1 / 23

About the companies

About the companies. WTG New Technology Corporation (NewTech) is a technology transfer company specializing in the Washington DC market. Passfaces Corporation is a security technology company, featuring Passfaces,. The Companies.

lela
Download Presentation

About the companies

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. About the companies WTG New Technology Corporation (NewTech) is a technology transfer company specializing in the Washington DC market. Passfaces Corporation is a security technology company, featuring Passfaces, The Companies a bi-directional, two factor, cognometric authentication system based on a patented technology that leverages peoples’ innate ability to recognize faces. The Mission To provide the online world with a secure, usable and affordable strong authentication solution and a practical alternative to tokens and biometrics.

  2. More About Passfaces CU Service Provider Royal Credit Union • Passfaces: Strong / Two Factor Authentication and Phishing Protection • Used primarily in Banking and Healthcare • Also used – without problem – for 8 years by a major branch of the US Government • Core technology is cognometrics,the human brain’s innate ability to recognize familiar faces • Patents granted world-wide • Deployed without hitch to users at a major credit union in 2008 • Selected by major healthcare provider with users in 2009 • Customers include:

  3. Why Strong Authentication ? Strong authentication is an essential enabler for the provision of online services It is needed for: • Transaction & Data Protection • E.g. Online banking, Personal Health Records • Compliance • E.g. FFIEC, HIPAA • User Reassurance / Trust • Insecure users won’t use online services And becausePasswords: • can be guessed or “cracked” • are written down And • people use the same one everywhere • Users forget them (and call the help desk) • And, most critically today,they can be phished! “Passwords are the weakest of weakest links”– Bill Gates

  4. Why Passfaces ? Passfaces provides strong authentication – and phishing protection– without pain! • Easy to deploy • Leverages existing password infrastructure • No user hardware or software – works in browser • No new servers or databases • Easy for users • No device to lose or forget • No personal questions/answers to remember • Machine & location independent – i.e. fully portable • Built-in anti phishing does not require user attention • Easy for administrators • [Almost] no resets • Actually liked by users • Easy on budgets • Less than one tenth the cost of tokens • Save on purchase, implementation and support

  5. Passfaces is Different Passfaces is a graphical authentication system Faces are Different • The brain uses a dedicated, intuitive process to “learn” and remember faces • The brain recognizes, not recalls, faces • Face recognition is a universal skill – independent of age, language or education Graphics and images are among the simplest and most effective means to communicate and interact with people But, like a password, you still need torecalla graphic or image Source: Face Recognition: A Literature Survey. National Institute of Standards and Technology

  6. Here are your Passfaces Passfaces Strong Authentication • Passfaces provide a simple, but powerful, means of overcoming the vulnerabilities of passwords • Passfaces are used with a password to provide two factor or strong authentication • For two-factor authentication, users are typically assigned 3 secret passfaces in addition to their password

  7. Passfaces Strong Authentication • To log on, users pick out one of their Passfaces from a challenge grid of 9 faces • Each challenge grid contains 1 Passface and 8 decoy faces • The process is repeated for each of the users’ Passfaces Click On Your Passface

  8. A CREDIT UNION DEMONSTRATION For your convenience, we would like to show you a brief demonstration of a credit union's use of Passfaces for their online members

  9. Security– better than passwords alone Usability– no complex pass codes or procedures Non-Intrusive– users are averse to change and reluctant to do more Visibility– users want to see that companies are increasing security Mobility– users log on using different PCs in different locations Consistency – of user experience Reliability – no false rejection, no system errors, no user errors Bidirectional – verify the User to the Site AND the Site to the User Flexibility– for varying risk levels and customer choice Easy Integration– with current systems and procedures Low Cost– Procurement, deployment and ongoing maintenance Source: Gartner Inc. Strong Authentication Requirements Usability is key – especially for consumers. If they can’t or won’t use the security system, then it won’t work!

  10. What Are the Alternatives? Code Cards Smart Cards Biometrics Tokens Keypad Scrambler Crypto Cookie

  11. Strong Authentication Alternatives Click On Your Passface █ █ █ Good OK Bad Passfaces is unique in meeting all the requirements for strong authentication

  12. Integrates Passfaces with any Internet platform Includes Server-side code Passfaces Web Clients Administration Console Reference Implementations Detailed integration information Passfaces Image Library Passfaces For NFCU

  13. Windows, Java, or SDK Face Library Passfaces Admin Passfaces Web Access Existing Web Application Integrated with End User Client Existing User Database Application Server ODBC or LDAP connector or JDBC/JNDI Interface Web Server Java Script, ActiveX, or Java No Software or Installation Required

  14. Web Server/Outlook Web Access Administrator Passfaces Admin Console Web Users Passfaces Web Client Internet Passfaces Web AccessSeparate Passfaces Server AD or SQL Database orLDAP Directory Server SQL Database orLDAP Directory Server Passfaces Server (Windows IIS or Java) (JavaScript, ActiveX or Java) No installation! SSL Existing Application Server

  15. Passfaces Web Access – Architecture for SSL VPN Connectivity Web Users Passfaces Web Client Corporate Network Passfaces Admin Console AD or SQL Database orLDAP Directory Server DMZ Passfaces Server (Windows IIS or Java) SSL/VPN Corporate Resources SSL Login information and control

  16. Passfaces Web Access – Architecture for Citrix Connectivity Web Users Passfaces Web Client Corporate Network Passfaces Admin Console AD or SQL Database orLDAP Directory Server DMZ Passfaces Server (Windows IIS or Java) Citrix Server Corporate Resources SSL Login information and control

  17. Everything Needed to Add Passfaces • Administration Console • Web Based (Java application servers) • Windows (Microsoft IIS) • Server-side code • Java class package • Java servlet (HTTP interface) • ISAPI extension DLL for Microsoft IIS • Passfaces Web Clients • JavaScript / Java applet / ActiveX • Reference Implementations • Sample JSP/ASP/HTML pages • Detailed integration information • Passfaces Image Library • Standard or Custom

  18. Customizable User Interface Add Your Logo Change Background Colors

  19. User Authentication Thornberry is adding Passfaces, an enhanced logon procedure, to our online services. The new process places an additional security lock to existing Online IDs and passwords. We are taking this step to provide the best protection possible for your online account information. Users are required to enable Passfaces over the next thirty days. You will be prompted to enable Passfaces each time you login. We recommend you enhance your login security as soon a s possible. The process takes from 3 to 5 minutes. We also recommend you View the Demo before starting the process. Integrated, Editable User Help Manual Built In Help • Link to Passfaces Help • Modify Files to Create a Custom Help Manual • Add Your Logo • Easily edited HTML lets you add sections specific to your Web Access procedures Thornberry Authentication

  20. NIST Acknowledgment of Passfaces? • From NIST 800.63 Appendix A2 page 61:A.2 Other Types of PasswordsSome password systems require a user to memorize a number of images, such as faces. Users are then typically presented with successive fields of several images (typically 9 at a time), each of which contains one of the memorized images. Each selection represents approximately 3.17 bits of entropy. If such a system used five rounds of memorized images, then the entropy of system would be approximately 16 bits. Since this is randomly selected password the guessing entropy and min-entropy are both the same value. It is possible to combine randomly chosen and user chosen elements into a single composite password. For example a user might be given a short randomly selected value to ensure min-entropy to use in combination with a user chosen password string. The random component might be images or a character string.

  21. Customer Testimonials “Passfaces is one of those products that just works… We installed it 7 years ago and have never had a problem with it… I see all these complicated new authentication systems being introduced by the banks and wonder why they don’t just use Passfaces.” CISO, US Government. “We selected Passfaces as it not only raises the bar in terms of security, but it is both easy to use and to implement.” David Vandeven, President/CEO Midwest Independent Bank. "ParadigmHealth was an early innovator of website security and authentication. Security and data privacy remain our focus, but now with Passfaces we are also highlighting the importance of increasing ease of use. Passfaces fully addresses the authentication requirements for the large-scale deployment of Personal Health Records." Tom Hagan, ParadigmHealth CIO. “Thank you again for your support, your product is already making my life a lot easier and you can quote me on that if you like…” Paul Osnes, CIO Easter Seals of Southern California. “Passfaces was so unique and we felt our client base would find it very much ‘cutting edge’. We wanted something exciting; something different that had security second to none. It excited our folks internally and I knew it would excite our client base as well.” Tom Leib, Product Manager RC Olmstead. “Buckeye State Credit Union understands its members concerns for secure online banking. We feel that our member’s financial information is worth the best and most secure layer of authentication we could find. That is why we chose Passfaces. This is much more secure than asking questions like your mother’s maiden name or your favorite pet’s name, or choosing a static picture like a watermelon or a beach scene as your login sign.… Our initial rollout was far more successful than I had ever imagined. My staff and I were prepared and we set realistic expectations that were exceeded. Sometimes the right choice is hard to make but today I am confident that our member’s information is secure because of Passfaces.” Charles Stanfield, Information Systems Director, Buckeye State Credit Union.

More Related