Entrust provides multi-factor authentication to businesses, including machine fingerprinting, question-and-answers, grid authorization, and out-of-band services, according to the company’s chief technology officer, Chris Voice. It offers three platforms that cover authentication, transaction protection and fraud detection, and encryption.Entrust’s security token, which works on its authentication platform, IdentityGuard, is a time-synchronous, one-time password device. About the size of a car-key fob, the device’s LCD screen displays a six-digit number that changes every 60 seconds.
“It’s securely and randomly generated using cryptographic techniques,” said Voice. Users type in the number beneath their user-name and password, which then goes to the back-end, where the server verifies that the token matches the number the back-end has.
As a US$500 million dollar market, according to an IDC report, said Voice, security tokens are “definitely hot.” But the price point for security tokens was much too high, he said. “It’s a commodity, so (other companies) are overcharging,” he said. “It’s so frustrating because there’s huge promise here. All they do is maximize revenue.”
According to Voice, other companies sells tokens for 10 times as much. “(Our price) reflects the real value of the hardware,” said Voice.
CryptoCard, an Ottawa-based authentication provider, is wary of such an inexpensive technology. “Entrust were selling PKI encryption, and they were doing really well, but now we’re seeing a lot of people moving away from that and that market going downhill, so they have to go low-end with a cheap, no-feature product,” said CryptoCard’s vice-president of North American sales, David Scott.
Voice said that it makes no sense for companies with certain, more basic security needs to splurge on the more expensive tokens: “(For them) we also have SmartCards with chips on them for higher-end security.”
Judy Anjowski, CryptoCard’s director of global partner relations, balked at the five-year lifespan of Entrust’s token. “Our tokens never expire – you can replace the batteries.”
“We offer a range,” said Voice. “If it makes sense to go with a five-dollar chip, then we say ‘Giddy-up, let’s go.’”
Anjowski is also not a fan of the time-based method Entrust has gone with — CryptoCard’s security tokens, which include SmartCards and USB-port-enabled tokens, are event-based, instead of time-based, meaning that users have to push a button to change the number. This will, according to CryptoCard sales engineer Patrick Fleury, cut down on clock-drift. Due to timekeepers losing a minute every few days or so, he said, the Entrust tokens will eventually be running on the wrong time, forcing the server to open a window to catch up, which could raise data security issues. a’s vice-president of security research, in a recent survey of 500 medium and large businesses, the No. 2 threat was phish
