Valid Gets IBM Certification for i OS-Based Biometric System
October 7, 2008 Alex Woodie
Valid Technologies last month announced that it has received certification from IBM for using its i OS-based biometric authentication system with two Tivoli identity- and access-control products. The certification will allow organizations to ditch the use of passwords and tokens for authenticating log-ins for Web applications, and instead rely on peoples’ fingerprints to serve as the keys for entry.
Valid Secure Systems Authentication, or VSSA, is an i OS application that stores data about people’s fingerprints (not the fingerprints themselves) and provides the hooks into third-party authentication mechanisms. It has received the “Ready for IBM Tivoli” validation for Tivoli Identity Manager, which doles out user access to applications or data based on a user’s credentials, and Tivoli Access Manager, a similar product that is more geared toward the single sign-on (SSO) end of the spectrum.
According to Valid, the company has built hooks into VSSA that allow the Tivoli products to call VSSA when they need to authorize and authenticate somebody. The integration of VSSA via “junctions” with WebSEAL (a Web server component of the Tivoli products) means that users can easily create and modify how the products interoperate, without requiring any changes to source code. For integration work involving Tivoli applications that don’t utilize the WebSEAL server, users can use the standard VSSA application enablement toolkit, but this will likely require source code changes.
Up to this point, Valid hasn’t shied away from the fact that its software requires source code modifications, but it has always provided plenty of RPG, COBOL, Java, and C++ routines to achieve this. In fact, company officials have said that making changes at the source code level was the only way of ensuring that security was maintained. APIs, wrappers, and other integration methods just didn’t provide the same level of integrity and security, they said.
A slightly different approach was required for the Tivoli crowd, which mostly consists of larger Unix, Linux, and Windows, and mainframe users. (Tivoli has never been a big i OS supporter.) Nevertheless, Valid is banking on the System i’s reputation as a bullet-proof server for serving up credentials to a range of non i-OS applications, primarily Web applications.
“Companies have huge investments in existing applications, but many are in dire need of strong user authentication,” says Greg Faust, CEO of Valid Tech. “Now they can secure Web-based transactions without touching the source code of their applications. This will help banking, government, and countless other customers meet regulatory needs and cut fraud loss.”
Gaining IBM’s seal of approval is a big step forward and a big deal for Valid, the Boca Raton, Florida, company that has been singing the praises of biometric authentication and i OS security since it started developing about five years ago. Now that Big Blue is pushing VSSA as a way to secure Web-based transactions without the hassles of passwords or tokens, it would seem that VSSA’s stock has just gone up.