Image-Based Authentication from Confident Technologies
Download as PPTX, PDF1 like632 views
The document discusses the challenges of online security, highlighting that traditional password-based authentication is vulnerable to breaches due to various attacks. It presents an innovative image-based authentication method as a more secure and user-friendly alternative, generating unique one-time passwords for each session. The solution also enhances security through two-factor authentication and behavioral biometrics, aiming to balance strong security with usability in online interactions.
Image-Based Authentication from Confident Technologies
- 1. Intuitive and Secure, Image-Based Authentication
- 2. Poor Authentication on the WebWebsite security is the most vulnerable area of IT security96%of all breached records were accessed from outside, often by using stolen login credentials or keyloggers that capture passwords
- 3. Passwords are poor security:
- 4. People have too many to remember, choose weak passwords, use the same password on multiple sites
- 5. Vulnerable to key loggers, brute force attacks, dictionary attacks, etc.
- 6. Login credentials leaked from one site are used to access other sites
- 7. Challenge Questions are poor security
- 8. Tokens, Smart Cards, Biometrics are expensive, not practical for public-facing websitesCompany Confidential Information
- 9. How to Balance Security & UsabilityThe need for strong security that is easy-to-useBusinesses sacrifice security in an effort to create a “frictionless” experience for online customers.
- 10. This leads to online fraud and identity theft ($221 Billion in fraud last year alone!), data breaches and other security compromises.
- 11. Businesses struggle to enforce strong authentication without burdening customers. These issues are compounding as people do more online interactions using mobile devices. Company Confidential Information
- 12. Image-Based AuthenticationConfident ImageShield™ Image-based authentication that creates a one-time passwordThe first time a user enrolls, they select a few categories to rememberWhen authentication is needed, they are presented with a grid of random imagesThey identify the images that fit their secret categories and enter the corresponding letters as their one-time password or PIN The pictures, their locations and the letters are different every time – creating a unique authentication code each time. Company Confidential Information
- 13. Two Factor, Mobile AuthenticationConfident Multifactor Authentication™ A one-time password (OTP) is encrypted within an ImageShield. ImageShield is displayed on the user’s mobile device, they identify the pictures that fit their secret categories – thus reassembling the OTPReassembled OTP is submitted to be verifiedOnly if the user identified the correct images will they have the correct OTP Web page proceeds automatically if authentication is correct – the entire process remains out-of-band from the web sessionCompany Confidential Information
- 14. Two Factor, Mobile AuthenticationConfident Multifactor Authentication™ Generates a one-time password, hidden from view
- 15. User applies a “shared secret” on the second factor
- 16. A multilayered, multifactor solution
- 17. Only the legitimate user is able to use the second factor
- 18. Secure against Zeus-in-the-mobile,SMS-forwarding and keylogging attacks
- 19. Secure if someone else has possession of your mobile device (loss or theft)
- 20. Entirely out-of-bandCompany Confidential Information
- 21. Two-Factor AuthenticationApplication on the SmartphonePush technology triggers an app on the phone to display the ImageShieldUser taps the images that fit their secret categoriesAuthentication remains entirely out-of-bandCompany Confidential Information
- 22. Two-Factor AuthenticationZero-Footprint DeploymentAn SMS message is sent to the user’s phoneThe ImageShield is opened in the mobile browserThe user taps the pictures that fit their secret categories The authentication is confirmed. The entire process remains out-of-band.Company Confidential Information
- 23. Confident KillSwitchTMIn addition to choosing their secret categories for authentication, the user chooses one or more “No Pass” categories
- 24. Positively identifies hackers in the act of trying to break into an accountXCaptures behavioral biometrics, IP address, geographic information, actionable data so business can take immediate proactive measures against the attacker, lock the account, send alerts and moreXCan alert the business to a wide-scale, brute-force attack on the business in real-time Intuitive and Secure, Image-Based AuthenticationThank You!www.ConfidentTechnologies.comTry the Live Demos at: www.ConfidentTechnologies.com/demosWatch Our Videos at www.Youtube.com/ConfidentTech
Editor's Notes
- #3: Source: 2010 Data Breach Report by Verizon and US Secret Service
- #4: Source:http://mashable.com/2011/01/29/identity-theft-infographic
- #5: Image-based authentication from Confident Technologies is both highly secure and easy to use. It creates one-time passwords or PINs each time authentication is needed, yet it is easy and intuitive to use. The pictures, their location on the display, and the alphanumeric characters overlaid on the images are different each time. In this way, it creates a unique, one-time password (OTP) every time. However, the user’s categories always remain the same. They simply look for the pictures that fit their secret categories. Each ImageShield has a unique ID and a limited life span so it can only be used once.
- #6: Confident Technologies generates a one-time authentication code (a.k.a. a one-time password), splits the code apart and assigns pieces of the code to pictures that match the user’s secret categories. “Dummy” pieces of code are randomly assigned to other random pictures. An ImageShield is displayed on the user’s smartphone or mobile device – this can be done using a web browser (zero-footprint deployment) or using an application/soft token on the smartphone. The user taps the pictures that fit their secret categories, thus reassembling the authentication code. The code assembled by the user is sent back to Confident Technologies to be verified. Only if they identified the correct pictures in the correct order will the code be reassembled correctly and authentication is confirmed. The entire process remains out-of-band from the web session.
- #7: Many common two-factor solutions send the user a one-time password or PIN as a text message. If someone else is in possession of the phone, or using SMS-forwarding technology (also known as a Zeus-in-the-mobile attack), they can easily read the text and authenticate their own fraudulent transactions. Confident Multifactor Authentication is more secure because it requires the user to apply a piece of secret knowledge on the second factor device itself. This makes it a multi-layer, multifactor solution. The user simply taps the images that fit their secret categories on the smartphone. The entire authentication process remains completely out-of-band and the one-time password or PIN is essentially “hidden in plain sight.” Even if someone else gained physical or virtual possession of your phone, they would not be able to authenticate because they would not know the correct images to identify. It can provide behavioral biometrics and other data for adaptive, risk-based authentication and decision making.
- #8: During out-of-band authentication, a one-time authentication code or single use transaction authentication number (mTAN) is generated. Pieces of the code are “hidden behind” the pictures that are associated with the user’s secret categories. “Dummy” pieces of code are randomly associated with the other random pictures on the ImageShield. When the user identifies the pictures that fit their secret categories, they are essentially reassembling the one-time authentication code. The application on the phone communicates with the Confident Technologies server and we check to see if the user reassembled the one-time code correctly. Only if the user knows their secret categories will they be able to reassemble the correct code and authenticate.
- #9: Using the zero-footprint deployment model, the user is sent a text message with a secure link. They open the link in the mobile phone’s web browser to see the ImageShield and simply tap the pictures that fit their secret categories to authenticate. Because it uses a mobile browser, Confident Technologies can compare the IP address of the computer used for the web session with the IP address of the mobile browser to make sure that they are geographically close – this helps ensures that the text message was not re-routed to a different phone.
- #10: If a hacker or a bot attempts to access the account by guessing login credentials or using a brute-force attack, and selects an image that fits one of the user’s “no pass” categories, Confident KillSwitch can automatically alert the business or account owner,lock all access to the account, or present increasingly difficult ImageShield challenges while gathering important information including the IP address, geographic location and behavioral biometrics of the would-be attacker. Confident KillSwitch can positively distinguish between a legitimate user who may have mistakenly identified one wrong image and a fraudulent authentication attempt. With each additional authentication attempt, it actually makes it less likely for an attacker to be able to correctly guess the secret and more likely for the attacker to be caught.