Strong Authentication

Authentication is the act of confirming the truth of an attribute of a datum or entity. This might involve confirming the identity of a person or assuring that a computer program is a trusted one.

The ways in which someone may be authenticated fall into three categories, based on what are known as the factors of authentication: something you know, something you have, or something you are. Each authentication factor covers a range of elements used to authenticate or verify a person's identity prior to being granted access, approving a transaction request, signing a document or other work product, granting authority to others, and establishing a chain of authority.

The three factors (classes) and some of elements of each factor are:

  • the ownership factors: Something the user has (e.g., wrist band, ID card, security token, software token, phone, or cell phone)
  • the knowledge factors: Something the user knows (e.g., a password, pass phrase, or personal identification number (PIN), challenge response (the user must answer a question))
  • the inherence factors: Something the user is or does (e.g., fingerprint, retinal pattern, DNA sequence (there are assorted definitions of what is sufficient), signature, face, voice, unique bio-electric signals, or other biometric identifier).

SecurIT and Strong Authentication

Based on its experience and knowledge obtained in many projects at large organizations, SecurIT has developed a versatile authentication server, called TrustBuilder. TrustBuilder provides User Authentication, Adaptive Access Control and Transaction Validation services to Web or Network Access Management platforms, to portals and to applications. Multiple authentication mechanisms, 2-factor authentication and several authentication data sources can co-exist and can be combined to suite the most complex needs. The product offers open and flexible integration capabilities and can also seamlessly be integrated with IBM Tivoli Access Manager and IBM Tivoli Federated Identity Manager.
 
Mobile Token Services
Software and mobile token generators are mostly obtained from a third party store, such as the Apple iStore for iPhones, and need to be linked to a user at the application provider side before being useful for authentication purposes.

With the new TrustBuilder release, SecurIT intends to offer a platform that will take care of the complete usage cycle, ranging from validating the user’s identity, registration, activation and ongoing administration of the token, to validating the token at authentication time. Its workflow based policy engine will allow to easily integrate with existing security assets in the organization, lowering the barrier significantly from a cost and time-to-market perspective.

In addition, once a user has been authenticated, TrustBuilder allows to easily extend the user’s identity with context aware information, such as attributes or dynamic role assignment, in order to manage access to applications and resources, effectively addressing the security risks of mobile and online applications.

Supported Token Types
Which types of tokens are supported by this solution. There are basically four types of tokens:
  • Hardware token: little devices that users carry along
  • Software token: active plug-ins in browsers (e.g. applet, ActiveX)
  • Mobile token: mobile application for Smartphone
  • SMS token: SMS sent to mobile phone
 
 More information about TrustBuilder
 
Downloads: go to the downloadpage