Valid Gets IBM Certification for i OS-Based Biometric System

October 7, 2008 Alex Woodie

Valid Technologies last month announced that it has received certification from IBM for using its i OS-based biometric authentication system with two Tivoli identity- and access-control products. The certification will allow organizations to ditch the use of passwords and tokens for authenticating log-ins for Web applications, and instead rely on peoples’ fingerprints to serve as the keys for entry.

Valid Secure Systems Authentication, or VSSA, is an i OS application that stores data about people’s fingerprints (not the fingerprints themselves) and provides the hooks into third-party authentication mechanisms. It has received the “Ready for IBM Tivoli” validation for Tivoli Identity Manager, which doles out user access to applications or data based on a user’s credentials, and Tivoli Access Manager, a similar product that is more geared toward the single sign-on (SSO) end of the spectrum.

According to Valid, the company has built hooks into VSSA that allow the Tivoli products to call VSSA when they need to authorize and authenticate somebody. The integration of VSSA via “junctions” with WebSEAL (a Web server component of the Tivoli products) means that users can easily create and modify how the products interoperate, without requiring any changes to source code. For integration work involving Tivoli applications that don’t utilize the WebSEAL server, users can use the standard VSSA application enablement toolkit, but this will likely require source code changes.

Up to this point, Valid hasn’t shied away from the fact that its software requires source code modifications, but it has always provided plenty of RPG, COBOL, Java, and C++ routines to achieve this. In fact, company officials have said that making changes at the source code level was the only way of ensuring that security was maintained. APIs, wrappers, and other integration methods just didn’t provide the same level of integrity and security, they said.

A slightly different approach was required for the Tivoli crowd, which mostly consists of larger Unix, Linux, and Windows, and mainframe users. (Tivoli has never been a big i OS supporter.) Nevertheless, Valid is banking on the System i’s reputation as a bullet-proof server for serving up credentials to a range of non i-OS applications, primarily Web applications.

“Companies have huge investments in existing applications, but many are in dire need of strong user authentication,” says Greg Faust, CEO of Valid Tech. “Now they can secure Web-based transactions without touching the source code of their applications. This will help banking, government, and countless other customers meet regulatory needs and cut fraud loss.”

Gaining IBM’s seal of approval is a big step forward and a big deal for Valid, the Boca Raton, Florida, company that has been singing the praises of biometric authentication and i OS security since it started developing about five years ago. Now that Big Blue is pushing VSSA as a way to secure Web-based transactions without the hassles of passwords or tokens, it would seem that VSSA’s stock has just gone up.

Pat Townsend to Resell Valid’s i5/OS Biometric Authentication

Valid Tech Assimilates Biometric Authentication Into the Enterprise

IBM Debuts New Password Reset, Synchronization Software

Valid Tech Delivers Biometric Authentication Solution for OS/400

Identity Management Comes to Forefront as Data Losses Mount

                     Post this story to del.icio.us
               Post this story to Digg
    Post this story to Slashdot

Tags:

CYBER-ATTACKS ON THE RISE. PROTECT WITH THE TRIPLE PLAY.

COVID-19 has not only caused a global pandemic, but has sparked a “cyber pandemic” as well.

“Cybersecurity experts predict that in 2021, there will be a cyber-attack incident every 11 seconds. This is nearly twice what it was in 2019 (every 19 seconds), and four times the rate five years ago (every 40 seconds in 2016). It is expected that cybercrime will cost the global economy $6.1 trillion annually, making it the third-largest economy in the world, right behind those of the United States and China.”1

Protecting an organization’s data is not a single-faceted approach, and companies need to do everything they can to both proactively prevent an attempted attack and reactively respond to a successful attack.

UCG Technologies’ VAULT400 subscription defends IBM i and Intel systems against cyber-attacks through comprehensive protection with the Triple Play Protection – Cloud Backup, DRaaS, & Enterprise Cybersecurity Training.

Cyber-attacks become more sophisticated every day. The dramatic rise of the remote workforce has accelerated this trend as cyber criminals aggressively target company employees with online social engineering attacks. It is crucial that employees have proper training on what NOT to click on. Cyber threats and social engineering are constantly evolving and UCG’s Enterprise Cybersecurity Training (powered by KnowBe4) is designed to educate employees on the current cutting-edge cyber-attacks and how to reduce and eliminate them.

A company is only as strong as its weakest link and prevention is just part of the story. Organizations need to have a quick response and actionable plan to implement should their data become compromised. This is the role of cloud backup and disaster-recovery-as-a-service (DRaaS).

Data is a company’s most valuable asset. UCG’s VAULT400 Cloud Backup provides 256-bit encrypted backups to two (2) remote locations for safe retrieval should a cyber-attack occur. This is a necessary component of any protection strategy. Whether a single click on a malicious link brings down the Windows environment or an infected SQL server feeds the IBM i, once the data is compromised, there is no going back unless you have your data readily available.

Recovery is not a trivial task, especially when you factor in the time sensitive nature of restoring from an active attack. This leads to the third play of the Triple Play Protection – DRaaS. Companies have myriad concerns once an attack is realized and a managed service disaster recovery allows employees to keep focus on running the business in a crisis state.

The combination of training employees with secure backup and disaster recovery offers companies the best chance at avoiding financial disruption in an age of stronger, more frequent cyber-attacks.

Reach out to UCG Technologies to discuss your company’s security needs and develop a data protection plan that fits you best.

ucgtechnologies.com/triple-play

800.211.8798 | info@ucgtechnologies.com