Attacks/Breaches
2/1/2013
04:15 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

HID Global Identity Assurance Partners With Biometrics Company For Strong Authentication

Integrated 4TRESS Authentication Server and Behaviometrics solution addresses security at time of login

IRVINE, Calif., January 29, 2013 – HID Global®, a worldwide leader in secure identity solutions, today announced it is partnering with BehavioSec, a leading behavioral biometrics company, to combine BehavioSec’s Behaviometrics technology with HID Global’s 4TRESS Authentication Server. The joint offering brings a new layer of security to HID Global’s Fraud Detection System without sacrificing user convenience by employing behavioral “fingerprints” as an additional authentication mechanism.

Users today increasingly spend time identifying themselves to access digital resources, such as logging into company networks or banking online. However, once users log in and cross the first layer of the authentication security perimeter, the only factor that ensures they are the same person that logged in is time-based. As long as there is continuous activity, the application assumes the user is the same person and lets the user remain logged in, presenting a potential security risk.

The integrated 4TRESS Authentication Server and Behaviometrics solution addresses this risk by increasing security at the time of login. If a user’s password or OTP token is stolen but the credentials are not entered the way the user would enter them, login would be impossible. Once logged in, user behavior is continuously monitored to ensure that a third party has not intercepted or taken over the session.

“Recent security breaches have driven home the fact that the less layers of authentication your organization employs, the more vulnerable you are to attacks and exploitation,” said Hilding Arrehed, director of worldwide professional services and technology partner programs, Identity Assurance, with HID Global. “By combining BehavioSec’s groundbreaking technology with our 4TRESS Authentication Server, we can provide added value and security to our customers by increasing the auditability and traceability of activity online, without making it more difficult for the end user.”

BehavioSec’s Behaviometrics solutions can create digital fingerprints of users’ ongoing keyboard pressing patterns, including speed, frequency and pressure, when interacting with computer applications and websites. With significant accuracy, the system can detect deviations from a user’s normal behavior and whether an attacker takes control of a computer.

By integrating Behaviometrics into the 4TRESS Authentication Server Fraud Detection System, customers can now benefit from:

· Improved user experience by using the behavioral “fingerprint” as an authentication mechanism. If the system is confident that a user is who he/she claims to be based on behavior, device type, location and other user-transparent parameters collected and analyzed by the Fraud Detection System, the user will not need to re-authenticate. · Increased security by adding transparent behavioral analysis to user interactions with the application or system. This makes the initial authentication more secure and provides ongoing protection after the initial login.

· Strengthened audit capabilities by capturing deviations in user behavior. This information can be useful for forensics studies around internal and external data breaches. It can also help assess whether a session was hijacked or the authenticated user committed the fraud.

“Compliance can be a complicated process for organizations, so we are always looking for simple ways to streamline our solutions,” said Olov Renberg, co-founder of BehavioSec. “By combining our Behaviometrics technology with HID Global’s 4TRESS offering, we can add a new layer of security in a transparent way todeliver a complete solution for risk-based authentication.”

Stay Connected with HID Global

Visit our Media Center, read our Industry Blog, subscribe to our RSS Feed and follow us on Facebook, LinkedIn and Twitter.

About BehavioSec BehavioSec offers solutions that enable a new layer of protection against identity theft. By continuously monitoring the user’s behavior in a session, BehavioSec’s technology identifies users by their keystroke rhythm, mouse/gesture movements and user patterns. BehavioSec’s products enable active authentication, preventing information theft by detecting intrusions while they are happening. For more information, visit www.behaviosec.com.

About HID Global Identity Assurance Solutions HID Global’s Identity Assurance Solutions enable customers to prove and establish trust in a person’s identity when accessing resources on the network. The business’s strong authentication and smart card solutions are relied upon by more agencies, including the U.S. Department of Defense, than any other provider, and has issued more than 100 million credentials to enterprise, government and commerce customers. The Identity Assurance Solutions business (formerly ActivIdentity) is headquartered in Silicon Valley, California. For more information, visit www.actividentity.com.

About HID GlobalHID Global is the trusted source for innovative products, services, solutions, and know-how related to the creation, use, and management of secure identities for millions of customers around the world. The company’s served markets include physical and logical access control, including strong authentication and credential management; card printing and personalization; visitor management systems; highly secure government and citizen ID; and identification RFID technologies used in animal ID and industry and logistics applications. Primary brands are ActivIdentity®, EasyLobby®, FARGO® and HID®. Headquartered in Irvine, California, HID Global has over 2,000 employees worldwide and operates international offices that support more than 100 countries. HID Global® is an ASSA ABLOY Group brand. For more information, visit www.hidglobal.com.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5316
Published: 2014-09-21
Cross-site scripting (XSS) vulnerability in Dotclear before 2.6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted page.

CVE-2014-5320
Published: 2014-09-21
The Bump application for Android does not properly handle implicit intents, which allows attackers to obtain sensitive owner-name information via a crafted application.

CVE-2014-5321
Published: 2014-09-21
FileMaker Pro before 13 and Pro Advanced before 13 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2319...

CVE-2014-5322
Published: 2014-09-21
Cross-site scripting (XSS) vulnerability in the Instant Web Publish function in FileMaker Pro before 13 and Pro Advanced before 13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-3640.

CVE-2014-6602
Published: 2014-09-21
Microsoft Asha OS on the Microsoft Mobile Nokia Asha 501 phone 14.0.4 allows physically proximate attackers to bypass the lock-screen protection mechanism, and read or modify contact information or dial arbitrary telephone numbers, by tapping the SOS Option and then tapping the Green Call Option.

Best of the Web
Dark Reading Radio