TriCipher's patented technology leverages open standards to deliver a manageable, user friendly and cost-effective authentication platform that can easily be integrated into an organizations existing security infrastructure.

TriCipher, which owns, and licenses exclusively from Verizon Communications, an extensive patent portfolio in strong authentication, has been issued U.S. patent number 6,883,095 for a system that protects passwords from two key vulnerabilities: guessing attacks and denial of service attacks. The technology, called "password throttling," is already implemented on TriCipher's industry-leading strong authentication and security solution, the TriCipher Armored Credential System (TACS), and is being used by healthcare, financial services, and government organizations to protect information assets.

Passwords continue to be a popular method for authenticating users, either alone or in combination with other factors, such as hardware tokens. One of the intrinsic vulnerabilities of password-based authentication is the ability of an attacker to try to guess a user's password through multiple login attempts. The traditional method for preventing password guessing is to limit the number of incorrect authentication attempts. For example, after five failed login attempts, the user is locked out for a certain period. However, this solution opens the door to another vulnerability - denial of service. Given a list of corporate user accounts, an attacker could for example, launch a wave of unsuccessful login attempts against a corporate website. All users of the target system would quickly be locked out, resulting in productivity losses for the company.

The technology covered by this patent resolves this dilemma by increasing the computational effort required by each successive online guess. A legitimate user who is entering a password for the second or third time would barely notice the added effort, but an attacker who has to try hundreds or thousands of guesses would quickly run out of resources.

"Over the years, attacks against identity systems have increased considerably," said Ravi Sandhu, Chief Scientist, TriCipher and professor of Information Security and Assurance at George Mason University. "At the same time, password guessing and the fact that users must be locked out to prevent the attack have reduced the effectiveness of passwords as an authentication mechanism. With the invention of this technology, password-based systems are more secure."

"This patent is part of a portfolio of TriCipher-developed technology innovations for strong authentication," said Ravi Ganesan, founder and CEO of TriCipher. "Most authentication systems out there today are at least 20 years old. We are approaching authentication in a new way, finding the balance between security, ease of use and total cost of ownership. This new patent reflects our ability to deliver innovative solutions that solve real world problems."

TriCipher currently owns or has exclusive license to 10 patents in the areas of cryptography, strong authentication, and identity protection and has several more pending.