25. August 2021

Strong authentication, no compromises


ti&m security suite // Together with climate change, cyber security ranks as one of the five biggest global threats. Cyber criminals are employing ever more complex methods to get their hands on sensitive data. In an age of digital platforms, proper protection and secure access to confidential services are absolutely essential to reduce these cyber risks.

Digital services have long been an integral and entirely normal part of our lives. We carry out all sorts of personal and professional tasks using digital channels. Data, information and transactions are spread easily across the internet, and our everyday life is now virtually inconceivable without digital technology. The highest priority of any service provider is to ensure that access is controlled and secure.

Secure, simple, everywhere – first impressions count
In this day and age, the provision of robust authentication methods that meet legal and sector-specific requirements is absolutely essential. They are among the most important building blocks of a reliable, trustworthy and intuitive security system. At the same time, any frustration experienced by the user needs to be eliminated, so that they don’t take flight before they’ve even used the service properly, all because of complicated sign-in processes. You don’t get a second chance to make a first impression, so this first interaction is key. In an era marked increasingly by the user experience, solutions that are secure, future-proof and user-friendly are in more demand than ever.
The ti&m security suite offers a smooth and intuitive solution, guaranteeing secure access to any digital service. Log in securely with a single glance – signing in is supported on desktops, mobile devices and all major modern web browsers.

Standardized constituent of digital trust
Among other things, our product is based on the open source industry standard FIDO or FIDO2, a joint effort between the FIDO Alliance and W3C. FIDO stands for Fast Identity Online, and is simply an umbrella term for a combination of two standardized protocols: WebAuthn and CTAP. Both protocols offer a strong, password-free multi-factor authentication: the WebAuthn protocol is responsible for communication between server and browser; the CTAP protocol for communication between browsers and an external authenticator (smartphone, hardware tokens). The process is based on the principles of the challenge-response process (see figure 1) and of asymmetric encryption. Unlike symmetric encryption, in asymmetric encryption the two communicating parties don’t know the same key. Each user generates their own key pair, which consists of one private, secret key and one public, non-secret key. The corresponding data does not leave the user’s end device throughout the entire authentication process. The browser forwards the challenge to the authenticator, which requests the respective factor (e.g. knowledge, inherence) and, if successful, returns a digital signature of the challenge to the browser. The browser transmits the signed challenge to the application, which verifies the respective signature and authenticates the user accordingly.

ti&m security suite – logging in has never been easier
Our product is underpinned by well-established standards, thus combining a fluid authentication experience with the necessary security without having to memorize any tiresome log-in data. Thanks to modern, password-free technologies, such as facial recognition or fingerprints, the log-in process becomes a piece of cake. A simple touch of the finger is enough to secure sensitive information. Passwords are rendered completely unnecessary.

Thanks to our modular architecture, the ti&m security suite is a key constituent of secure digitalization, whether for web applications or mobile applications. With our white label approach, you can install this customizable solution on smartphones (iOS and Android) immediately. Plus, our solution supports any hardware tokens that are FIDO2-compatible, offering a safe and convenient alternative for anyone who doesn’t want to use a smartphone. The security suite can be combined with the ti&m ID check module. This helps us optimize the recovery process for access data, thus cutting the number of support requests received and, in turn, the costs of a company’s support department.

Risk-based authentication for additional security
The policy server is a powerful yet easy-to-use authentication solution that substantially improves the security of your systems. Risk-based authentication captures the implicit characteristics of users and devices, and analyzes user behavior in order to pinpoint deviations from regular behavior. These deviations can be used to determine how likely it is that a given login request is coming from the actual user or from a potential hacker. The higher the probability of an attack, the more comprehensive and restrictive the authentication process becomes. The policy server includes a user-definable rule set, which evaluates user data and triggers appropriate responses if necessary. The process for creating rules is straightforward and does not require programming; these rules also enable the evaluation of information from external systems.

Our modular security solution is available on-premise or as SaaS at a Swiss data center, so that you have full control over your data. Fast, easy integration with a variety of applications, channels and existing architecture is guaranteed at all times.

Philip Dieringer
Philip Dieringer

Philip Dieringer, Head Bern, ti&m.

Fabian Dobler
Fabian Dobler

Fabian Dobler has been at ti&m for eight years, where he is responsible for Security Integration. He also volunteers as an officer in the fire brigade.