Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Networking

    Strikeforces ProtectID Technology Boosts Identity Security with Phone Call

    Written by

    Mark Hachman
    Published August 5, 2004
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Two-factor security aims to boost user identification beyond the simple password. However, StrikeForce Technologies Inc. offers a twist to this greater level of security: a verification technique that uses a wired or wireless phone.

      StrikeForce Technologies recently rebranded its authentication technology. Previously called COBAS (Centralized Out-of-Band Authentication Software) will now be know as ProtectID, company officials said. The technology can reinforce a password with some other form of identification that uniquely identifies a user, such as forms of biometric identification. The company is also developing additional means of verifying identities, such as keyboard-level encryption.

      StrikeForces ProtectID VBVoice scheme adds an additional “out-of-band” layer of security, without undue hassle, the company said. After logging into a ProtectID-secured Web site, the user is asked to enter his or her username. The server then dials a specified phone number—usually an office phone or cell phone—and asks the user to input the password into the phone, and then hang up. Within a second or two, the login proceeds.

      According to security researchers, there are several ways a security system can verify that someone is an authorized user. Most systems use a unique code that supposedly only the user knows, such as a password, possibly backed up a unique, hardware security token assigned to each user—something unique. More complex systems can also use some form of biometric identification, such as a fingerprint or retinal scan, to provide additional security.

      /zimages/2/28571.gifClick here to Microsoft and RSAs vision for a token-based service called SecurID.

      Taken individually, each form of security is defeatable. Together, the combination becomes more secure. However, one problem is that as security becomes more complex it places more of a burden on a user.

      For example, in an April study of 5,000 e-commerce users, analyst Gartner Inc. found that requiring the use of an additional security device, such as a smart card, was the least desirable alternative toward enhancing e-commerce security, said Avivah Litan, the analyst responsible for the survey.

      StrikeForce executives argue that a password tied to a somewhat personal device such as an office phone or mobile phone is more secure than a bare password, and less hassle than a dedicated token—although the ProtectID can be used with a token, as well.

      “The goal is that it doesnt go out and force people to buy something new,” said George Waller, executive vice president of StrikeForce, headquartered in Edison, N.J.

      Cloning a mobile phone wont necessarily defeat the system, either, he pointed out. “Are you going to approve a transaction you didnt authorize?” Waller said.

      /zimages/2/28571.gifFor insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzers Weblog.

      The software can also be configured to ring a second phone, such as a bank manager needed to authorize a large wire transfer.

      Typically, the password entered through a phones keypad will be a number, Waller said, a less-secure password than a one with different numbers and characters entered on a keyboard.

      The ProtectID systems can also train a user to repeat back a unique password delivered over the phone, Waller said. The software is trained to identify the way in which a user not only repeats a number, but the rising and falling cadences a user uses when beginning and ending a series of numbers. This biometric identification can be used to prevent “shoulder surfing” a password, Waller said.

      The “out-of-band” technique tries to ensure that if one means of communicating with the StrikeForce server over the network is compromised, another means—a phone—can be used as well. If responding to a phone becomes too onerous, StrikeForce said it is in the final phases of testing a technique to push a 128-bit SSL channel down to the keyboard level via a second out-of-band server. The keyboard encryption, enabled by a small client application, is designed to defeat keyboard loggers by encrypting the information, Waller said.

      The third piece of the puzzle is a technology that StrikeForce calls “VerifyID”. Based on a database of information that StrikeForce has acquired from third-party vendors and public records, the software can ask a user a series of multiple-choice questions based on personal history, something that only the user should know the answer to. Sample questions might ask for the color of a car the user previously owned, or the street address of a former home, Waller said.

      StrikeForces approach has won over at least one customer, myVirtualCard.com, a Montreal-based e-commerce company with 33,000 electronic transactions to date. It uses Panasonic as an ASP (authentication services provider). Japans KDDI has also signed on as an ASP provider, Waller said.

      “We took their technology and developed it further,” said Howard Cohen, myVirtualCard.coms chief executive. “They came to us with their verification technology, and we developed the middleware for their e-commerce world. We havent had an easy shot with it; some people like it, some people dont. Its not an easy sell.”

      That market resistance is partly because U.S. customers havent accepted supplementary security devices such as the smart cards used overseas, Gartners Litan said. “Theyre ahead of the market,” she said. “In terms of the market for out-of-band authentication, theres probably more of a market in the U.K. than the U.S.”

      In addition, U.S. banks are very reluctant to adopt another form of authentication, according to Litan.

      Moreover, most confidential information isnt captured in transit to and from the bank, but on the banks servers. “The rest of the market needs it more than banks do,” she said.

      /zimages/2/28571.gifCheck out eWEEK.coms Security Center at http://security.eweek.com for the latest security news, reviews and analysis.

      /zimages/2/77042.gif

      Be sure to add our eWEEK.com developer and Web services news feed to your RSS newsreader or My Yahoo page

      Mark Hachman
      Mark Hachman

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×