The core offering from TriCipher, the TriCipher Armored Credential System (TACS) provides a multi-faceted, unified authentication platform especially targeted to the remote authentication of users to corporate applications.

The key feature of the platform as noted by the vendor is its support for a "multi-credential" authentication methodology; in which part of the user's required credentials for authentication reside with the user themselves, and the remaining portion resides at corporate headquarters in the organization's TriCipher ID Vault (see below). Specifically, the multi-part credentials are based on PKI-based technology that splits the PKI private key into multiple parts. In order for the authentication to succeed, each portion of the credentials must be successfully combined.

Multiple forms of authentication are supported by the overall platform, including "zero footprint user experience" methods (passwords, browser cookies and/or browser certificates combined with a personalized confidence image and text); as well as those that leverage the vendor's ID Tool plug-in, providing mutual authentication for users and transactions as well as the ability to digitally sign documents and encrypt E-mail. With the ID Tool, available authentication options include PC two-factor, portable devices, tokens, smart cards, and biometrics. It is the ID Tool that generates the user-side of the multi-credential authentication scheme as described above; when the user attempts to perform some activity requiring authentication the ID Tool automatically prompts the user to authenticate themselves to the ID Vault (which provides the second portion of the multi-credential system).

Primary components of the TACS platform include:

- The TriCipher ID Vault, which is the keystone of the product and provides user management, authentication, and digital signing functions. As mentioned above, the ID Vault stores one portion of the vendor's needed credentials for authentication. The ID Vault is itself a FIPS 140-2 Level 2 rated appliance.

- The TriCipher Authentication Gateway (TAG), an appliance that provides a services layer that facilitates centralized TACS-based authentication integration into the organization's Web applications. Tag includes pre-built authentication workflow pages for Web applications; the apps themselves hand off the authentication process to TAG, which in turn authenticates the user (in conjunction with the ID Vault) and then returns results to the Web application indicating what level of access the user is entitled to.

If TAG is not deployed, customers also have the option of interfacing with the IP Vault APIs directly.

- The TriCipher ID Tool, the PC component described above (Windows 98/Me/NT/2000/XP/Vista; Mac OS X; Linux) that generates the user-portion of the multi-credentials for supported authentication methods.

- TriCipher ID Tool ToGo, a user authentication tool provided for use with USB smart drives.

- TriCipher Armored Transactions, an additional product module that facilitates the authentication of individual transactions using the TACS platform.

Also available from the vendor is their Web-based myOneLogin service, which is built on TACS and enables administrators to setup their users via a browser interface such that they can access multiple Web applications (salesforce.com, Google Apps, and WebEx are among the many listed as supported, and the vendor notes that the platform is designed to potentially work with any Web-based application that supports SAML, OpenID or standard username/passwords - including internal Web applications). With the myOneLogin service, part of the user's credentials are stored directly on the user's computer itself (when logging in from a different computer, the platform relies on secret questions for authentication in addition to the user's password). Three levels of authentication are supported by the service: Basic, which uses browser cookies and mutual authentication; Intermediate, which uses certificates and mutual authentication; and ID Tool-based authentication (as described above). Three primary services are currently available through the myOneLogin site:

- Secure Single Sign On, as described above

- Strong Authentication, which allows application providers to support myOneLogin-based authentications in their apps (integration is via Web services calls to the myOneLogin service)

- VPN Authentication, the newest flavor of the service, which allows users to use myOneLogin to authenticate to their corporate SSL VPNs. The vendor states that any SSL VPN is supported; but strong authentication is supported only on those that additionally support SAML (Juniper Secure Access SSL VPNs with Advanced Features and Microsoft IAG 2007 are specifically listed as SAML-enabled)

myOneLogin is available now. The new VPN Authentication service is priced at $1/per user/per month; while the myOneLogin service combined with VPN Authentication is $3/per user/per month.

TACS is available now. Contact the vendor for further information.