AUTHENTIFIERS. Authentify Authentication Factors for Constructing Flexible Multi-Factor Authentication Processes

Similar documents
Out-Of-Band Authentication Using a Real-time, Multi-factor Service Model

Authentication Levels. White Paper April 23, 2014

STRONGER AUTHENTICATION for CA SiteMinder

Guide to Evaluating Multi-Factor Authentication Solutions

XYPRO Technology Brief: Stronger User Security with Device-centric Authentication

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

Entrust IdentityGuard

IDRBT Working Paper No. 11 Authentication factors for Internet banking

Swivel Multi-factor Authentication

Multi-Factor Authentication of Online Transactions

ProtectID. for Financial Services

ADDING STRONGER AUTHENTICATION for VPN Access Control

Improving Online Security with Strong, Personalized User Authentication

How CA Arcot Solutions Protect Against Internet Threats

Strong Authentication for Secure VPN Access

WHITE PAPER Usher Mobile Identity Platform

Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment

KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS

Secure Your Enterprise with Usher Mobile Identity

Two-Factor Authentication over Mobile: Simplifying Security and Authentication

Multi-Factor Authentication Core User Policy and Procedures

IDENTITY & ACCESS. BYOD and Mobile Security Seizing Opportunities, Eliminating Risks in a Dynamic Landscape

A brief on Two-Factor Authentication

How Secure is your Authentication Technology?

The PortalGuard All-In-One Authentication Solution-set: A Comparison Guide of Two-Factor Capabilities vs. the Competition

The Convergence of IT Security and Physical Access Control

The Convergence of IT Security and Physical Access Control

Two Factor Authentication (TFA; 2FA) is a security process in which two methods of authentication are used to verify who you are.

Trust Elevation Using Risk-Based Multifactor Authentication. Cathy Tilton

Step 1. Step 2. Open your browser and go to and you will be presented a logon screen show below.

Adding Stronger Authentication to your Portal and Cloud Apps

Hitachi ID Password Manager Telephony Integration

Alternative authentication what does it really provide?

Security in an Increasingly Threatened World. SMS: A better way of doing Two Factor Authentication (2FA)

Building Secure Multi-Factor Authentication

IDENTITY MANAGEMENT. February The Government of the Hong Kong Special Administrative Region

Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access

Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard

EVALUATION GUIDE. Evaluating a Self-Service Password Reset Tool. Usability. The password reality

Out-of-Band Multi-Factor Authentication Cloud Services Whitepaper

MODERN THREATS DRIVE DEMAND FOR NEW GENERATION MULTI-FACTOR AUTHENTICATION

2 factor + 2. Authentication. way

SOLUTION BRIEF CA ADVANCED AUTHENTICATION. How can I provide effective authentication for employees in a convenient and cost-effective manner?

Establishing two-factor authentication with Barracuda NG Firewall and HOTPin authentication server from Celestix Networks

The Authentication Revolution: Phones Become the Leading Multi-Factor Authentication Device

Executive Summary P 1. ActivIdentity

Powering Security and Easy Authentication in a Multi-Channel World

White Paper 2 Factor + 2 Way Authentication to Criminal Justice Information Services. Table of Contents. 1. Two Factor and CJIS

Hard vs. Soft Tokens Making the Right Choice for Security

Multi-Factor Authentication for your Analytics Implementation. Siamak Ziraknejad VP, Product Management

Self-Service, Anywhere

Two-Factor Authentication and Swivel

Two Factor Authentication and PKI Token (for Windows)

Securing Virtual Desktop Infrastructures with Strong Authentication

Protecting Online Customers from Man-inthe-Browser and Man-in-the-Middle Attacks

FFIEC CONSUMER GUIDANCE

IDENTITY & ACCESS. Providing Cost-Effective Strong Authentication in the Cloud. a brief for cloud service providers

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

Flexible Identity. OTP software tokens guide. Multi-Factor Authentication. version 1.0

Whitepaper on AuthShield Two Factor Authentication with ERP Applications

Software Token Security & Provisioning: Innovation Galore!

API-Security Gateway Dirk Krafzig

Multi-Factor Authentication FAQs

Establishing two-factor authentication with Cyberoam UTM appliances and HOTPin authentication server from Celestix Networks

Transitioning to Push Authentication

Jim Bray, Cyber Security Adviser InfoSight, Inc.

Authentication Solutions. Versatile And Innovative Authentication Solutions To Secure And Enable Your Business

Voice Authentication On-Demand: Your Voice as Your Key

ADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief

Beyond passwords: Protect the mobile enterprise with smarter security solutions

Electronic Questionnaires for Investigations Processing (e-qip)

Modern two-factor authentication: Easy. Affordable. Secure.

International Journal of Software and Web Sciences (IJSWS)

Achieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER

Business Online Banking Quick Users Guide

Biometrics and Cyber Security

How Secure is Authentication?

Two-factor Authentication

HARDENED MULTI-FACTOR AUTHENTICATION INCREASES ENTERPRISE PC SECURITY

Contents. Cbeyond Communicator for Mobile (ios) extends TotalCloud Phone System (TCPS) calling capabilities to an iphone.

Acano Solution. Acano OS X Apps1.8 (build ) Release Notes. 19 November B

EasiShare Whitepaper - Empowering Your Mobile Workforce

Mobile Banking. Secure Banking on the Go. Matt Hillary, Director of Information Security, MX

Reviewer Guide Core Functionality

Centrify Cloud Connector Deployment Guide

How to reduce the cost and complexity of two factor authentication

Transcription:

AUTHENTIFIERS Authentify Authentication Factors for Constructing Flexible Multi-Factor Authentication Processes

Authentify delivers intuitive and consistent authentication technology for use with smartphones, smartphone app end points, tablets, feature mobile phones, landlines and even desktop apps. No matter what the technology profile of your end users entails, Authentify can help you implement a consistent and intuitive authentication process to help you be certain you know who is on your website or in your network. No users are left out or behind. The service is flexible to meet your requirements, not impose rigid requirements on you or your users. The following list details the functional authentication factors or authentifiers that can be used in an Authentify-enabled authentication process. These authentication factors, much like Lego building blocks, can be combined in different ways and offer different authentication strengths. These authentication factors can be assembled one way to mimic an existing manual process while a different ordering can be used to develop a new login or other online authentication flow for your organization. The description of each authentifier is short and the security level or functionality to which it contributes is not necessarily limited to those described in this document. Authentify s approach permits considerable flexibility in designing and interfacing your existing applications to an Authentify powered authentication process. The Authentify xfa platform supports authentication via a mobile app, or a mobile SDK interface through your own mobile app. Some components available via the xfa app infrastructure are not available in work flows via standard land line or feature mobile phones. APPLICATION ELEMENT FUNCTIONALITY SECURITY LEVEL WHAT DOES THIS ADD TO AN AUTHENTICATION PROCESS? Automated Outbound Two-Factor Authentication Phone Call An outbound voice channel call, synchronized to a network or web session for two-factor authentication. In a registration application, the call confirms that a valid phone number has been entered or is on file for the user. Call must be answered for a process to continue. In login situations, the telephone serves as a proxy for a security token or other credential a two-factor authentication process. Voice channel OOBA or xfa app Keypad Entry of a Digit or # Sign Liveness test or CAPTCHA. Requiring a keystroke ensures a human has been reached vs. a bot or answering machine.

Confirmation Code Exchange via DTMF (Telephone keypad entry) DTMF = dual tone multi-frequency. Displays a number on the web screen that must be entered via telephone keypad in the phone. Confirms that the person, computer and phone are all in the same place at the same time. Can also be used to meet two-factor authentication requiring a PIN/OTP for successful login.. Confirmation Code Exchange via Voice Displays a number on the web screen that must be spoken into the telephone. Confirms that the person, computer and phone are all in the same place at the same time. Requires the use of speech recognition. If a user population is not used to repeating things naturally, DTMF may be a better option. Voice Recording Capture Application prompts person to speak an agreed upon word, phrase such as I authorize this transaction or their name, or both. N/A Useful as an e-signature. When a person says the words I agree to these terms there can be little doubt they understood what they were doing. Also useful as a cyberthreat deterrent. Site hackers do not want to be personally connected to their online identities if it can be avoided. A voice recording can be used to link a person in the real world to their online identity. Speech Recognition If a voice recording is used, speech recognition can be employed to ensure that the correct phrase has been spoken. It may be desirable to have the user speak the confirmation code vs. keying it in on the telephone keypad. Speech recognition ensures the string has been spoken correctly. Adds stronger support for agreeing to use of a web site, network, etc. Text to Speech Message Delivered to User often used for audio transaction verification. Text to speech will receive a text string from a server and convert it to spoken words delivered to the user via telephone. This is useful to defeat man-in-the middle attacks. A user can receive a call that confirms an account and an amount involved in a transaction. If the account numbers and amounts do not match what was typed into the computer / web portal, the transaction can be cancelled. A man in the middle can not intercept the out-ofband transmission.

SMS Text Message Delivered to Mobile Phone An SMS, (short message service) message can be sent instead of an audio telephone call. Useful for PIN delivery, transaction confirmation, account alerts etc. Useful for user populations unaccustomed to reading and speaking a string. Data Channel OOBA or xfa app Voice Biometrics Voice signature capture, used for high security. A returning user must possess the correct voice to make use of a biometrically enabled application. Ensures that a returning user is the same user who enrolled originally. May permit access to high security applications or financial transactions based on high certainty the user is the legitimate account owner. Can be used in lieu of security tokens or manual phone calls placed to confirm users ID. Multiple Telephone Calls Used to reach a single user multiple times or different users for dual account control. Can be used to confirm possession and control of a phone, or the ability of a person to be reached through a switchboard vs. a direct line or vice versa. Can be used to call a 3rd party to the transaction, controlled by business rules on the customer server side for dual account control. Shared Secret Challenge Response via - Voice Channel Requires Speech Recognition. Requires user to speak a string already on file. A shared secret favorite movie, secret word, secondary pass phrase etc. Used to add security to an application, or perhaps used for a password or PIN replacement application. Instead of typing a maiden name or other secret, user is required to speak a previously agreed upon shared secret. - xfa App Endpoint xfa app end point allows GUI display and multiple choice KBA questions with one touch answers PIN Password (PW) Delivery Text to speech engine will read a string to the user on the other end of the phone. Used for PIN replacement or delivery applications, PW reset applications. Data Channel xfa app SMS / Data Mobile Channel 2-Way Authentication Playback for Mutual Authentication Application stores a word or pass phrase that has been recorded by the user on a previous visit, and plays it back to them over the phone on a later visit. Offers a simple way to put end users at ease that they are not on a pharming site. The website has both the ability to phone the user, and play back a recording only the website can have. Removes risk of compromised information.

Audit Trail Reporting (included in all use cases) Transaction records from Authentify telephony and web servers in downloadable format tied to web sessions. N/A Audit reports include the transaction record tied to user ID and telephone, timestamps from the Internet and telephone network, voice recordings, etc. Provices an audit trail of a transaction involving Authentify in digital format. Authentify Risk & Reliability Scoring (ARRS) Behind the scenes analysis of the data that can be associated with a telephone number, including a provisioning indication such as cellular versus landline, call forwarding, and other data. Useful when accepting a net new registration or when there is concern about who is associated with a particular phone number. The ARRS is used for verification that a call is being placed to a phone that can be traced to a particular user. Indications include cellular versus land line provisioning, prison phone, business phone indication, geographic proximity of an area code and exchange combination relative to a ZIP code, reverse look-up billing name and address information, indication of the age of the billing relationship between the user and the phone company. There are wide variations in availability of phone records on an international basis. ARRS should be discussed with your Authentify representative for validity in your particular area of interest. Features below are exclusive to the Authentify xfa mobile multi-factor authentication service with an app end-point downloaded to a smartphone, tablet or desktop. Via an SDK, these functions can be used via your own mobile app. PKI Digital Certificate A digital certificate is a form of credential allowing one device or computer to identify and authenticate to another device or computer. The digital certificate places a strong authentifier directly on the user s smart device and limits access to an account from that device. Imposters cannot login from a device without the appropriate digital certificate. QR Code Scan (option) A simple way to trigger the presentment of a digital certificate for one-touch login. Enables one-touch login without requiring typing. Gesture or Pattern Swipe Instead of a PIN or PW, and end user can trace a gesture or pattern swipe to login to xfa or onto an account protected by xfa. Often referred to as a behavioral biometric, or a kinesthetic. An additional authentication form factor that can easily be added that does not require typing. Voice Biometric Individual copies of the xfa app are registered with Authentify using a voice biometric. The combination of biometric and digital certificate is extremely difficult to spoof and ensures the same user and same device are in use. Very The use of a voice biometric welds an authentication factor unique to the individual to an authentication factor unique to the device. One is invalid without the other. The voice biometric, stored by Authentify in the cloud, also offers a legitimate user a soft landing to recovery if their smart device is lost or stolen.

Secure Messaging PKI digital certificates enable the exchange of encrypted information via the data channel between the end user and the enterprise. Secure messaging can be used instead of SMS text messages to deliver PINs and OTPs in a secure fashion, or provide transaction details for further approval. Knowledge Based Authentication (KBA) A Q&A exchange that only the end user should be able to answer without difficulty can be presented via multiple choice. Registration processes and recovery processes can be strengthened through the use of KBA. KBA is not device dependent and may be used if a device is lost or stolen. Transaction Verification Display transaction details for one-touch cancellation or approval via a GUI, GUI, Secure Message or QR code scan. Transaction verification adds defenses against man-in-the-middle attacks. Fingerprint On devices capable of supporting fingerprints, (Galaxy S5 and higher, iphone6 and higher) fingerprint authentication can be required. Spoofing a fingerprint requires access to the end user, access to the end user s phone and a means to copy and create a fingerprint. While spoofing a fingerprint is possible, it is not possible to launch large scale attacks against fingerprint protected phones. NFC Near field communication (NFC) capability requires the end user to hold their device near an NFC-enabled target such as a credit card or other credential. Another mechanism for demonstrating that a second or third factor of authentication is in the user s possession. They authenticate to an enterprise with digital certificate, voice, fingerprint and to conclude a transaction are asked to hold their NFC enabled credit card near their phone. AUTHENTIFY S SERVICES ARE DEPENDABLE Authentify revolutionized the authentication space by introducing phone-based two-factor authentication to security practitioners in 2001. Since that introduction, phone-based two-factor authentication has become a global standard. Authentify has the experience and the vision to protect your networks, data and user accounts from hackers and imposters. No other vendor has the experience solving the difficult authentication challenges first or offers a spectrum of authentication factors as broad and flexible as those available from Authentify. STRONG AUTHENTICATION Authentify deployed its first biometric application in 2004, and its first authentication app for smart devices in 2011. The combination of available biometrics and advanced smart technologies can be flexibly combined to thwart skilled hackers and cyber-criminals, even when they have acquired valid usernames, passwords, and email accounts.

SOFT LANDINGS / SECURE RECOVERY As with any authentication scheme the end user is always the weakest link. If something they have is a personal device in a BYOD authentication scheme, they can be counted on to lose or forget it from time to time. Authentify s cloud-based services enable soft landings and easy secure recovery when devices or account login information have been lost or stolen. RAPID DEPLOYMENT / RAPID REACTION TIME The cyberthreat threat landscape is constantly changing. As threat levels increase, additional authentication strength can be deployed quickly using a single interface and consistent UX for the end user. Your ability to react to new threats is significantly enhanced with Authentify services. For more information visit www.authentify.com Authentify, Inc. 8745 W. Higgins Rd., Suite 240, Chicago, IL 60631 +1.773.243.0300 info@authentify.com www.authentify.com 2015 Authentify, Inc. All rights reserved. Authentify is trademark of Authentify, Inc. Authentify technology is protected by a number of US and international patents and patents pending. For more information, visit the patent information page on the Authentify website.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information