What is an IP(SM)?

What is an IPSM?

A 'My Internet PersonaSM' or myIPSM credential is many things. In short, it is an Internet standard, platform specific, secure, reuseable credential that provides strong authentication across multiple web sites.  It is actively managed and can be revoked if compromised so it can never used again. Let’s explain some of that further:

Internet Standard Security Technology

myIPSM credentials are based on an Internet standard security technology: TLS, or Transport Layer Security. You use TLS whenever you visit a web site that begins with HTTPS. The ‘S’ indicates the connection between you and the web site is secure and protected.

Pseudo-Nym is extending TLS to enable our subscribers to have a browser based, secure, reusable and managed credential. Our service does NOT involve any new technologies. We rely on an existing, tried and true, widely available Internet security technology. Using that technology, we offer our subscribers and corporate clients a solution to the problem of too many insecure and unmanaged passwords.

Secure

myIPSM credentials are built on the strongest cryptography known today. There are many sources of information across the Internet that explain the underlying details of the encryption and cryptography. Suffice it to say, the military strength encryption used in TLS provides many different security benefits. Here are a few key points:

  • myIPSM credentials include an encryption key that is 2048 bits, or 256 characters long. That 256 character encryption key replaces your 8 to 10 character password.
  • myIPSM credentials are NOT replayable. This is important in regards to man in the middle and phishing attacks. Typically, phishing attacks try to lure you to a web site to trick you into divulging your Id and password. After they steal your Id and password, they can replay them to the intended web site and take over your account. A fundamental weakness of passwords is that they are easily shared or stolen and replayed.  Without getting into the technical details, if you are lured to a phishing web site and actually logon with a myIPSM credential, the phishing web site CANNOT replay that credential to the true destination web site and access your account.  While these man in the middle attacks – including phishing – can still occur, the credential they steal cannot be replayed, making phishing a useless exercise.

Reusable

Through the magic of cryptography, myIPSM credentials are reusable: your single myIPSM credential can be easily and securely reused over and over again at all of our partner SaaS vendor web sites. Our service offers a single credential to replace all those web site passwords.

‘Platform’ Specific

While the details will vary at each of our Corporate Clients, myIPSM credentials are typically ‘platform’ specific in that they are bound to a machine or specific user within a corporate environment. To summarize briefly here, most firms use Microsoft’s Active Directory to manage user accounts. myIPSM credentials are typically stored in an employee’s Active Directory profile. That allows the credential to roam with you inside your firm but prevent it from being used outside the firm.  This requires the employees to access SaaS vendors from inside your corporate environment.

Strong Authentication

The terms Strong Authentication and Multi Factor Authentication are often used interchangeably. Strong authentication typically involves something you have and something you know: for example, a token with a revolving number along with a PIN. Multi factor authentication typically involves different types of authentication: a password and a code texted to your phone for example. Depending on a few factors, Pseudo-Nym Managed Credentials can provide strong authentication and also be multi factor.

For strong authentication, the 2048 bit encryption key within a myIPSM credential is considered the something you have. While it can be stored in software or an AD profile and possibly copied, it can also be embedded in a chip on your computer, where the only way to steal the encryption key is to steal the computer. With myIPSM credentials, there are varying degrees of ‘what you have’.  If stored in an AD profile, the credential requires a password to be used. As a result, the password used to access your AD profile is also the something you know to access your myIPSM credential. In other scenarios, a PIN can be required to access your credential.

Combined, the encryption key as something you have along with the PIN as something you know, a myIPSM credentials provides strong authentication.

myIPSM credentials can also support Multi Factor Authentication.  For example, one of our SaaS partners may choose to complement your myIPSM credentials with an out of band authenticator. When you logon, either the first time or possibly every time, they may want an additional confirmation of your identity before granting access. To do that, they may require another credential, such as a text to your phone. That is their perogative and may be dependent on the services they offer and associated risk.  myIPSM credentials support this additional check, enabling Multi Factor Authentication.

By themselves, myIPSM credentials provide strong authentication by relying on something you have – an encryption key – along with something you know – an associated password. Your SaaS providers may also require Multi Factor Authentication.  Our solution supports both.