KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS

Similar documents
Multi-Factor Authentication of Online Transactions

STRONGER AUTHENTICATION for CA SiteMinder

MODERN THREATS DRIVE DEMAND FOR NEW GENERATION MULTI-FACTOR AUTHENTICATION

Biometrics for Global Web Authentication: an Open Source Java/J2EE-Based Approach

One-Time Password Contingency Access Process

Enhancing Web Application Security

XYPRO Technology Brief: Stronger User Security with Device-centric Authentication

Improving Online Security with Strong, Personalized User Authentication

French Justice Portal. Authentication methods and technologies. Page n 1

Authentication Solutions Through Keystroke Dynamics

Multi-factor authentication

Whitepaper MODERN THREATS DRIVE DEMAND FOR NEW GENERATION TWO-FACTOR AUTHENTICATION

Stop Identity Theft. with Transparent Two-Factor Authentication. e-lock Corporation Sdn Bhd

IDENTITY MANAGEMENT. February The Government of the Hong Kong Special Administrative Region

ADVANCE AUTHENTICATION TECHNIQUES

Strong Authentication for Secure VPN Access

WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY

White Paper 2 Factor + 2 Way Authentication to Criminal Justice Information Services. Table of Contents. 1. Two Factor and CJIS

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 10 Authentication and Account Management

WHITE PAPER Usher Mobile Identity Platform

Layered security in authentication. An effective defense against Phishing and Pharming

Swivel Multi-factor Authentication

Guide to Evaluating Multi-Factor Authentication Solutions

A brief on Two-Factor Authentication

Contextual Authentication: A Multi-factor Approach

Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access

Achieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER

HARDENED MULTI-FACTOR AUTHENTICATION INCREASES ENTERPRISE PC SECURITY

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication

Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment

Biometric SSO Authentication Using Java Enterprise System

AUTHENTIFIERS. Authentify Authentication Factors for Constructing Flexible Multi-Factor Authentication Processes

Device-Centric Authentication and WebCrypto

True Identity solution

solutions Biometrics integration

FIDO Modern Authentication Rolf Lindemann, Nok Nok Labs

1 Introduction Product overview Product description System requirements Software support... 7

Patron Verification and Security The Web OPAC and Beyond. Richard Goerwitz Carleton College

Rational AppScan & Ounce Products

Two-Factor Authentication and Swivel

Glossary of Key Terms

Adding Stronger Authentication to your Portal and Cloud Apps

Enhancing Organizational Security Through the Use of Virtual Smart Cards

Authentication Levels. White Paper April 23, 2014

Dashlane Security Whitepaper

CSC Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity

Chip and PIN: two-factor authentication

Secure Web Access Solution

The Top Web Application Attacks: Are you vulnerable?

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

2 FACTOR + 2. Authentication WAY

Moving to Multi-factor Authentication. Kevin Unthank

ADDING STRONGER AUTHENTICATION for VPN Access Control

Assignment 1 Biometric authentication

White Paper Preventing Man in the Middle Phishing Attacks with Multi-Factor Authentication

Getting Started with StoreGrid Cloud

Dell One Identity Cloud Access Manager How to Develop OpenID Connect Apps

International Journal of Software and Web Sciences (IJSWS)

IDENTITY & ACCESS. BYOD and Mobile Security Seizing Opportunities, Eliminating Risks in a Dynamic Landscape

Securing e-government Web Portal Access Using Enhanced Two Factor Authentication

DIGIPASS Authentication for Sonicwall Aventail SSL VPN

Electronic Prescribing of Controlled Substances: Establishing a Secure, Auditable Chain of Trust

DIGIPASS Authentication for SonicWALL SSL-VPN

Mobile Identity: Improved Cybersecurity, Easier to Use and Manage than Passwords. Mika Devonshire Associate Product Manager

An Enhanced Countermeasure Technique for Deceptive Phishing Attack

IDRBT Working Paper No. 11 Authentication factors for Internet banking

Extranet Access Management Web Access Control for New Business Services

SOLUTION BRIEF ADVANCED AUTHENTICATION. How do I increase trust and security with my online customers in a convenient and cost effective manner?

nexus Hybrid Access Gateway

Securing access to Citrix applications using Citrix Secure Gateway and SafeWord. PremierAccess. App Note. December 2001

Protecting Online Customers from Man-inthe-Browser and Man-in-the-Middle Attacks

IDENTITY & ACCESS. Providing Cost-Effective Strong Authentication in the Cloud. a brief for cloud service providers

WHITE PAPER. Smart Card Authentication for J2EE Applications Using Vintela SSO for Java (VSJ)

BlackShield ID Agent for Remote Web Workplace

FIDO: Fast Identity Online Alliance Privacy Principles Whitepaper vfeb2014

SOLUTION BRIEF CA ADVANCED AUTHENTICATION. How can I provide effective authentication for employees in a convenient and cost-effective manner?

Web Applications Access Control Single Sign On

Flexible Identity. Tokenless authenticators guide. Multi-Factor Authentication. version 1.0

How Secure is Authentication?

CA ArcotOTP Versatile Authentication Solution for Mobile Phones

Moving Beyond User Names & Passwords Okta Inc. info@okta.com

Two-Factor Authentication over Mobile: Simplifying Security and Authentication

TECHNICAL WHITE PAPER NOK NOK LABS MULTIFACTOR AUTHENTICATION. Any device. Any application. Any authenticator.

AUTHENTICATION AND ACCESS CONTROL BEST PRACTICES FOR HEALTHCARE SYSTEMS

DigitalPersona Pro Enterprise

Internet Banking Two-Factor Authentication using Smartphones

The Authentication Revolution: Phones Become the Leading Multi-Factor Authentication Device

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

CERN Single Sign On solution

BehavioSec participation in the DARPA AA Phase 2

Advanced Authentication

Introduction to SAML

Transcription:

KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS Plurilock Security Solutions Inc. www.plurilock.com info@plurilock.com

2 H IGHLIGHTS: PluriPass is Plurilock static keystroke dynamic biometric authentication solution for web portals. It enables organizations to implement strong twostep authentication and multifactor authentication solutions in an easy and cost effective way for their web portals. This paper provides an outline of this technology. INTRODUCTION User authentication represents the most important security service in protecting online and networked systems. All the other important security services such as access control rely on the ability of the authentication service to check the genuineness of the user identity. A broken authentication system means an open gate to your online system and network. Passwords represent the most common form of authentication mechanisms used to protect online systems. However, passwords are notoriously insecure; they can be broken or stolen using dictionary attacks or through social engineering. They represent the main target and vehicle of a phishing attack which is one of the most insidious forms of identity theft. Despite many publicized breaches related to the weakness of passwords, the overwhelming majority of online systems still rely solely on passwords for authentication. In the last decade, several stronger alternatives to passwords have been developed. Widely recognized strong alternatives to passwords include onetime password (OTP) solutions and biometric authentication solutions. Biometrics technologies extract physiological or behavioral characteristics allowing the discrimination of individuals with the highest level of accuracy. Examples of physiological biometrics include fingerprint, iris, and face scans. Examples of

3 behavioral biometrics include gait, keystroke dynamics, mouse dynamics, and voice scans. The challenge with biometric technologies is that in many cases they require a special purpose sensor or reader (e.g. fingerprint scanner) to capture the biometric samples. Furthermore in some cases these sensors require specific drivers and middleware which are not always available in web environments, and quite often are tied to specific vendor technologies, and as such, lack interoperability. In this context, Plurilock provides PluriPass, an innovative biometric authentication technology which relies only on a standard keyboard for authentication. PluriPass captures transparently keystroke dynamics from supplied username and password PLURIPASS ARCHITECTURE at login time, and extracts unique and distinctive patterns representing the user typing behavior. PluriPass is based on a client/server architecture which can easily be integrated in existing web application environments. PluriPass enables twofactor authentication in web applications and mobile applications. PluriPass combines traditional passwordbased authentication with keystroke biometric recognition to provide inexpensive, platform independent, and reliable twofactor authentication solutions that do not require any additional hardware on the client side or the server side. Enrolment for PluriPass can be carried out actively by requesting samples username/password from the user (10 samples by default) or passively, by collecting

4 the samples overtime as the user accesses the site. The user s profile is updated continuously and transparently over the time. PluriPass is provided as a web service hosted on the Plurilock Authentication Server. Any client can use PluriPass through a set of web services exposed by the server. Any client wishing to use PluriPass needs to implement a web service client. Login data + Keystroke dynamics PluriPass Authentication Web Service Web Client (e.g. JavaScript, Flex) Resource Server PASS Server Figure 1. Simple integration scenario for PluriPass To integrate PluriPass authentication service with an existing web application, the web application simply needs to implement a web service client that collects keystroke events (based on sample code provided by Plurilock). The client may be implemented in different languages such as JavaScript, PHP, Flex or ActionScript, etc. The keystroke events are sent to the web application server or the resource server. Then, the resource server uses the received keystroke events from the client side and calls the PluriPass authentication web service on the PASS server as illustrated in Figure 1. The keystroke analysis is executed on the PASS server and the result is returned to the resource server. Based on the result, the resource server can decide either to give access to the client or not.

5 PLURIPASS SERVER The PluriPass server is a lightweight software server which implements the authentication logic and verifies authentication requests received from your existing web platform. Integration with your existing web platform (see Figure 2) is straightforward and takes place by implementing a simple web service client which conveys the authentication request from your web platform or resource server to the authentication server. registration Resource Server (Your Existing Web Platform) Web Service Client Authentication request Web Service PASS Server Authentication result Figure 2. Server Integration Architecture The main components that interact with the authentication server include the following: 1. Resource Server: The server hosting the protected resources, capable of accepting and responding to protected resource requests using access tokens or authentication decisions provided by the PluriPass Authentication Server. 2. Authentication Client: An application making protected resource requests on behalf of the resource owner and with its authorization. The client can be a web application, a desktop computer, a mobile application or another server. Usually, the web application is deployed on an application server. Part of the web application is a PluriPass JavaScript library that collects keystroke events from the user through a browser. The collected keystroke events are transmitted to the

6 application server as a JSON object. The application server uses the collected keystroke events for a given user to verify the user identity using PluriPass identity verification services. Other languages (e.g. PHP, Flex) may be supported on demand. user Browser Admin/IT support 1. Username/ password 2. Capture Strong Authentication sample Web Server (Resource Server) Credential Database (username/password) Web Authentication Client 3. Send (username, password, sample) 4. Validate (username, password) 5. Validate (strong auth. Sample) 6. Validation result (match/nonmatch) Figure 3. Authentication workflow Admin Console Authentication Server (PASS) Strong Authentication Database (e.g. biometrics templates) The PluriPass authentication workflow is simple and straightforward (see Figure 3). The user provides in the browser his username and fixed password. The keystroke

7 biometric sample is extracted on the client side and to the web server, which checks the username and password, and forwards (only) the biometric data (i.e. the dynamics) to the PluriPass server for validation. If the validation is successful the user is redirected to the requested resource (or page), otherwise access is denied. PluriPass comes with a user friendly webbased management user interface (UI) (see Figure 4) that allows System Administrators to manage and control the user accounts, the authentication services and other PluriPass features. The PluriPass server management console provides extensive logging/auditing capabilities, and it allows managing from a single web console PluriPass deployment for multiple sites. SUMMARY Figure 4. Webbased Administration Console Classical password schemes are notoriously insecure. Many tools are freely available on the Internet which can be used by hackers and crooks to steal or crack user

8 passwords. To deal with such situations, multifactor authentication schemes, which combine classical passwords schemes with strong alternative authentication technologies, are recommended. Plurilock provides PluriPass as a strong authentication technology using a lightweight software server platform for web portal and local network protections. The solution is flexible and can be deployed with a single authentication factor or a combination of several authentication factors according to the needs of the customer. Plurilock Security Solutions Inc. is always working to enhance their customer s security and to ensure that their customer s needs are met. Plurilock s team of developers are constantly enhancing the products and staying at the forefront of the online security industry. Contact Plurilock and find solutions to your concerns regarding the online security challenges in today s marketplace. Plurilock Security Solutions Inc. www.plurilock.com info@plurilock.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information