Avoco Secure Announces The First Universal Identity Broker (UIB) - Open2Connect

• ShareThis Email PDF Print

“Avoco’s new Open2Connect will deliver both simple to use logon to websites and strong anti-phishing security,” said Gerry O'Brien, CEO at Avoco Secure.

(PRWEB) January 12, 2010

Avoco Secure today announced it will launch the first Universal Identity Broker - Open2Connect, which will enable users to use their identities via a single website access point to resources such as a websites, documents, etc. Creating a method for universal on-line authentication and identification.

"The benefits of Open2Connect are that users can continue to use their existing identity methods like Information Cards, OpenID, Username/password etc., as well as controlling what information is shared with the requesting website," said Gerry O'Brien, CEO at Avoco Secure. "Furthermore, the method is resistant to phishing attacks."

There is a plethora of authentication / identification methods available for login to online resources. Examples include username / passwords, OpenID®, Information Cards, X509 digital certificate, Windows Live® ID, SAML, etc. This disparate collection of authentication / identification methods leads to the following problems:

•     Site Administrators have difficulty in choosing what identification method to support, often leading to adoption of the least common denominator - username and password.
•     Each method is incompatible with every other.
•     Support for multiple methods leads is complex and leads to crowded screen layouts.
•     Support for newer, identity-based, authentication methods is patchy as it requires each individual website to implement support for the new method.
•     Users are expected to deal with a wide variety of authentication mechanisms - one site may require Information Cards, another username password, another OpenID, and so on.
•     Many of these authentication methods are susceptible to phishing attacks.
•     With many of these methods user login credentials are shared with the site, which is a potential security risk - e.g. if a user was persuaded to login to a malicious site that could then steal these login details.
•     Username / password methods lead to users either using the same credentials for multiple sites or having to deal with remembering separate passwords for every site.
•     Users prefer to use one or two login methods that they are familiar with - having to use login methods different to those few that the user is already familiar with can be off-putting.
•     Many users have pre-existing on-line identities, and don't want to abandon these for new methods, or use alternatives.

"Avoco Secure continues to bring exciting new innovations to online digital identity," said Drummond Reed, Executive Director of the Information Card Foundation. "Avoco's new UIB technology will help address one of the key usability challenges for websites that accept Information Cards as well as other forms of digital identity credentials."

The Open2Connect (UIB) system ensures that a user can utilise any preferred login method, as long as that method contains the information (claim) required by the site to allow access, for example, an email address. However, the UIB can also go a step further, by controlling access to the web resource through associating levels of assurance with the login, for example specifying that the claim must originate from a specified source.

The whole login process is handled by the UIB: the user simply clicks on the login button as usual - vital in retaining usability of websites. The UIB will then present the user with choices of login method from their preferred list - showing only those viable (continuing the correct claim) for that particular login. The communication between the login method, the identity provisioning site (as appropriate) and the website is all, again, handled by the UIB.

The whole process, as far as the end user is concerned is seamless, ensuring that the end user experience is not degraded by the improvement in security.

The UIB can recognise login requests from websites that use existing protocols, such as OpenID or Information Cards. In this case, the required login information can again be obtained from any of the user's available identity methods associated with their UIB account, as above, but this time the required data is returned to the requesting site in the format specifically required by the protocol (e.g. OpenID and Information Cards). The UIB can also detect if standard desktop or device identity selectors are installed and available to the user's browser, and enable use of these for selecting an identity. The user also has the option to store selected IdP authentication details, so that authentication to external IdPs can be made transparent, eliminating extra authentication steps.

Avoco Secure is an innovation company whose areas of focus are applications for security, information assurance, and privacy. Avoco applications enable end-to-end trust and the securing of information in a de-perimeterized environment. This permits paperless, electronic work-flows that saving time and money while meeting green, compliance, legal enforceability and privacy and security requirements.

Open2Connect is patent pending technology delivered by Avoco Secure.

Information Cards are an open standard for secure digital identity credentials from OASIS, the industry's leading XML e-business standards body. For more information, see http://www.oasis-open.org/committees/imi/.

Products or service names mentioned herein are the trademarks of their respective owners.

###

Share: