Last week TrustBearer was at the RSA Conference. Next week, we will be in New Orleans, at Card Tech Secure Tech 2009: The Americas (CTST).
We had a righteous time at RSA. We showed off our latest engineering accomplishments. We had a party, sponsoring poker tables at Verisign’s casino night. And, we observed the apparent themes of this years conference.
Overheard, here and there, in the Moscone Center at the RSA conference was an adage— something like “nothing is new at such an industry conference”. You could also add that the difference between a new technology and a one that is re-packaged to look new is hard to distinguish.
At RSAC, there were many product claims contemporaneous with the world we live in. For several years now, many companies have bragged about the ‘greenness’ of their products. This year, adapting to economic realities, many businesses have marketed their products as pedestrian and cost-effective—the later, a trusted stand-by for marketers. There was also a natural swarm of companies towards health care and government verticals due to presidential directives, economic stimulus packages, and the admission that these are more vibrant parts of the current economy.
Just as with economic factors, broader technological trends have found a place in the messaging of security and identity companies. There is virtualization, for one. Consider also smart phones and mobile communications. There were dozens of companies at RSA showing mobile products; several of these are singularly devoted to two-factor authentication with mobile phones. Perhaps, the most permeable marketing meme, in this regard, was the talk of cloud computing and services— “security in the cloud”.
You might say ‘TrustBearer is Moving PKI to the Cloud’
With anxiety, I write that we’re moving PKI to the cloud in order to improve credential management and end-user authentication. But this is a tiresome, clichéd way to say it.
A core philosophy of TrustBearer products is the simplification of using credentials with PKI. We use modern web technologies, what you might call Web 2.0 or cloud services, to achieve this. However, the principle of our approach is actually to relocate the gears of PKI from the client to a dynamic, centrally managed service. We want to free the end-user of PKI from burdensome tasks and decisions.
Our latest products and features are continuing to simply the issuance, management, usage, and renewal of identity credentials. At RSA, we showed how we’ve integrated TrustBearer technology with Verisign Managed PKI, the improve the user experience here:
We’ve reduced the steps required to install our cross-platform browser add-on. The installation does not require administrative rights and does not require the browser to be restarted, or even refreshed.
2-Click Issuance; 0-Click Renewal
With two clicks, users are issued a pin-protected, federally-validated certificate, which is linked to a an existing account for two-factor authentication.
When a certificate is going to expire, it can be auto-renewed. This is managed by a policy, but in the simplest sense a user’s certificate is automatically updated, without user interaction.
The case of renewal, illustrates the work we’ve been doing to make PKI easier to administer. At the server, TrustBearer provides a central place to manage policies for keys; certificate issuance and renewal; whitelisting and blacklisting authentication factors (e.g. software tokens); and delegating trust.
Newly Supported Devices
We now support Trusted Platform Modules, a built-in crypto-processor on almost all business PCs. We’ve also developed a software token, encrypted with AES-128 or AES-256, for users that don’t have a hardware token.
If you are interesting in a demo, contact us.