(2005-03-22)
Innovative multi-factor authentication solution leverages existing SSL infrastructure to prevent man in the middle phishing
TriCipher, Inc., the innovators of strong authentication for the real world, today announced that its TriCipher Armored Credential System (TACS), launched last month at RSA Conference 2005, prevents man in the middle phishing attacks - a security threat that has become top of mind as businesses and consumers become increasingly reliant on the Internet for conducting essential business transactions. To protect themselves, enterprises have increasingly turned to one time passwords, a form of two factor authentication believed to prevent successful attacks. However, industry experts have called into question the effectiveness of this type of authentication in protecting against phishing. A recent article by a noted researcher outlined weaknesses to token-based authentication approaches. In addition, recent research from Infidel, Inc., demonstrates that all one time password systems, such as time synchronous tokens, can be easily compromised by man in the middle phishing attacks - which require very little technical sophistication on the part of the phisher. TriCipher's unique approach to strong authentication leverages the Internet's existing SSL infrastructure, combined with a unique multi-part credential to foil proxied man in the middle attacks.
"Recent articles have spawned a lot of talk amongst security experts about the role two factor authentication plays in protecting against man in the middle phishing," said Rebecca Bace, President of Infidel, Inc. "It's true that one time password systems are not an adequate defense, but that is only one flavor of two factor authentication, and an outdated one at that. The key to protecting against these attacks is to take advantage of the existing SSL infrastructure to authenticate the client. SSL was designed to prevent man in the middle attacks and doesn't require the user to reveal the credential -- only to prove that she has it. Ideally, you would also like to make it impossible to steal the entire credential from the user. The TriCipher solution satisfies all these requirements."
As companies have moved to one time password tokens to protect bank and brokerage accounts, phishers have begun to set up man in the middle attacks. In such attacks, users are lured to a phishing site by an email or DNS caching hack, where they enter their username, password, and the number from a one time password token. The phisher's server automatically uses this information to immediately log in to the legitimate site, then either keeps the session open automatically until the phisher is ready to hijack the session or simply alters the user's transaction to benefit the phisher.
TACS creates a multi-part credential, splitting the user's credential between the user and a secure appliance kept in the enterprise's data center. Since the user doesn't have the entire credential, he or she can't give it away to the phisher, nor can the phisher steal it from their desktop. In addition, TriCipher's credentials use SSL client authentication, which prevents a phisher from sitting in the middle of the user's session with the web server. Further, using SSL means no new software at the web server, making deployment fast and easy.
"The SSL infrastructure is out there and it's very robust," commented Eric Greenberg, one of the developers of the SSL protocol and current CTO of NetFrameworks, Inc. "As an industry we've only been using half of it because legacy PKI systems were too complex to implement. The TriCipher product vastly simplifies the deployment and management of strong authentication and takes advantage of the security of SSL to prevent man in the middle phishing. The TriCipher solution provides a cost effective, highly secure alternative to time synchronous or challenge response one time password systems."
"We're delighted at the validation our solution has received in light of the recent scrutiny about the role two factor authentication plays in protecting against man in the middle attacks," said Ravi Sandhu, Chief Scientist, TriCipher and professor of Information Security and Assurance at George Mason University . "At roughly five dollars per seat, TACS provides an elegant way to protect against man in the middle attacks that, unlike other solutions, is extremely affordable and easy to deploy."
About TriCipher, Inc.
TriCipher, Inc. provides strong authentication for the real world. The first authentication system that issues multiple types of credentials from a single infrastructure, the TriCipher Armored Credential SystemT (TACS) allows for authentication strength to change in response to new threats without any infrastructure changes. Our patented technology fills the gap between authentication systems that are either not secure enough or too hard to use and deploy. TriCipher's innovative approach to strong multi-factor authentication protects against phishing and eliminates dictionary attacks. Founded in 2000, TriCipher is headquartered in San Mateo, California. The Company was incubated as NSD Security before launching as a separate entity in 2005. Investors in TriCipher are ArrowPath Venture Capital, IntelR Capital, Trident Capital and Wasatch Venture Partners. For more information, please visit www.tricipher.com or email info@tricipher.com.
Copyright 2005 TriCipher, Inc. TriCipher, Armored Credential, and Armored Credential Appliance are either registered trademarks or trademarks of TriCipher, Inc. in the United States and/or other countries. All other products and services mentioned are trademarks of their respective companies.
| Big Fish Games’ Hidden Expedition Titanic and Azada released on PC CD-ROM by Focus Multimedia |
| Immerse yourself in mystery and magic with two exciting new casual games from Focus Multimedia and Big Fish Games Studios, one of the world’s leading casual game developers. Hidden Expedition Titanic and Azada join Focus’ popular Revival range of super-budget price games and are available in a store near you. |
| Professional diagram and communicate with essential Edraw solution |
| Edraw Max enables students, teachers and business professionals to reliably create and publish kinds of diagrams to represent any ideas. With large pre-drawn libraries and more than 4600 vector symbols, drawing couldn't be easier! |
| Hallmark Cards Signs Exclusive Deal with OK Magazine |
| New range of cards launched to make you the cover star.Hallmark Cards in partnership with OK Magazine has launched an exclusive and exciting new range of greeting cards that gives people the chance to give family and friends the A-List treatment. |
| Rocky Top Restaurants Participate In Downtown Raleigh Restaurant Week |
| Bogart’s And The Red Room Participate In Downtown Raleigh Alliance Event |
| Claim It, It's Your Right |
| Many people choose not to pursue an accident claim. The reasons range from knowing the insurance company will settle; to they don't want the legal hassles and expense. |
| Ask A Computer Planet Expert |
| Many individuals and businesses have always purchased their personal computers from a well-known provider to pre-conceived specifications. Increasingly... |
| Get Help from SEO and Advertise your Business Worldwide |
| The effectiveness of SEO and PPC Services are directly related to the quality and quantity of the performance data that they have to work with. If you are seeking assistance in achieving a higher ranking on search engine results, then we suggest you visit RankYourWebsites.com, specialist in this area. If you have found your attempts at optimization to prove fruitless, the representatives at RankYourWebsites.com will have a solution to increase your traffic. |
| Low Cost Rebar Detailing, Rebar Drawing Services - Outsource Now! |
| Save upto 60% by outsourcing Rebar detailing and Concrete reinforcing steel related requirements to us! |
| Vineyard for sale new york, vineyard property for sale in, vineyard houses for sale, valley vineyard for sale |
| http://www.vineyardsforsalein.com/ - online island vineyard for sale, vineyard for sale paso, texas vineyard for sale, washington vineyard for sale, tuscany vineyard for sale, vineyard for sale santa, vineyard for sale California |
| Shieldyourself MD interviewed on BBC Radio |
| Mark Flanagan, Managing Director of Manchester health and safety, food safety and fire safety consultancy, Shieldyourself, discussed the Scores on the Doors scheme when he made a guest appearance on the BBC’s 5 Live Radio Show recently. |
| Colorado springs houses, colorado springs realty, colorado springs apartments, colorado springs homes |
| http://www.jannettehuismann.com/ - Find, Buy, Sale house, property, home, land, real estate property, park, hud foreclosure, home foreclosure, hotels, apartments under your desire budget at colorado springs, usa. |
| Unitech Unihomes Kolar Road Bhopal : Affinityconsultant.com |
| Unihomes Bhopal is a 23 acre residential development which offers you quality living that you have always dreamt of. Nestled amongst greens and landscaped parks and with towers standing 6 storey high. |
| Perspective Magazine Gets Its Rightful Domain |
| After nearly four years Perspective Magazine has now managed to acquire the previously unavailable PerspectiveMagazine.com |
| Under Floor Heating – The Legislation |
| Ambient Electrical, the leading providers of under floor heating, are able to advice all their customers on the appropriate regulations for the installation of such a system. |
| Big Click Studios Gets Bigger |
| Erina web design firm Big Click Studios was bursting at the seams with its growing workload, so has expanded its office capacity and hired extra staff to cope with demand. |
| Has anyone told EmploymentCrossing.com there is an Economic Slowdown? |
| This press release discusses EmploymentCrossing.com, a private job board that centralizes to one location all the job postings over online websites and thousands of jobs advertised on job boards and in newspapers. There appears to be no economic slowdown at the Employment Crossing. |
| New treatment 'may prevent blindness' |
| Going blind is a terrifying prospect for some people and many stop at nothing to preserve the health of their eyes. |
| Cancer tumour growth cells 'not invincible' |
| Despite recent reports revealing that the number for people dying from cancer has declined over the last 30 years, it remains the second biggest killer on the planet. |
| Advanced Data Entry Solutions at DataEntryIndia.co.uk |
| Today effective data management is becoming more and more demanding activity for any organization. Efficient and effective data entry solutions are available at DataEntryIndia.co.uk to accomplish such demands. |
| OCD 'can be debilitating' |
| Everybody has experienced a moment when they have had to go back and check a door lock or make sure a light is turned off, but for some people this can become an obsession |
| Introducing The Newly Improved Cheapmusicdownload, A Music Download Comparison Website |
| Cheapmusicdownload announces the newly improved online music download comparison website. The website is packed with even better key feature reviews and side by side comparison of the top ten music download website to allow buyers to make informed decisions. |
| The Childrens Mutual reports £25 billion cost for 2009 university starters |
| The Childrens Mutual reports the cost of university for this year's A Level graduates could be as high as £25 billion and parents may remain unaware of this rising bill |
| Contract Mobile Phones Bad Credit- get mobile phone connectivity irrespective of bad credit |
| In case of Contract Mobile Phones Bad Credit, you need not require going through a series of paperwork. The processing is really fast as there is no need of credit check. |
| CompTIA A+ Certification Video Training |
| Comptia A+ Certification is the standard for measuring a technician’s or Customer Support Professional's computer hardware and software knowledge. |
| Music Giant "Glama World Records"set to Release the Most Anticipated Urban |
| Urban Music Giant "Glama World Records is back on top with a revamped label, roster and releases. |