TriCipher Armored Credential System(TM) Provides Variety of Two Factor Authentication Methods to Meet FFIEC Guidance

SAN MATEO, Calif., Nov. 8 / - TriCipher, Inc., a leading innovator of strong authentication for the real world, today announced that its TriCipher Armored Credential System(TM) (TACS) provides a variety of two factor authentication methods that meet FFIEC guidance. Unlike other strong authentication solutions, TACS is architected to protect against "man in the middle" phishing attacks, which have become increasingly common as phishers evolve their tactics. Additionally, TACS supports many types of two-factor authentication from a single infrastructure, allowing financial institutions to choose a different balance of security, cost and ease of use for each type of user. In accordance with FFIEC guidance, financial institutions can easily match authentication strength to transaction risk across a wide range of needs. In addition, TACS is seamless to deploy -- users don't even have to change their passwords. With TACS, as attacks and regulations change, financial institutions can quickly migrate users between two factor types without having to buy additional infrastructure.

"The FFIEC's guidance on Internet banking authentication is harmonized with security best practices, and is even timelier due to growing phishing and identity theft concerns," said Mark Diodati, analyst, Identity and Privacy Strategies, Burton Group. "Password authentication is not sufficient for Internet banking. Financial institutions must implement easy to use multi- factor authentication to protect their customers' assets and privacy."

"We chose TriCipher before the FFIEC guidance was issued, and we're very glad we did," said Scott Mackelprang, Vice President of Security and Compliance, Digital Insight. "We're already ahead of the game in securing online banking for our customers, and we know we have a strong growth path in the TriCipher solution to stay ahead."

Variety of FFIEC-Compliant 2 Factor Options

TACS 2 factor authentication options range from clientless credentials appropriate for high volume deployments all the way to smart cards. TACS works with a wide variety of 2nd factors including the user's PC, industry standard one time password tokens from many vendors and even USB memory sticks or MP3 players that users can self-provision.

TriCipher FFIEC compliant options include:

                                   Out-      Mutual             Monitoring
2 Shared of- Authent- Desktop and
Factor Secret Token band ication Security Reporting

Browser 2
Factor Yes Pass- Cookie Phone, Via No Yes
word SMS, secret
Email greeting

Device 2
Factor Yes Pass- PC Phone, Via SSL Yes Yes
word (can SMS, client and
use TPM) Email server

Portable 2
Factor Yes Pass- Self- Phone, Via SSL Yes Yes
word provis- SMS, client and
ioned Email server

Token Yes Pass- Any OTP, Phone, Via SSL Yes Yes
word scratch SMS, client and
card, Bingo Email server
card authentication

Card Yes Pass- Any Phone, Via SSL Yes Yes
word standards- SMS, client and
compliant Email server
smart card authentication
(can use TPM)

TACS Security

TACS security is based on proven cryptographic techniques and has been through extensive third party review. In addition, TACS is based on 25 issued or pending science patents (10 under exclusive license from Verizon® Communications). All TACS credentials exist in two parts, making them very difficult to steal and allowing instant revocation. Most TACS credentials use mutual authentication in SSL to protect communication channels, preventing man in the middle and other eavesdropping attacks. The portable 2 factor credential uses a patent-pending rolling key technology that can prevent a thief from using a stolen memory stick.

TACS ships on a FIPS 140-1 Level 2 rated ID Vault that provides secure storage for sensitive identity data, credit card numbers and encryption keys. The ID Vault helps protect against unauthorized access to this data, whether stored in the ID Vault of encrypted in place in a separate database.


Designed for high availability, the solution is delivered as a three-way mirrored appliance set. Financial Institutions can deploy TACS behind their existing web applications with no user impact -- they can even keep their existing passwords. Over time, users can be easily migrated between credential types with minimal impact and, in most cases, with no separate hardware to provision to users. The system is highly scalable and can handle three million users on a standard single Xeon® server.

"Two factor authentication hasn't been used for broad applications like online banking because it was too hard to use and too expensive, plus you had to roll out a separate infrastructure for every authentication type," commented Ravi Ganesan, CEO of TriCipher and former Vice Chairman of CheckFree®, Inc. "With the new FFIEC guidance, financial institutions should be aware that 2 factor authentication can be much more practical than in the past. allowing them to can comply with the guidance by balancing risk with usability and affordability across a wide range of needs from a single infrastructure."

About TriCipher, Inc.

TriCipher, Inc. provides strong authentication for the real world. The first authentication system that issues multiple types of credentials from a single infrastructure, the TriCipher Armored Credential System(TM) (TACS) allows for authentication strength to change in response to new threats without any infrastructure changes. Its patented technology fills the gap between authentication systems that are either not secure enough or too hard to use and deploy. TriCipher's innovative approach to strong multi-factor authentication protects against phishing and eliminates dictionary attacks. Founded in 2000, TriCipher is headquartered in San Mateo, California. The Company was incubated as NSD Security before launching as a separate entity in 2005. Investors in TriCipher are ArrowPath Venture Capital, Intel® Capital, Trident Capital and Wasatch Venture Partners.

Source: TriCipher, Inc.

CONTACT: Elizabeth Safran of Trainer Communications, +1-408-920-0585, or, for TriCipher, Inc.; or Sally Sheward of TriCipher, Inc., +1-650-372-1312, or

Web site:

More from Computer Hardware & Peripherals

All Topics