BehavioSec participation in the DARPA AA Phase 2

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "BehavioSec participation in the DARPA AA Phase 2"

Transcription

1 BehavioSec participation in the DARPA AA Phase 2 A case study of Behaviometrics authentication for mobile devices Distribution Statement A (Approved for Public Release, Distribution Unlimited) 1

2 This paper is an overview about BehavioSec s participation in DARPA s Active Authentication Program Phase 2 in 2013/

3 Contents Introduction... 4 DARPA s Active Authentication Program... 5 DARPA s Active Authentication Program Phase Trust Metrics... 6 DARPA s Active Authentication Program Phase Keyboard/keystroke... 7 Touch... 7 Work packages... 8 Working with CAC card

4 Introduction The word Behaviometrics derives from the terms behavioral and biometrics. Behavioral refers to the way a human person behaves and biometrics, in an information security context, refers to technologies and methods that measure and analyzes biological characteristics of the human body for authentication purposes; for example fingerprints, eye retina and voice patterns. In other words Behaviometrics, or behavioral biometrics, is a measurable behavior, used to recognize or verify the identity of a person. Behaviometrics focus on behavioral patterns rather than physical attributes. After a user is verified with traditional security techniques, such as passwords, Behaviometrics can enhance the protection even after the user has logged in. It can continuously monitor the user during the whole working session to create an ongoing authentication process. A biometric authentication system can check if a user is accepted into a system. If a user is accepted that should not be, it is called a false accept. If a user that should be accepted is not, it is called a false reject. The ratio between users that falsely attempts to enter and users falsely accepted, is called false accept rate (FAR). While the ratio between correct users being accepted and rejected is called false reject rate (FRR). A behavioral continuous authentication system uses a set of behavioral traits to calculate a similarity ratio between the current user s behavior and the expected. The similarity can be combined with a threshold, so that if the similarity drops below the set threshold, the user will be detected as an imposter. 4

5 DARPA s Active Authentication Program The current standard method for validating a user s identity for authentication on an information system requires humans to do something that is inherently unnatural: create, remember, and manage long, complex passwords. Moreover, as long as the session remains active, typical systems incorporate no mechanisms to verify that the user originally authenticated is the user still in control of the keyboard. Thus unauthorized individuals may improperly obtain extended access to information system resources if a password is compromised or if a user does not exercise adequate vigilance after initially authenticating at the console. The Active Authentication program seeks to address this problem by developing novel ways of validating the identity of the person at the console that focus on the unique aspects of the individual through the use of software based biometrics. Biometrics is defined as the characteristics used to uniquely recognize humans based on one or more intrinsic physical or behavioral traits. This program focuses on the behavioral traits that can be observed through how we interact with the world. Just as when you touch something your finger you leave behind a fingerprint, when you interact with technology you do so in a pattern based on how your mind processes information, leaving behind a cognitive fingerprint. The first phase of the program will focus on researching biometrics that do not require the installation of additional hardware sensors, rather the program will look for research on biometrics that can be captured through the technology we already use looking for aspects of this cognitive fingerprint. These could include, for example, how the user handles the mouse and how the user crafts written language in an or document. A heavy emphasis will be placed on validating any potential new biometrics with empirical tests to ensure they would be effective in large scale deployments. The later phases of the program will focus on developing a solution that integrates any available biometrics using a new authentication platform suitable for deployment on a standard a Department of Defense desktop or laptop. The combinatorial approach of using multiple modalities for continuous user identification and authentication is expected to deliver a system that is accurate, robust, and transparent to the user s normal computing experience. [1] [1] 5

6 DARPA s Active Authentication Program Phase 1 In phase one we used the behavioral data of 100 voluntary users for 3 months on standard windows office PCs, to extend current biometrical measurement definitions to better fit the unique characteristics of continuous behaviometrics. We sampled the following modalities: Fig 1. Modalities Trust Metrics To use the behavior of users for continuous authentication we decided to develop the concept of Trust. The trust is defined by Biometric systems have been defined by the US National Institute of Standards and Technology (NIST) as systems exploiting automated methods of recognizing a person based on physiological or behavioral characteristics 6

7 DARPA s Active Authentication Program Phase 2 Keyboard/keystroke We are looking for how a person is typing, not what a person is typing. We use keystroke dynamics (press, flight and sequence) and combine this with pressure, accelerometer and gyro information as well as the position of the touch on the pressed key. Touch For touch gestures we use all the available modalities of the touch, like distance and time travelled, as well as the points when entering or leaving measurement points together with the pressure. Start Stop 7

8 Work packages WP 2 Continuous Trust on Mobile Devices Realize a Continuous Authentication for mobile devices with our Trust Metrics from Phase 1 using: Keystroke dynamics Pressure Touch Gestures Accelerometer Gyro GPS WP 3 Differences of keystroke on mobile and desktop We study the possibility of reusing the information from profiles between desktop and mobile devices We compare the reliability of an user authentication for self-chosen vs. predetermined passwords WP 4 USMA metrics We plan to present different metric s according to the USMA metrics based on our data (FTE, FTA, FAR, FRR, EER, MTTE, MTTD, ROC) WP 5 Open Data Format We plan to propose an Open Data Format for interoperability for behaviometric data for keystroke dynamics, mouse movements, application usage and mobile modalities like Keystroke position, Pressure, Touch, Gyro, Accelerometer and GPS. WP 6 Gesture Based Input Model gestures to be used for authentication Fusion of gestures into our continuous trust system Stability of Predetermined and self-chosen gestures WP 7 PIN entry on mobile devices We are using data from anonymous users 4-8 digit pin to generate statistically significant results for user authentication. Differences between self-chosen and random PIN Results from gathered data will be presented showing the stability of user behavior for self-chosen and random PIN. Working with CAC card To show the possibility of tying a user to an issued credential, we intend to research, how this can be done on mobile devices using standard CAC card with NFC. 8

9 A temporary behavioral profile on the mobile would be generated This would be signed with the CAC card via NFC and encrypted using a supplied server key Send to server The server is decrypting the profile and checking the signature The server polls the user profile from the database, based on user signature The temporary profile of the user would be compared and based on the results a score trust value will be reported Workflow Temporary profile Secured with user specific CAC card Poll user profile, based on user credentials Compare to profile and maintain trust value 9

10 For more information please contact sales at BehavioSec, Jakobs torg 3, SE Stockholm, Sweden 10

Detecting Credit Card Fraud

Detecting Credit Card Fraud Case Study Detecting Credit Card Fraud Analysis of Behaviometrics in an online Payment environment Introduction BehavioSec have been conducting tests on Behaviometrics stemming from card payments within

More information

This method looks at the patterns found on a fingertip. Patterns are made by the lines on the tip of the finger.

This method looks at the patterns found on a fingertip. Patterns are made by the lines on the tip of the finger. According to the SysAdmin, Audit, Network, Security Institute (SANS), authentication problems are among the top twenty critical Internet security vulnerabilities. These problems arise from the use of basic

More information

User Authentication Methods for Mobile Systems Dr Steven Furnell

User Authentication Methods for Mobile Systems Dr Steven Furnell User Authentication Methods for Mobile Systems Dr Steven Furnell Network Research Group University of Plymouth United Kingdom Overview The rise of mobility and the need for user authentication A survey

More information

Personal Identification Techniques Based on Operational Habit of Cellular Phone

Personal Identification Techniques Based on Operational Habit of Cellular Phone Proceedings of the International Multiconference on Computer Science and Information Technology pp. 459 465 ISSN 1896-7094 c 2006 PIPS Personal Identification Techniques Based on Operational Habit of Cellular

More information

KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS

KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS Plurilock Security Solutions Inc. www.plurilock.com info@plurilock.com 2 H IGHLIGHTS: PluriPass is Plurilock static keystroke dynamic biometric

More information

Biometrics is the use of physiological and/or behavioral characteristics to recognize or verify the identity of individuals through automated means.

Biometrics is the use of physiological and/or behavioral characteristics to recognize or verify the identity of individuals through automated means. Definition Biometrics is the use of physiological and/or behavioral characteristics to recognize or verify the identity of individuals through automated means. Description Physiological biometrics is based

More information

DARPA ACTIVE AUTHENTICATION PROGRAM: BEHAVIORAL BIOMETRICS

DARPA ACTIVE AUTHENTICATION PROGRAM: BEHAVIORAL BIOMETRICS DARPA ACTIVE AUTHENTICATION PROGRAM: BEHAVIORAL BIOMETRICS Dr Neil Costigan BehavioSec Ingo Deutschmann BehavioSec Session ID: SEC-105 Session Classification: Intermediate Overview DARPA s Active Authentication

More information

Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and

Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and procedures to govern who has access to electronic protected

More information

NFC & Biometrics. Christophe Rosenberger

NFC & Biometrics. Christophe Rosenberger NFC & Biometrics Christophe Rosenberger OUTLINE GREYC - E-payment & Biometrics Contactless transactions Biometric authentication Solutions Perspectives 2 GREYC Research Lab Research Group in Computer science,

More information

Authentication Solutions Through Keystroke Dynamics

Authentication Solutions Through Keystroke Dynamics Objective: The objective of this paper is to provide a basic understanding of the biometric science of keystroke dynamics, and how BioPassword is using keystroke dynamics technology to deliver enterprise

More information

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 10 Authentication and Account Management

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 10 Authentication and Account Management Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 10 Authentication and Account Management Objectives Describe the three types of authentication credentials Explain what single sign-on

More information

Role of Multi-biometrics in Usable Multi- Factor Authentication

Role of Multi-biometrics in Usable Multi- Factor Authentication Role of Multi-biometrics in Usable Multi- Factor Authentication Dr. Nalini K Ratha* IBM T.J. Watson Research Center Yorktown Heights, NY 10598 ratha@us.ibm.com *: In collaboration with colleagues from

More information

Device-Centric Authentication and WebCrypto

Device-Centric Authentication and WebCrypto Device-Centric Authentication and WebCrypto Dirk Balfanz, Google, balfanz@google.com A Position Paper for the W3C Workshop on Web Cryptography Next Steps Device-Centric Authentication We believe that the

More information

Encryption as a Cloud Service provides the lowest TCO

Encryption as a Cloud Service provides the lowest TCO Encryption as a Cloud Service provides the lowest TCO Alertsec offer Full Disk Encryption at half the total cost of ownership of on-premise solutions Contents Executive Summary... 3 The Costs of Encryption...

More information

HIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics

HIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics HIPAA Security S E R I E S Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical

More information

User Authentication using Combination of Behavioral Biometrics over the Touchpad acting like Touch screen of Mobile Device

User Authentication using Combination of Behavioral Biometrics over the Touchpad acting like Touch screen of Mobile Device 2008 International Conference on Computer and Electrical Engineering User Authentication using Combination of Behavioral Biometrics over the Touchpad acting like Touch screen of Mobile Device Hataichanok

More information

SCB Access Single Sign-On PC Secure Logon

SCB Access Single Sign-On PC Secure Logon SCB Access Single Sign-On PC Secure Logon Manage all your passwords One smart card to access all your applications past & future Multi-factor authentication Dramatically increase your security Save $150

More information

IDRBT Working Paper No. 11 Authentication factors for Internet banking

IDRBT Working Paper No. 11 Authentication factors for Internet banking IDRBT Working Paper No. 11 Authentication factors for Internet banking M V N K Prasad and S Ganesh Kumar ABSTRACT The all pervasive and continued growth being provided by technology coupled with the increased

More information

PHIN Systems Security and Two Factor Authentication. Raja Kailar, Ph.D. Senior Security Consultant, IRMO/CDC rok9@cdc.gov, kailar@bnetal.

PHIN Systems Security and Two Factor Authentication. Raja Kailar, Ph.D. Senior Security Consultant, IRMO/CDC rok9@cdc.gov, kailar@bnetal. PHIN Systems Security and Two Factor Authentication Raja Kailar, Ph.D. Senior Security Consultant, IRMO/CDC rok9@cdc.gov, kailar@bnetal.com Problem Description PHIN Collaborating partners, sharing public

More information

AUTHENTIFIERS. Authentify Authentication Factors for Constructing Flexible Multi-Factor Authentication Processes

AUTHENTIFIERS. Authentify Authentication Factors for Constructing Flexible Multi-Factor Authentication Processes AUTHENTIFIERS Authentify Authentication Factors for Constructing Flexible Multi-Factor Authentication Processes Authentify delivers intuitive and consistent authentication technology for use with smartphones,

More information

Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard

Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands Ian Wills Country Manager, Entrust Datacard WHO IS ENTRUST DATACARD? 2 Entrust DataCard Datacard Corporation. Corporation.

More information

A Behavioral Biometric Approach Based on Standardized Resolution in Mouse Dynamics

A Behavioral Biometric Approach Based on Standardized Resolution in Mouse Dynamics 370 IJCSNS International Journal of Computer Science and Network Security, VOL.9 No.4, April 2009 A Behavioral Biometric Approach Based on Standardized Resolution in Mouse Dynamics S.Benson Edwin Raj Assistant

More information

Dynamic Query Updation for User Authentication in cloud Environment

Dynamic Query Updation for User Authentication in cloud Environment Dynamic Query Updation for User Authentication in cloud Environment Gaurav Shrivastava 1, Dr. S. Prabakaran 2 1 Research Scholar, Department of Computer Science, SRM University, Kattankulathur, Tamilnadu,

More information

The Benefits of an Industry Standard Platform for Enterprise Sign-On

The Benefits of an Industry Standard Platform for Enterprise Sign-On white paper The Benefits of an Industry Standard Platform for Enterprise Sign-On The need for scalable solutions to the growing concerns about enterprise security and regulatory compliance can be addressed

More information

Start Here. P5100 Fingerprint Reader. Quick Installation Guide. Verifi. IMPORTANT. This installation manual is for Windows 8.1.

Start Here. P5100 Fingerprint Reader. Quick Installation Guide. Verifi. IMPORTANT. This installation manual is for Windows 8.1. Verifi P5100 Fingerprint Reader with ROBOFORM PASSWORD MANAGER STARTER Start Here IMPORTANT. This installation manual is for Windows 8.1 Quick Installation Guide Windows Logon About the Reader Proper Use

More information

ecommerce Stages of Authentication Dynamic Factor Authentication

ecommerce Stages of Authentication Dynamic Factor Authentication ecommerce Stages of Authentication Dynamic Factor Authentication Card Data, name & Password MagnePrint Score card swipe Password Name Hardware authentication Mutual device authentication Single factor

More information

Biometric Authentication using Online Signature

Biometric Authentication using Online Signature University of Trento Department of Mathematics Outline Introduction An example of authentication scheme Performance analysis and possible improvements Outline Introduction An example of authentication

More information

Start Here. P5100 Fingerprint Reader. Quick Installation Guide. Verifi. IMPORTANT. This product must be used with Windows 7 or 8.

Start Here. P5100 Fingerprint Reader. Quick Installation Guide. Verifi. IMPORTANT. This product must be used with Windows 7 or 8. Verifi P5100 Fingerprint Reader with ROBOFORM PASSWORD MANAGER STARTER Start Here IMPORTANT. This product must be used with Windows 7 or 8. Quick Installation Guide Windows Logon About the Reader Proper

More information

Application-Specific Biometric Templates

Application-Specific Biometric Templates Application-Specific Biometric s Michael Braithwaite, Ulf Cahn von Seelen, James Cambier, John Daugman, Randy Glass, Russ Moore, Ian Scott, Iridian Technologies Inc. Introduction Biometric technologies

More information

Alternative authentication what does it really provide?

Alternative authentication what does it really provide? Alternative authentication what does it really provide? Steve Pannifer Consult Hyperion Tweed House 12 The Mount Guildford GU2 4HN UK steve.pannifer@chyp.com Abstract In recent years many new technologies

More information

XYPRO Technology Brief: Stronger User Security with Device-centric Authentication

XYPRO Technology Brief: Stronger User Security with Device-centric Authentication Ken Scudder Senior Director Business Development & Strategic Alliances XYPRO Technology Talbot A. Harty CEO DeviceAuthority XYPRO Technology Brief: Stronger User Security with Device-centric Authentication

More information

An Analysis of Keystroke Dynamics Use in User Authentication

An Analysis of Keystroke Dynamics Use in User Authentication An Analysis of Keystroke Dynamics Use in User Authentication Sam Hyland (0053677) Last Revised: April 7, 2004 Prepared For: Software Engineering 4C03 Introduction Authentication is an important factor

More information

Secure communications via IdentaDefense

Secure communications via IdentaDefense Secure communications via IdentaDefense How vulnerable is sensitive data? Communication is the least secure area of digital information. The many benefits of sending information electronically in a digital

More information

IDENTITY-AS-A-SERVICE IN A MOBILE WORLD. Cloud Management of Multi-Modal Biometrics

IDENTITY-AS-A-SERVICE IN A MOBILE WORLD. Cloud Management of Multi-Modal Biometrics IDENTITY-AS-A-SERVICE IN A MOBILE WORLD Cloud Management of Multi-Modal Biometrics ImageWare Systems, Inc. Headquarters in San Diego, CA Offices worldwide (US, Canada, Germany, Mexico) Over 15 years of

More information

CSC 474 -- Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity

CSC 474 -- Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity CSC 474 -- Network Security Topic 6.2 User Authentication CSC 474 Dr. Peng Ning 1 User Authentication Basics CSC 474 Dr. Peng Ning 2 Authentication and Identity What is identity? which characteristics

More information

Continuous Biometric User Authentication in Online Examinations

Continuous Biometric User Authentication in Online Examinations 2010 Seventh International Conference on Information Technology Continuous Biometric User Authentication in Online Examinations Eric Flior, Kazimierz Kowalski Department of Computer Science, California

More information

Is the Device User the Device Owner? A paper prepared for Biometrics UnPlugged: Mobility Rules Executive Summit - Tampa Monday, September 16, 2013

Is the Device User the Device Owner? A paper prepared for Biometrics UnPlugged: Mobility Rules Executive Summit - Tampa Monday, September 16, 2013 Is the Device User the Device Owner? A paper prepared for Biometrics UnPlugged: Mobility Rules Executive Summit - Tampa Monday, September 16, 2013 Rod Beatson President, Transaction Security, Inc. Rod.Beatson@crypto-sign.com

More information

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11) Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11) Executive Summary...3 Background...4 Internet Growth in the Pharmaceutical Industries...4 The Need for Security...4

More information

Assignment 1 Biometric authentication

Assignment 1 Biometric authentication Assignment 1 Biometric authentication Internet Security and Privacy Alexandre Fustier Vincent Burger INTRODUCTION:...3 I. TYPES AND DESCRIPTION OF BIOMETRICS...4 1. PHYSIOLOGICAL BIOMETRIC...4 a. Fingerprints...4

More information

International Journal of Innovative Research in Computer and Communication Engineering

International Journal of Innovative Research in Computer and Communication Engineering Authentication System for Online Banking Application by Using Keystroke Dynamic on Android Phones Dnyaneshwari S. Dhundad, Prof. D. N. Rewadkar Post Graduate Student, Dept. of Computer Engineering, RMD

More information

Behavioral biometrics fordarpa's active authentication program

Behavioral biometrics fordarpa's active authentication program Behavioral biometrics fordarpa's active authentication program Ingo Deutschmann, Johan Lindholm Research &Development Behaviometrics AB AurorumScience Park8 SE-977 75 Lulea ideutschmann@behaviosec.com,

More information

Knowledge Based Authentication (KBA) Metrics

Knowledge Based Authentication (KBA) Metrics Knowledge Based Authentication (KBA) Metrics Santosh Chokhani, Ph.D. February, 2004 Background Model for KBA Issues and Considerations Practical Usage of KBA Metrics for KBA Applicability to U.S. Government

More information

Guide to Evaluating Multi-Factor Authentication Solutions

Guide to Evaluating Multi-Factor Authentication Solutions Guide to Evaluating Multi-Factor Authentication Solutions PhoneFactor, Inc. 7301 West 129th Street Overland Park, KS 66213 1-877-No-Token / 1-877-668-6536 www.phonefactor.com Guide to Evaluating Multi-Factor

More information

Advanced Authentication

Advanced Authentication White Paper Advanced Authentication Introduction In this paper: Introduction 1 User Authentication 2 Device Authentication 3 Message Authentication 4 Advanced Authentication 5 Advanced Authentication is

More information

Implementation of Operator Authentication Processes on an Enterprise Level. Mark Heard Eastman Chemical Company

Implementation of Operator Authentication Processes on an Enterprise Level. Mark Heard Eastman Chemical Company Implementation of Operator Authentication Processes on an Enterprise Level Mark Heard Eastman Chemical Company Presenter Mark Heard, Eastman Chemical Company Control System Engineer Experience with several

More information

Biometric Authentication using Online Signatures

Biometric Authentication using Online Signatures Biometric Authentication using Online Signatures Alisher Kholmatov and Berrin Yanikoglu alisher@su.sabanciuniv.edu, berrin@sabanciuniv.edu http://fens.sabanciuniv.edu Sabanci University, Tuzla, Istanbul,

More information

User Behaviour Analytics

User Behaviour Analytics User Behaviour Analytics How do they know its really you? White Paper Sept 2015 Ezmcom Inc. 4701 Patrick Henry Drive BLDG 7, Santa Clara, CA, 95054, US Executive Summary Authentication has traditionally

More information

Digital identity: Toward more convenient, more secure online authentication

Digital identity: Toward more convenient, more secure online authentication Digital identity: Toward more convenient, more secure online authentication For more than four decades, the familiar username/password method has been the basis for authentication when accessing computer-based

More information

PROTECTING SYSTEMS AND DATA PASSWORD ADVICE

PROTECTING SYSTEMS AND DATA PASSWORD ADVICE PROTECTING SYSTEMS AND DATA PASSWORD ADVICE DECEMBER 2012 Disclaimer: Reference to any specific commercial product, process or service by trade name, trademark, manufacturer, or otherwise, does not constitute

More information

Enterprise Single Sign-On City Hospital Cures Password Pain. Stephen Furstenau Operations and Support Director Imprivata, Inc. www.imprivata.

Enterprise Single Sign-On City Hospital Cures Password Pain. Stephen Furstenau Operations and Support Director Imprivata, Inc. www.imprivata. Enterprise Single Sign-On City Hospital Cures Password Pain Stephen Furstenau Operations and Support Director Imprivata, Inc. www.imprivata.com Application Security Most organizations could completely

More information

Enhanced Cloud Security through KFAC

Enhanced Cloud Security through KFAC Enhanced Cloud Security through KFAC Mahesh S Darak, Dr. N. K. Deshmukh Assistant Professor, School of Computational Sciences, S. R. T. M. University, Nanded, Maharashtra, India ABSTRACT: The current era

More information

Measuring Performance in a Biometrics Based Multi-Factor Authentication Dialog. A Nuance Education Paper

Measuring Performance in a Biometrics Based Multi-Factor Authentication Dialog. A Nuance Education Paper Measuring Performance in a Biometrics Based Multi-Factor Authentication Dialog A Nuance Education Paper 2009 Definition of Multi-Factor Authentication Dialog Many automated authentication applications

More information

Multi-Factor Authentication Core User Policy and Procedures

Multi-Factor Authentication Core User Policy and Procedures Multi-Factor Authentication Core User Policy and Procedures Core Users with access to other people s sensitive or restrictive information must use one-time passwords (OTP) generated from approved fobs

More information

Framework for Biometric Enabled Unified Core Banking

Framework for Biometric Enabled Unified Core Banking Proc. of Int. Conf. on Advances in Computer Science and Application Framework for Biometric Enabled Unified Core Banking Manohar M, R Dinesh and Prabhanjan S Research Candidate, Research Supervisor, Faculty

More information

Voice Authentication for ATM Security

Voice Authentication for ATM Security Voice Authentication for ATM Security Rahul R. Sharma Department of Computer Engineering Fr. CRIT, Vashi Navi Mumbai, India rahulrsharma999@gmail.com Abstract: Voice authentication system captures the

More information

WHITE PAPER Usher Mobile Identity Platform

WHITE PAPER Usher Mobile Identity Platform WHITE PAPER Usher Mobile Identity Platform Security Architecture For more information, visit Usher.com info@usher.com Toll Free (US ONLY): 1 888.656.4464 Direct Dial: 703.848.8710 Table of contents Introduction

More information

Security Model in E-government with Biometric based on PKI

Security Model in E-government with Biometric based on PKI Security Model in E-government with Biometric based on PKI Jaafar.TH. Jaafar Institute of Statistical Studies and Research Department of Computer and Information Sciences Cairo, Egypt Nermin Hamza Institute

More information

PTE ACADEMIC www.pearsonpte.com SECURE

PTE ACADEMIC www.pearsonpte.com SECURE PTE ACADEMIC www.pearsonpte.com We believe fair tests should be as secure as possible Cheating is unfair and undermines the efforts of the honest majority. We believe PTE Academic is the most secure test

More information

Mathematical Model Based Total Security System with Qualitative and Quantitative Data of Human

Mathematical Model Based Total Security System with Qualitative and Quantitative Data of Human Int Jr of Mathematics Sciences & Applications Vol3, No1, January-June 2013 Copyright Mind Reader Publications ISSN No: 2230-9888 wwwjournalshubcom Mathematical Model Based Total Security System with Qualitative

More information

Securing e-government Web Portal Access Using Enhanced Two Factor Authentication

Securing e-government Web Portal Access Using Enhanced Two Factor Authentication Securing e-government Web Portal Access Using Enhanced Two Factor Authentication Ahmed Arara 1, El-Bahlul Emhemed Fgee 2, and Hamdi Ahmed Jaber 3 Abstract This paper suggests an advanced two-factor authentication

More information

Two-Factor Authentication and Swivel

Two-Factor Authentication and Swivel Two-Factor Authentication and Swivel Abstract This document looks at why the username and password are no longer sufficient for authentication and how the Swivel Secure authentication platform can provide

More information

FIDO Trust Requirements

FIDO Trust Requirements FIDO Trust Requirements Ijlal Loutfi, Audun Jøsang University of Oslo Mathematics and Natural Sciences Faculty NordSec 2015,Stockholm, Sweden October, 20 th 2015 Working assumption: End Users Platforms

More information

Analysis of Multimodal Biometric Fusion Based Authentication Techniques for Network Security

Analysis of Multimodal Biometric Fusion Based Authentication Techniques for Network Security , pp. 239-246 http://dx.doi.org/10.14257/ijsia.2015.9.4.22 Analysis of Multimodal Biometric Fusion Based Authentication Techniques for Network Security R.Divya #1 and V.Vijayalakshmi #2 #1 Research Scholar,

More information

DriveLock and Windows 7

DriveLock and Windows 7 Why alone is not enough CenterTools Software GmbH 2011 Copyright Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise

More information

Mobile Device Management:

Mobile Device Management: Mobile Device Management: A Risk Discussion for IT Decision Makers Mobile Device Management (MDM) software provides IT organizations with security-relevant capabilities that support the integration of

More information

Learning Objectives. attacks. 2. Describe the common security practices of businesses of

Learning Objectives. attacks. 2. Describe the common security practices of businesses of E-Commerce Security Learning Objectives 1. Document the trends in computer and network security attacks. 2. Describe the common security practices of businesses of all sizes. 3. Understand the basic elements

More information

ACER ProShield. Table of Contents

ACER ProShield. Table of Contents ACER ProShield Table of Contents Revision History... 3 Legal Notices... 4 Executive Summary... 5 Introduction... 5 Protection against unauthorized access... 6 Why ACER ProShield... 7 ACER ProShield...

More information

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication Objectives Define authentication Describe the different types of authentication credentials List and explain the

More information

Spanish Certification Body. Challenges on Biometric Vulnerability Analysis on Fingerprint Devices. New. Technical Manager September 2008

Spanish Certification Body. Challenges on Biometric Vulnerability Analysis on Fingerprint Devices. New. Technical Manager September 2008 Spanish Certification Body New Challenges on Biometric Vulnerability Analysis on Fingerprint Devices Technical Manager September 2008 Contents Introduction: Biometric Technology Security Evaluation New

More information

Managed Portable Security Devices

Managed Portable Security Devices Managed Portable Security Devices www.mxisecurity.com MXI Security leads the way in providing superior managed portable security solutions designed to meet the highest security and privacy standards of

More information

May 2010. For other information please contact:

May 2010. For other information please contact: access control biometrics user guide May 2010 For other information please contact: British Security Industry Association t: 0845 389 3889 f: 0845 389 0761 e: info@bsia.co.uk www.bsia.co.uk Form No. 181.

More information

Signature Verification Why xyzmo offers the leading solution.

Signature Verification Why xyzmo offers the leading solution. Dynamic (Biometric) Signature Verification The signature is the last remnant of the hand-written document in a digital world, and is considered an acceptable and trustworthy means of authenticating all

More information

Alliance AES Key Management

Alliance AES Key Management Alliance AES Key Management Solution Brief www.patownsend.com Patrick Townsend Security Solutions Criteria for selecting a key management solution for the System i Key Management is as important to your

More information

French Justice Portal. Authentication methods and technologies. Page n 1

French Justice Portal. Authentication methods and technologies. Page n 1 French Justice Portal Authentication methods and technologies n 1 Agenda Definitions Authentication methods Risks and threats Comparison Summary Conclusion Appendixes n 2 Identification and authentication

More information

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS WHITEPAPER SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS EXECUTIVE OVERVIEW 2-Factor as a Service (2FaaS) is a 100% cloud-hosted authentication solution that offers flexible security without compromising user

More information

Authentication Levels. White Paper April 23, 2014

Authentication Levels. White Paper April 23, 2014 Summary White Paper April 23, 2014 This document describes levels of authentication that can be utilized for users known and unknown to gain access to applications and solutions. Summary... 1 Description...

More information

TNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is

TNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is 1 2 This slide shows the areas where TCG is developing standards. Each image corresponds to a TCG work group. In order to understand Trusted Network Connect, it s best to look at it in context with the

More information

FFIEC CONSUMER GUIDANCE

FFIEC CONSUMER GUIDANCE FFIEC CONSUMER GUIDANCE Important Facts About Your Account Authentication Online Banking & Multi-factor authentication and layered security are helping assure safe Internet transactions for banks and their

More information

HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER

HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER With technology everywhere we look, the technical safeguards required by HIPAA are extremely important in ensuring that our information

More information

www.rohos.com Two-factor authentication Free portable encryption for USB drive Hardware disk encryption Face recognition logon

www.rohos.com Two-factor authentication Free portable encryption for USB drive Hardware disk encryption Face recognition logon Two-factor authentication Free portable encryption for USB drive Hardware disk encryption Face recognition logon Secure Windows and Mac login by USB key www.rohos.com Rohos Logon Key Secure two-factor

More information

E-Commerce Security and Fraud Protection CHAPTER 9

E-Commerce Security and Fraud Protection CHAPTER 9 E-Commerce Security and Fraud Protection CHAPTER 9 LEARNING OBJECTIVES 1. Understand the importance and scope of security of information systems for EC. 2. Describe the major concepts and terminology of

More information

DA-70702 BIOMETRIC FINGERPRINT READER 2,5" HDD ENCLOSURE User Manual

DA-70702 BIOMETRIC FINGERPRINT READER 2,5 HDD ENCLOSURE User Manual DA-70702 BIOMETRIC FINGERPRINT READER 2,5" HDD ENCLOSURE User Manual System Requirements System Requirements Recommended Pentium II or higher or other compatible machines. Recommended RAM of at least 128

More information

GOALS (2) The goal of this training module is to increase your awareness of HSPD-12 and the corresponding technical standard FIPS 201.

GOALS (2) The goal of this training module is to increase your awareness of HSPD-12 and the corresponding technical standard FIPS 201. PERSONAL IDENTITY VERIFICATION (PIV) OVERVIEW INTRODUCTION (1) Welcome to the Homeland Security Presidential Directive 12 (HSPD-12) Personal Identity Verification (PIV) Overview module, designed to familiarize

More information

MANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE

MANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both.

More information

Biometric Security: Client-Server Systems. Mira LaCous VP Technology & Development BIO-key International, Inc. 651-789-6117 Mira.LaCous@bio-key.

Biometric Security: Client-Server Systems. Mira LaCous VP Technology & Development BIO-key International, Inc. 651-789-6117 Mira.LaCous@bio-key. Biometric Security: Client-Server Systems Mira LaCous VP Technology & Development BIO-key International, Inc. 651-789-6117 Mira.LaCous@bio-key.com The Session Private vs Public / Personal vs Public Forms

More information

ADVANCE AUTHENTICATION TECHNIQUES

ADVANCE AUTHENTICATION TECHNIQUES ADVANCE AUTHENTICATION TECHNIQUES Introduction 1. Computer systems and the information they store and process are valuable resources which need to be protected. With the current trend toward networking,

More information

Security Levels for Web Authentication using Mobile Phones

Security Levels for Web Authentication using Mobile Phones Security Levels for Web Authentication using Mobile Phones Anna Vapen and Nahid Shahmehri Department of computer and information science Linköpings universitet, SE-58183 Linköping, Sweden {annva,nahsh}@ida.liu.se

More information

2. Each server or domain controller requires its own server certificate, DoD Root Certificates and enterprise validator installed.

2. Each server or domain controller requires its own server certificate, DoD Root Certificates and enterprise validator installed. Purpose and Scope The purpose of this policy is to define the roles and responsibilities on implementing the Homeland Security Presidential Directive 12 (HSPD-12) Logical Access Control (LAC) throughout

More information

Authentication Scheme for ATM Based On Biometric K. Kavitha, II-MCA IFET COLLEGE OF ENGINEERING DEPARTMENT OF COMPUTER APPLICATIONS

Authentication Scheme for ATM Based On Biometric K. Kavitha, II-MCA IFET COLLEGE OF ENGINEERING DEPARTMENT OF COMPUTER APPLICATIONS Authentication Scheme for ATM Based On Biometric K. Kavitha, II-MCA IFET COLLEGE OF ENGINEERING DEPARTMENT OF COMPUTER APPLICATIONS ABSTRACT: Biometrics based authentication is a potential candidate to

More information

Powering Security and Easy Authentication in a Multi-Channel World

Powering Security and Easy Authentication in a Multi-Channel World Powering Security and Easy Authentication in a Multi-Channel World Archit Lohokare Global Product Manager IBM Security Systems 1 2012 IBM Corporation IBM Security Systems division is one of the largest

More information

Smart Card in Biometric Authentication

Smart Card in Biometric Authentication Smart Card in Biometric Authentication Željka Požgaj, Ph.D. Faculty of Economics and Business 10000 Zagreb, Trg. J.F. Kennedy-a 6 E-mail: zpozgaj@efzg.hr Ivor Đurinek, Bs.C. 10090 Zagreb, Dvoriček 1 E-mail:

More information

Biometrics and Cyber Security

Biometrics and Cyber Security Biometrics and Cyber Security Key Considerations in Protecting Critical Infrastructure Now and In The Future Conor White, Chief Technology Officer, Daon Copyright Daon, 2009 1 Why is Cyber Security Important

More information

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public

More information

Modern Mobile Resource Management Solutions

Modern Mobile Resource Management Solutions Modern Mobile Resource Management Solutions Because we believe that contractors need differing options to choose from AboutTime created WorkMax. Whether you want On-Premise software or Software served

More information

Human Factors in Information Security

Human Factors in Information Security University of Oslo INF3510 Information Security Spring 2014 Workshop Questions Lecture 2: Security Management, Human Factors in Information Security QUESTION 1 Look at the list of standards in the ISO27000

More information

Biometrics: Advantages for Employee Attendance Verification. InfoTronics, Inc. Farmington Hills, MI

Biometrics: Advantages for Employee Attendance Verification. InfoTronics, Inc. Farmington Hills, MI Biometrics: Advantages for Employee Attendance Verification InfoTronics, Inc. Farmington Hills, MI Biometric technology offers advanced verification for employees in every industry. Because biometric systems

More information

Flexible Identity. Tokenless authenticators guide. Multi-Factor Authentication. version 1.0

Flexible Identity. Tokenless authenticators guide. Multi-Factor Authentication. version 1.0 Flexible Identity Multi-Factor Authentication Tokenless authenticators guide version 1.0 Publication History Date Description Revision 2014.02.07 initial release 1.0 Copyright Orange Business Services

More information

Successful Enterprise Single Sign-on Addressing Deployment Challenges

Successful Enterprise Single Sign-on Addressing Deployment Challenges Successful Enterprise Single Sign-on Addressing Deployment Challenges 2015 Hitachi ID Systems, Inc. All rights reserved. Contents 1 Introduction 1 2 Background: User Problems with Passwords 2 3 Approaches

More information

Electronic Prescribing of Controlled Substances: Establishing a Secure, Auditable Chain of Trust

Electronic Prescribing of Controlled Substances: Establishing a Secure, Auditable Chain of Trust Electronic Prescribing of Controlled Substances: Establishing a Secure, Auditable Chain of Trust Imprivata Confirm ID and the DEA Interim Final Rule on EPCS Technology requirements to comply with the DEA

More information

HIPAA Security Alert

HIPAA Security Alert Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information

More information