LiveEnsure Will Showcase Authentication Security At Infosec 2012Reported by i-Newswire.com on Monday, 23 April 2012 (on April 23, 2012)
This week in time for Infosec 2012 Christian Hessler CTO reviews the BYOD (bring your own device) authentication method he sums up his previous analysis shares a new solution and new approach. Having attended both Mobile World Congress in Barcelona
There are three main approaches to BYOD authentication security:
• something you download, register and re-reference, called "seed and read" - such as a cookie, token, certificate, binary or key
• the simple out-of-band method, whether fed by a physical token, software token, one-time-password generator, email/SMS PIN or the like, called "throw and catch" or "ring and ping"
All three of these methods are often used in combination or isolation to achieve some level of secondary authentication by a multiple factor approach. The risks and problems inherent with each have been covered in those previous posts. The primary failure with all of them is that they:
• depend on the user for skill, recognition or good stewardship of the trust or implementation
• rely the primary communication path, as opposed to an alternate one, to verify that path. No control group, no independent triangulation or verification
• capture, store, traffic and process each factor or trust element in isolation - making it ripe for re-capture, reverse-engineering, prediction or offline use (the bane of phishing, pharming, MITM, MITB and social attacks)
• honorable mention: the solutions are time consuming, cumbersome, expensive and don't really exploit the BYOD as a technology, just as a 'bucket' for the security buts. A browser in your hand.
LiveEnsure® sidesteps the above deficiencies while offering new and innovative benefits to the mobile BYOD user authentication model.
LiveEnsure® is true mobile BYOD authentication that can be applied to any areas where trust is required: logins, session verification, form submission, document e-signing, location verification, etc. It utilizes three primary technologies that accomplish this while fully leveraging the BYOD reality:
LiveEnsure® authenticates the user, site, device and session in real-time with a synthesized factor approach. Instead of isolating PIN#s and passwords, device fingerprints and one-time-tokens, LiveEnsure® synthesizes these into a composite, one-time-signature (more powerful than a one-time-password) so that neither the user, the site nor LiveEnsure® itself can be fooled by isolated and replayed factors. The user does not have to remember, recognize, recall or respond to anything. Just point and scan your BYOD - that's it.
Unlike most solutions that rely upon the browser or primary app for all security traffic (kind of like leaving the key to the door under the doormat), LiveEnsure® steps outside the primary communication channel and verifies, independently, the authenticity of the factors and parties involved.
In addition, LiveEnsure® exhibits the following benefits:
- Mashup Integration
- SaaS Cloud Provisioning
- Pay-As-You Pricing
- Free Mobile App - Apple iOS devices, Android and Windows Mobile
The future of verification is here. Visit LiveEnsure® on stand J89 at Infosec Security, Olympia 24th-26th April 2012.
Users: Try it on your mobile: experience.liveensure.com
Developers: Get it for your site or app at www.liveensure.com
Company Contact Information
Palm Tree Technology
46 Berkeley Square
0207 598 5368
News and Press Release Distribution From I-Newswire.com
Links: Full news story
|Recent related news|
3 days ago
|This briefing will discuss the value of Google Apps for Business for your organisation from an...|
5 days ago
|Cyberarms delivers a blow to all potential hackers with the release of the latest version of IDDS â€“...|
1 week ago
|Do you use the same password for all websites? Do you overshare on Facebook? If so, you're a target...|
1 week ago
|Journalists have found that being clearly visible behind presenters at BBC New Broadcasting House has...|