LiveEnsure Will Showcase Authentication Security At Infosec 2012
This week in time for Infosec 2012 Christian Hessler CTO reviews the BYOD (bring your own device) authentication method he sums up his previous analysis shares a new solution and new approach. Having attended both Mobile World Congress in Barcelona
Online, April 23, 2012 (Newswire.com) - There are three main approaches to BYOD authentication security:
• something you download, register and re-reference, called "seed and read" - such as a cookie, token, certificate, binary or key
• information you grab at runtime (via the browser) and attempt to verify, called "scratch and match" - including most of the JavaScript fingerprinting solutions on the market who also rely up on a cookie or ever-cookie to operate
• the simple out-of-band method, whether fed by a physical token, software token, one-time-password generator, email/SMS PIN or the like, called "throw and catch" or "ring and ping"
All three of these methods are often used in combination or isolation to achieve some level of secondary authentication by a multiple factor approach. The risks and problems inherent with each have been covered in those previous posts. The primary failure with all of them is that they:
• depend on the user for skill, recognition or good stewardship of the trust or implementation
• rely the primary communication path, as opposed to an alternate one, to verify that path. No control group, no independent triangulation or verification
• capture, store, traffic and process each factor or trust element in isolation - making it ripe for re-capture, reverse-engineering, prediction or offline use (the bane of phishing, pharming, MITM, MITB and social attacks)
• honorable mention: the solutions are time consuming, cumbersome, expensive and don't really exploit the BYOD as a technology, just as a 'bucket' for the security buts. A browser in your hand.
LiveEnsure® sidesteps the above deficiencies while offering new and innovative benefits to the mobile BYOD user authentication model.
 
LiveEnsure® is true mobile BYOD authentication that can be applied to any areas where trust is required: logins, session verification, form submission, document e-signing, location verification, etc. It utilizes three primary technologies that accomplish this while fully leveraging the BYOD reality:
Line-of-sight authentication
Using your smart device camera, LiveEnsure provides line-of-sight authentication and point-of-presence verification from your own phone. No cookies, tokens, OTPs, certificates, JavaScript or passwords are required. Just point and shoot. That's it.
Multi-factor synthesis
LiveEnsure® authenticates the user, site, device and session in real-time with a synthesized factor approach. Instead of isolating PIN#s and passwords, device fingerprints and one-time-tokens, LiveEnsure® synthesizes these into a composite, one-time-signature (more powerful than a one-time-password) so that neither the user, the site nor LiveEnsure® itself can be fooled by isolated and replayed factors. The user does not have to remember, recognize, recall or respond to anything. Just point and scan your BYOD - that's it.
Secure triangulation
Unlike most solutions that rely upon the browser or primary app for all security traffic (kind of like leaving the key to the door under the doormat), LiveEnsure® steps outside the primary communication channel and verifies, independently, the authenticity of the factors and parties involved.
In addition, LiveEnsure® exhibits the following benefits:
- Mashup Integration
- SaaS Cloud Provisioning
- Pay-As-You Pricing
- Free Mobile App - Apple iOS devices, Android and Windows Mobile
The future of verification is here. Visit LiveEnsure® on stand J89 at Infosec Security, Olympia 24th-26th April 2012.
Users: Try it on your mobile: experience.liveensure.com
Developers: Get it for your site or app at www.liveensure.com