it hard for a hacker to steal the entire credential in order to log into an account.

The TriCipher ID Vault is a FIPS 140-2 Level 2 rated appliance that securely manages user information, digitally signs transactions, and authenticates users as part of the TACS.

Companies that want to deploy a TriCipher authentication solution can purchase an ID Vault and deploy it as part of their internal infrastructure. Or, as an alternative deployment method, customers can allow TriCipher to host the ID Vault and subscribe to a new service called myOneLogin. End users access the hosted authentication service through a myOneLogin portal. Business subscribers choose the TriCipher level of authentication that best meets their needs.

There are two distinct services offered as part of myOneLogin: SSL VPN authentication, and authentication to Web-based applications such as SalesForce.com, WebEx and Google Apps.

The myOneLogin SSL VPN authentication service strengthens authentication with SSL VPNs without requiring any hardware or software installation. One part of the myOneLogin credential is stored on the user’s computer and the other part is stored in the myOneLogin service. Authentication requires both parts of the credential.

An end user connects securely to a myOneLogin portal that is specific to a particular business. The myOneLogin service communicates with the SSL VPN using the Security Assertion Markup Language (SAML) standard.

From this point, a business has multiple options for deploying myOneLogin with its SSL VPN. MyOneLogin can handle the complete authentication, including password and second factor. Or, myOneLogin can be configured to validate only the second factor, and the business can validate the password against its existing user repository. Either way, myOneLogin communicates with the SSL VPN using digitally-signed SAML assertions. In addition, the myOneLogin SSL VPN authentication service allows a business to provide secure remote access authentication without requiring the use of hardware tokens.

The second service enabled by the myOneLogin hosted service is access to Web-based applications. This service takes advantage of the TriCipher Authentication Gateway (TAG), which powers the service portal where users authenticate their credentials and then log in to SaaS applications.

Linda Musthaler is a principal analyst with Essential Solutions Corporation.