The core offering from TriCipher, the TriCipher Armored Credential System (TACS) provides a multi-faceted, unified authentication platform especially targeted to the remote authentication of users to corporate applications.

The key feature of the platform as noted by the vendor is its support for a "multi-credential" authentication methodology; in which part of the user's required credentials for authentication reside with the user themselves, and the remaining portion resides at corporate headquarters in the organization's TriCipher ID Vault (see below). Specifically, the multi-part credentials are based on PKI-based technology that splits the PKI private key into multiple parts. In order for the authentication to succeed, each portion of the credentials must be successfully combined.

Multiple forms of authentication are supported by the overall platform, including "zero footprint user experience" methods (passwords, browser cookies and/or browser certificates combined with a personalized confidence image and text); as well as those that leverage the vendor's ID Tool plug-in, providing mutual authentication for users and transactions as well as the ability to digitally sign documents and encrypt E-mail. With the ID Tool, available authentication options include PC two-factor, portable devices, tokens, smart cards, and biometrics. It is the ID Tool that generates the user-side of the multi-credential authentication scheme as described above; when the user attempts to perform some activity requiring authentication the ID Tool automatically prompts the user to authenticate themselves to the ID Vault (which provides the second portion of the multi-credential system).

Primary components of the TACS platform include:

- The TriCipher ID Vault, which is the keystone of the product and provides user management, authentication, and digital signing functions. As mentioned above, the ID Vault stores one portion of the vendor's needed credentials for authentication. The ID Vault is itself a FIPS 140-1 Level 2 rated appliance.

- The TriCipher Authentication Gateway (TAG), an appliance that provides a services layer that facilitates centralized TACS-based authentication integration into the organization's Web applications. Tag includes pre-built authentication workflow pages for Web applications; the apps themselves hand off the authentication process to TAG, which in turn authenticates the user (in conjunction with the ID Vault) and then returns results to the Web application indicating what level of access the user is entitled to.

If TAG is not deployed, customers also have the option of interfacing with the IP Vault APIs directly.

- The TriCipher ID Tool, the PC component described above (Windows 98/Me/NT/2000/XP/Vista; Mac OS X; Linux) that generates the user-portion of the multi-credentials for supported authentication methods.

- TriCipher ID Tool ToGo, a user authentication tool provided for use with USB smart drives.

- TriCipher Armored Transactions, an additional product module that facilitates the authentication of individual transactions using the TACS platform.

Newly announced is the vendor's hosted, Web-based myOneLogin service, which is built on TACS and enables administrators to setup their users via a browser interface such that they can access multiple Web applications (salesforce.com, Google Apps, and WebEx are initially supported; the vendor notes that the platform is designed to potentially work with any Web-based application that supports SAML, OpenID or standard username/passwords). myOneLogin is available now, with pricing starting at $5/per user/per month.

TACS is available now. Contact the vendor for further information.

product submission by EITPlanet Staff

E-Mail this page to a colleague
send info about TriCipher Armored Credential System (TACS)

Suggest a link
for the TriCipher Armored Credential System (TACS) fact sheet