TriCipher Ships Multipart Authentication System
TriCipher Inc., which was spun off from Japanese technology company Nippon Systems Development Inc. (site in Japanese) in Kansai, Japan, says its authentication technology uses a multipart credential. This works by placing part of the authentication credential on the users computer, and the other part on the server on which authentication is desired.
"Both parts need to be applied in turn," CEO Ravi Ganesan said. "The rough analogy is the two keys with a safe deposit box. The entire credential is not with you, you are protected from the attacker, because he cant get the part at the enterprise."
Ganesan said an additional innovation is the products ability to use multiple authentication levels without having to make massive changes in the authentication infrastructure. "The user part can be derived from a password," Ganesan said.
"The next level can use that and something from storage on the PC [such as the Windows serial number]," he said, adding that an even greater level of authentication can be achieved by deriving the authentication code from those two previous methods and from a smartcard.
Ganesan said managers can assign the strength of the authentication so that it can be required for some or for all users, and it can be assigned by other factors, including which application is being asked to run.
He also noted that the authentication method could take advantage of features already on a computer, such as a security chip or the serial number of a processor. TriCipher says its technology is based on a series of patents licensed from Verizon Communications Inc.
"Authentication is getting quite a lot of attention because of phishing attacks," said Gerry Gebel, senior analyst at The Burton Group Inc. in Salt Lake City. "Any effort to make strong authentication easier to deploy and integrate with other systems is always a positive development," he said.
Gebel said the idea of using multipart credentials has been around for a while, but only as academic theories. "Its good to have a product that utilizes this technique," he said.
Still, Gebel said how well it will work is still a question. "It addresses some of the vulnerabilities that none of the other technologies have addressed, [but] it remains to be seen how it stands up in real use under real attacks."
Ganesan said the product, which the company has named TACS (TriCipher Armored Credential System), will sell for about $5.00 per seat when its released Tuesday. The company also will announce on Tuesday that it has received just over $10 million in a second round of venture funding. Investors include Intel Corp.s strategic investment fund.
Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.