TrustBuilder®: Security Services

Multiple platforms in the Enterprise require Authentication and Autorization services and sometimes Transaction Validation services. Amongst them, one can find Web Access Management systems, Network Access Management systems, Applications (ERP, CRM, home made, ...) and increasingly distributed application components based on a Service Oriented Architecture (SOA).

A plethora of Authentication and signing mechanism is invading the market, based on one or a combination of factors:

  • Something one knows, like a Password
  • Something one has, like a token
  • Something one is, like a biometric characteristic

Tokens vary from hardware, software or mobile One-Time-Passwords to chip-based solutions, mostly based on the use of Digital Certificates or CAP-EMV cards in the banking world.

In addition, some of these factors are increasingly complemented by so called Knowledge Based Authentication, a series of question-answers to raise the bar on the first factor, and GeoLocation services, which are invoked when doubts arise e.g. by the originator's location or the message contents.

In most cases the Authentication cycle needs to be seen as a multi-step process with its own workflow rather than a simple transaction. Such steps could for instance start by analyzing the request contents in order to determine the applicable validation mechanism, depending on who the user is, when the request is presented and to which protected resources access is required. Depending on the outcome of this analysis, the appropriate authentication validation mechanism can be invoked, maybe followed by additional verifications. Finally, the token or ID presented may have to be mapped to an identity known by the target systems and potentially completed by access control data, such as the user's profile. This latter step can significantly reduce the complexity of protected applications, since all required entitlements are included in the credential.

Obviously, Enterprises are looking to centralize these services for use by the different application and infrastructure platforms. Such authentication services are provided by a Versatile Authentication Server (VAS) such as TrustBuilder. TrustBuilder also provides enhanced security services that go far beyond simple authentication services, like Transaction Validation Services.
TrustBuilder provides transaction signing and validation services to applications through a web service. Signing validation can be handled via different mechanisms, such as CAP-EMV or digital certificates. 
Application programmers do not need to worry anymore about the complexity and security of signing transactions; all it takes is a simple web service call to TrustBuilder which takes care of the transaction preparation, signing and validation.

SecurIT TrustBuilder is a world leading solution in this emerging market place. The technology is used in stringent conditions at very large organizations around the world for several years. It offers unprecedented flexibility to accommodate both today's requirements as well as the emerging SOA architectures.

For more information on TrustBuilder's advanced features, please consult one of the downloads on the right side.
 
Product Sheets
TrustBuilder solutions for Tivoli Access Manager TrustBuilder Generic
- Authentication Services for TAM - Authentication Services
- Transaction Validation Services for TAM - Transaction Validation Services
Other TrustBuilder webpages:
 
TrustBuilder is certified

ready for SUSE Linux

Interested to get more info? Send us an e-mail.