Tricerion SafeLogin product overview
A unique zero-footprint, strong authentication solution, requiring no special client software or hardware, Tricerion's SafeLogin product is a server-based solution to the problem of account hijacking attacks, such as phishing, keystroke logging, shoulder surfing, etc. This technology allows online service providers to prevent their users from disclosing personal security information to fake websites created by criminals. Using patent-pending technologies, our system creates a mutual trust relationship between the customer and the website. More importantly, if the customer is lured to a fake website then the system ensures they cannot enter their password or PIN and so fall victim to a 'phishing' scam.
This strong mutual authentication is delivered whilst maintaining compatibility with multiple service channels and without requiring the customer to carry a token, use a biometric device, or install software on their PC or handheld device.
A customer-facing application, Tricerion SafeLogin presents the user with a personalized login keypad. Each user creates their own keypad by selecting personal customization features, such as background, font, shape of buttons, border, etc. Below is a sample personalized keypad:
Keypad Randomization
Each time the keypad is displayed, the user sees the same set of characters positioned in a randomized order. The keypad maintains a high level of usability since it is a familiar, ATM-style, password entry device. Each time the user inputs the password, the keypad transmits back to the authentication server only the coordinates of the keys that have been clicked, not the actual characters represented by the keys. Each time the password is entered, the dataflow from the user’s browser to the authentication server contains a variable set of coordinates, rather than the constant character-based password. In this sense, it operates like a one-time password system, since the coordinates that represent the password characters change each time the keypad is displayed.
Picture Passwords
When the keypad is displayed, the user sees only a limited subset of symbols drawn from a larger superset. A key strength of the SafeLogin solution lies in the possibility of selecting the user's password and personal keypad symbols from a very large superset of symbols. If the user has an alphanumeric password, the total available superset is 36 characters (26 letters + 10 digits). But SafeLogin supports a paradigm shift from traditional, character-based passwords much more powerful picture passwords, in which there is no upper limit on the potential size of the symbol superset. This has a dramatic positive impact on the mathematics of password security, as well as undermining most current password fraud methods, and increasing the memorability of passwords.
Download a one page product summary here »
We’d be happy to answer any questions you might have regarding our SafeLogin system or authentication in general. Click here to submit your questions or comments
