The average user today holds approximately 30 accounts that are accessed with a keyed-in password or PIN number. Can you imagine changing and or keeping track of this? Do you find yourself cursing your internal IT department although you understand completely that it's not their fault and it's one of the deliverables for auditory compliance?
It is necessary - although it is widely known that establishing a user's identity through username/password is not strong enough:
* Credentials can be shared - jeopardising security and regulatory compliance.
* Credentials can be stolen - leading to unauthorised access, disclosure of confidential/personal information, fraud and financial losses.
Secondary authentication mechanisms (challenge/response questions, hardware tokens, digital certificates) are costly to deploy and cumbersome for users resulting in significant user dissatisfaction and increased costs.
DRS chooses Authenware to solve the problems associated with identity authentication.
The AuthenWare solution is a second-factor biometric authentication technology that is very accurate and completely transparent to the end-user. AuthenWare is a multi-factor authentication system that uniquely identifies the rightful owner of the username/password credentials being supplied, by combining keystroke dynamics and heuristics to make user authentication and validation easy, cost-effective and reliable.
With AuthenWare, you can be sure that:
* Only authorised users are granted access to applications or data
* Invalid access attempts are detected
* Stolen credentials are rendered useless
* Authentication is totally transparent to the user
AuthenWare incorporates a breakthrough, multi-dimensional approach to validating identity. Using a series of security algorithms that record and measure a person's unique keyboard typing patterns, as well as other behavioural and environmental heuristics, the product creates a personal security pattern - the AuthenWare Singularity Pattern - that is as unique as the person's DNA. Based on a series of statistical singularities (aspects that distinguish one person from others), the pattern can even adapt to nuances in behaviour such as those caused by medication, injury or fatigue. Each time a user signs in, their log-in characteristics are compared to the AuthenWare Singularity Pattern, and if it is mathematically similar, the authorised user is granted access. An imposter who has obtained username, password or other authentication information, however, will not be granted access since their pattern will not resemble that of the valid user. Rather than looking for an identical match, AuthenWare looks for a strong correlation to those aspects of the user's rhythm, including attributes like keyboard dwell time and flight time that are highly individual.
The product can be implemented in a way that matches the organisation's needs, with configurable levels of authentication policy, false acceptance rates (FAR) and false rejection rates (FFR), and tight integration into existing applications and processes.
What Authenware does:
Improves overall security
AuthenWare uses keystroke dynamics as well as heuristics like IP address, screen resolution, browser version, time of use, and more to authenticate the user. With multiple factors, a weakness in one factor is mitigated by the strength of other factors, providing the strongest possible security.
The unique signature produced for a user is not directly tied to personally identifiable information (PII), ensuring compliance with numerous regulatory requirements including the Payment Card Industry Data Security Standard (PCI-DSS), Gramm-Leach-Bliley Act (GLBA), Health Insurance Portability and Accountability Act (HIPAA), and the Sarbanes-Oxley Act (SOX), strengthening the organisation's overall security posture. As an additional point of validation, AuthenWare has been certified by the International Biometric Group.
Minimises fraud
AuthenWare helps any organisation to ensure that users are accurately authenticated, and that imposters are not able to access private or corporate information by masquerading as a valid user. It works in conjunction with the organisation's existing authentication methods but goes beyond, to render stolen credentials useless. AuthenWare detects fraudulent authentication attempts and can enforce a variety of policies based on the user, transaction, application, specific application function or system, and can block man-in-the-middle and man-in-the-browser attacks as well as many other cyber threats.
Deployment scenario
Web-based applications
In a typical deployment at a telecommunications company, the online customer self-service application is configured with business rules for each AuthenWare response type, including the determination of FAR and FRR relative to groups, users, transactions, etc. In production, it transparently monitors the Web application login fields and compares user login characteristics to the AuthenWare Singularity Pattern, providing the appropriate response to the Web application. This not only provides security and identity protection, but it also assists companies with regulatory compliance. Since AuthenWare does not hold or transmit actual user credentials - only the AuthenWare Singularity Pattern - it ensures adherence to government and industry mandated regulations that protect personally identifiable information.
Internal applications
For example, inside a government department to prevent credential sharing, it is deployed behind the internal network firewall, and communicates with the application server(s) using standard protocols. The internal corporate application is configured with business rules for each AuthenWare response type, including the determination of FAR and FRR relative to groups, users and transactions. In production, AuthenWare transparently monitors the internal corporate application login fields, comparing the user login characteristics to the AuthenWare Singularity Pattern, passing the appropriate response to the application. AuthenWare thus provides protection against sharing or theft of passwords and other authentication credentials, eliminating the most prevalent access control and data vulnerabilities in today's corporate environments.
Why AuthenWare?
AuthenWare takes authentication and verification to a new level. Unlike other two-factor methods that can be bypassed, stolen, spoofed, phished or pharmed, with AuthenWare there is nothing to lose, nothing to forget, and no reason to call the help-desk. This technology can be deployed instantly to massive numbers of customers, requires no additional hardware, and is totally unobtrusive. It is one of the most accurate and effective implementations of biometrics in the market today.
DRS believes that Authenware could very well become a standard on accurate identification and authentication of users.
AUTHENWARE, the first proven solution combining keystroke dynamics and heuristics which is certified by International Biometric Group (IBG).
Are you still not convinced?
1. Click here for a free demonstration.
2. Call Meshan Pungavanam from DRS for a free consultation on 011 523 1600.
Share