Mobile Authentication Using Images
•Download as PPTX, PDF•
0 likes•755 views
Mobile Authentication and Two-Factor Authentication Using Images.
Recommended
Recommended
More Related Content
Recently uploaded
Recently uploaded (20)
Featured
Featured (20)
Mobile Authentication Using Images
- 1. Intuitive and Secure, Image-Based Authentication
- 2. Who We Are Image-based authentication technology for websites, web and mobile applications, and mobile devices. • Multifactor, image-based authentication that’s easy to use: o One-time passwords o Two-factor authentication o Authentication for mobile apps, mobile websites & mobile payments • Hundreds of websites and organizations rely on Confident Technologies: o10 customers in the financial services sector, including Charles Schwab Retirement Services •Thousands of individual consumers use our online password manager for single sign-on and OpenID login • 15 independent patent filings for image-based authentication, image-based password management, use of authentication images for advertising and more Company Confidential Information
- 3. The Problem with Mobile Authentication Difficult, Not Secure, Slow • Typing usernames & passwords is too difficult on smartphones and tablets • Often requires switching among multiple soft keyboards • 60% of smartphone owners say they wish there were a better way to authenticate for mobile apps • Passwords and PINs are poor security: • Too many to remember, people choose weak ones, use the same one on multiple accounts and applications • Vulnerable to key loggers Company Confidential Information
- 4. How to Balance Security & Usability • Businesses sacrifice security in an effort to create a “frictionless” experience • This leads to fraud and identity theft ($221 Billion in fraud last year alone!) • Businesses struggle to enforce strong authentication without burdening customers. • 84% of smartphone owners have struggled with mobile transactions • 43% said a negative experience would cause them to abandon a mobile transactions According to experts at the 2011 CTIA Wireless conference: “Mobile Authentication Will Be More Revolutionary Than Mobile Commerce Transactions” Company Confidential Information
- 5. Image-Based Authentication Confident ImageShield™ Image-based authentication that creates a one-time password 1. The first time a user enrolls, they select a few categories to remember 2. When authentication is needed, they are presented with a grid of random images 3. They identify the images that fit their secret categories and enter the corresponding letters as their one-time password or PIN The pictures, their locations and the letters are different every time – creating a unique authentication code each time. Company Confidential Information
- 6. Image-Based Authentication Confident Mobile Authentication Image-based authentication can be used to create one-time passwords and strong authentication for: • Logging in to mobile apps and mobile websites • Approving mobile payments or transactions • Device lock/unlock Easier on users More secure (creates one-time passwords) Faster & quicker on mobile devices than typing passwords Company Confidential Information
- 7. Two Factor, Mobile Authentication Confident Multifactor Authentication™ 1. A one-time password (OTP) is encrypted within an ImageShield. 2. ImageShield is displayed on the user’s mobile device, they identify the pictures that fit their secret categories – thus reassembling the OTP 3. Reassembled OTP is submitted to be verified 4. Only if the user identified the correct images will they have the correct OTP 5. Web page proceeds automatically if authentication is correct – the entire process remains out-of-band from the web session Company Confidential Information
- 8. Two Factor, Mobile Authentication Confident Multifactor Authentication™ Generates a one-time password, hidden from view User applies a “shared secret” on the second factor A multilayered, multifactor solution Only the legitimate user is able to use the second factor Secure against Zeus-in-the-mobile, SMS-forwarding and keylogging attacks Secure if someone else has possession of your mobile device (loss or theft) Entirely out-of-band Company Confidential Information
- 9. Confident KillSwitchTM In addition to choosing their secret categories for authentication, the user chooses one or more “No Pass” categories Positively identifies hackers in the act of trying to break into an account Captures behavioral biometrics, IP address, geographic information, actionable data so business can take immediate proactive measures against the attacker, lock the account, send alerts and more Can alert the business to a wide- scale, brute-force attack on the business in real-time
- 10. Intuitive and Secure, Image-Based Authentication Thank You! www.ConfidentTechnologies.com Try the Live Demos at: www.ConfidentTechnologies.com/demos Watch Our Videos at www.Youtube.com/ConfidentTech
Editor's Notes
- Typing usernames and passwords on mobile devices is too cumbersome. Whether logging in to mobile apps and mobile websites, approving mobile transactions, or verifying mobile payments, it’s simply too difficult. “Strong” passwords (consisting of upper and lower case letters, numbers and symbols) are even more difficult to type because they involve switching back and forth between multiple soft keyboards on the touchscreen. Source: Mobile (In)Security Survey 2011, can be downloaded at www.confidenttechnologies.com/survey
- The inconvenience and security issues of traditional authentication stunt the growth of mobile commerce, mobile payments and mobile bankingSources:http://mashable.com/2011/01/29/identity-theft-infographic http://www.tealeaf.com/news/news-releases/2011/Ten-Million-UK-Consumers-Using-Mobile-Commerce.phphttp://www.mobilemarketer.com/cms/news/commerce/11217.html
- Image-based authentication from Confident Technologies is both highly secure and easy to use. It creates one-time passwords or PINs each time authentication is needed, yet it is easy and intuitive to use. The pictures, their location on the display, and the alphanumeric characters overlaid on the images are different each time. In this way, it creates a unique, one-time password (OTP) every time. However, the user’s categories always remain the same. They simply look for the pictures that fit their secret categories. Each ImageShield has a unique ID and a limited life span so it can only be used once.
- Confident Technologies generates a one-time authentication code (a.k.a. a one-time password), splits the code apart and assigns pieces of the code to pictures that match the user’s secret categories. “Dummy” pieces of code are randomly assigned to other random pictures. An ImageShield is displayed on the user’s smartphone or mobile device – this can be done using a web browser (zero-footprint deployment) or using an application/soft token on the smartphone. The user taps the pictures that fit their secret categories, thus reassembling the authentication code. The code assembled by the user is sent back to Confident Technologies to be verified. Only if they identified the correct pictures in the correct order will the code be reassembled correctly and authentication is confirmed. The entire process remains out-of-band from the web session.
- Many common two-factor solutions send the user a one-time password or PIN as a text message. If someone else is in possession of the phone, or using SMS-forwarding technology (also known as a Zeus-in-the-mobile attack), they can easily read the text and authenticate their own fraudulent transactions. Confident Multifactor Authentication is more secure because it requires the user to apply a piece of secret knowledge on the second factor device itself. This makes it a multi-layer, multifactor solution. The user simply taps the images that fit their secret categories on the smartphone. The entire authentication process remains completely out-of-band and the one-time password or PIN is essentially “hidden in plain sight.” Even if someone else gained physical or virtual possession of your phone, they would not be able to authenticate because they would not know the correct images to identify. It can provide behavioral biometrics and other data for adaptive, risk-based authentication and decision making.
- If a hacker or a bot attempts to access the account by guessing login credentials or using a brute-force attack, and selects an image that fits one of the user’s “no pass” categories, Confident KillSwitch can automatically alert the business or account owner,lock all access to the account, or present increasingly difficult ImageShield challenges while gathering important information including the IP address, geographic location and behavioral biometrics of the would-be attacker. Confident KillSwitch can positively distinguish between a legitimate user who may have mistakenly identified one wrong image and a fraudulent authentication attempt. With each additional authentication attempt, it actually makes it less likely for an attacker to be able to correctly guess the secret and more likely for the attacker to be caught.