- Steve Jobs is a man of a few words
- Internet routing blasts into space
- 15 free downloads to pep up your old PC
- IBM smartphone software translates 11 languages
- New attack fells Internet Explorer
Linda Musthaler's CIO-level look at the latest networking technologies and their benefits and pitfalls.
I first encountered TriCipher a few years ago when I was researching multifactor authentication within the banking industry. I learned then that the company has a layered solution called the TriCipher Armored Credential System (TACS) that the vendor likens to a ladder; the security level gets more stringent as you go up the ladder. The technology provides a range of authentication methods including passwords, browser cookies/certificates, PCs, portable devices, tokens, smart cards and biometrics.
What makes the TriCipher authentication solution so secure is that one part of a user’s credential is generated on his own computer and the other part of the credential is stored on a remote appliance called the ID Vault. For the user to successfully authenticate, both parts of the credential must be combined. This makes it hard for a hacker to steal the entire credential in order to log into an account.
The TriCipher ID Vault is a FIPS 140-2 Level 2 rated appliance that securely manages user information, digitally signs transactions, and authenticates users as part of the TACS.
Companies that want to deploy a TriCipher authentication solution can purchase an ID Vault and deploy it as part of their internal infrastructure. Or, as an alternative deployment method, customers can allow TriCipher to host the ID Vault and subscribe to a new service called myOneLogin. End users access the hosted authentication service through a myOneLogin portal. Business subscribers choose the TriCipher level of authentication that best meets their needs.
There are two distinct services offered as part of myOneLogin: SSL VPN authentication, and authentication to Web-based applications such as SalesForce.com, WebEx and Google Apps.
The myOneLogin SSL VPN authentication service strengthens authentication with SSL VPNs without requiring any hardware or software installation. One part of the myOneLogin credential is stored on the user’s computer and the other part is stored in the myOneLogin service. Authentication requires both parts of the credential.
An end user connects securely to a myOneLogin portal that is specific to a particular business. The myOneLogin service communicates with the SSL VPN using the Security Assertion Markup Language (SAML) standard.
Linda Musthaler is a principal analyst with Essential Solutions Corporation.
Rss FeedRss Feed
The Leader in Network Knowledge
Comment