SlideShare une entreprise Scribd logo

Phishcops multifactor-authentication-website-authentication1096

Télécharger en tant que PPT, PDF
Hai Nguyen
Hai Nguyen
Technologie
1  sur  26
PhishCops™PhishCops™ Multi-Factor Authentication Website Authentication Click to continue This communication © 2006 Sestus Data Corporation. All Rights Reserved. THE CONTENTS OF THIS COMMUNICATION ARE PROTECTED UNDER COPYRIGHT AND/OR PATENT. Some elements, technologies, processes, and/or information contained in this communication are confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mis-transmission of this information. You may not, directly or indirectly, use, disclose, distribute, print, or copy any part of this communication if you are not the intended recipient. Requires: Microsoft PowerPoint® 2003 Return to Website
Powerpoint RequirementsPowerpoint Requirements Click to continue This Presentation This presentation was developed using Microsoft Powerpoint 2003® . If you are using an earlier version of Microsoft Powerpoint®, certain visual effects may be unavailable. If you require a earlier (Microsoft Powerpoint 95®) version of this presentation, a web-based version of this presentation, or would like to have this presentation on CD, please contact us at (800) 788-1927, or email us at info@sestusdata.com. Microsoft PowerPoint® 2003 Return to Website
The FDIC and FFIEC made TWO RecommendationsThe FDIC and FFIEC made TWO Recommendations Click to continue The FDIC’s Findings On December 14, 2004, the U.S. Federal Deposit Insurance Corporation (FDIC) published a study presenting their findings on how the financial industry and its regulators could mitigate the risks associated with phishing and identity theft. In this report, the FDIC identified TWO root causes for the problem of online identity theft1 : 1) Authentication methods are insufficiently strong. 2) The internet lacks email and website authentication capabilities. 1. Source: “Putting an End to Account Hijacking Identity Theft”, FDIC, December 14, 2004. 2. Source: “Authentication in an Internet Banking Environment (Updated Guidance Letter)”, FFIEC, October 12, 2005. The FFIEC’s Recommendations On October 12, 2005, the Federal Financial Institutions Examination Council (FFIEC) issued an updated guidance letter for banks and financial institutions which echoed the FDIC’s findings and made TWO corresponding recommendations:2 : 1) Implement strong multi-factor authentication. 2) “authenticate their websites to customers BEFORE collecting sensitive information” and “assess the adequacy of such authentication techniques in light of new or changing risks such as phishing”. Return to Website
Other Authentication MethodsOther Authentication Methods Other Authentication Methods To understand how PhishCops™ works, it is necessary to understand how it differs from other types of authentication. All Other authentication methods fall under one of 3 categories: Knowledge Based, Object Based, and ID Based… Click to continue ID-Based ("who you ARE") methods are the strongest of the three authentication methods, and are characterized by uniqueness to one person. Biometrics, such as a fingerprint, eye scan, voiceprint, or signature fall under this category. Vulnerabilities: If a biometric is compromised, it can not be as easily replaced. Hardware limitations also make the use of this authentication unaffordable to many and difficult to implement en-masse. Knowledge-Based ("what you KNOW") methods are the most common (and the weakest) of the three authentication methods and are characterized by secrecy or obscurity. This is the most widely used method and includes the memorized Login ID, password, selectable image, personal question challenge / response, etc. Vulnerabilities: People can be tricked into divulging logins, passwords, and the answers to personal questions. Images can be copied and re-used. Object-Based ("what you HAVE") methods are the most technically complex of the three authentication methods and are characterized by physical possession. Physical keys, hardware tokens, etc. fall into this category. Vulnerabilities: Objects can be lost. Users can be tricked into disclosing the object’s returned values. The objects are costly and unpopular with consumers. Return to Website
Other Authentication VendorsOther Authentication Vendors Click to continue Other Authentication Vendors All other authentication products fall under one of these 3 authentication methods. Knowledge-based Vendors PhishCops™, however, uses mathematic authentication algorithms developed by the National Institute of Standards & Technology (NIST) and the Information Technology Laboratory (ITL) under the authority of the U.S. Department of Commerce3 These algorithms are the current standard used by all branches of the U.S. federal government. PhishCops™ is the ONLY multi-factor authentication solution vendor using government-approved authentication algorithms in a multi-factor authentication solution. 3. Source: “Source: Processing Standards Publication 180-2. U.S. Department of Commerce, National Institute of Standards and Technology (NIST), Information Technology Laboratory (ITL). Passmark Sitekey Cyota eStamp PostX Anakam Cloudmark Cavion Digital ResolveSecure Computing Soltrus 41st Parameter Many vendors have rushed to bring “image-based” or similar shared-secret solutions to market (a “knowledge- based” approach). In an attempt to satisfy “multi-factor” authentication requirements, some have added a “device ID” to the customer’s computer, but if no device ID can be retrieved from the customer’s computer, they simply fall back on asking the customer (or the phisher) to supply answers to personal questions (again, a “knowledge-based” approach). Bottom line: If the customer (or the phisher) can supply the right credentials, and/or answer the questions correctly, these solutions will let them into the account. Return to Website
Other Authentication VendorsOther Authentication Vendors Click to continue Other Authentication Vendors All other authentication products fall under one of these 3 authentication methods. 2005 Homeland Security Award Semi-Finalist As a result of our innovative and groundbreaking use of these government-approved authentication algorithms, the U.S. government named PhishCops™ a semi-finalist for the 2005 Homeland Security Award. PhishCops™ was the only multi-factor authentication solution named to this award. Passmark Sitekey Cyota eStamp PostX Anakam Cloudmark Cavion Digital ResolveSecure Computing Soltrus 41st Parameter Knowledge-based Vendors Many vendors have rushed to bring “image-based” or similar shared-secret solutions to market (a “knowledge- based” approach). In an attempt to satisfy “multi-factor” authentication requirements, some have added a “device ID” to the customer’s computer, but if no device ID can be retrieved from the customer’s computer, they simply fall back on asking the customer (or the phisher) to supply answers to personal questions (again, a “knowledge-based” approach). If the customer (or the phisher) can supply the right credentials, or answer the questions correctly, these solutions will let them into the account. Return to Website
Other Authentication VendorsOther Authentication Vendors Click to continue Passmark Sitekey Cyota eStamp PostX Anakam Cloudmark Cavion Digital ResolveSecure Computing Soltrus 41st Parameter Other Authentication Vendors All other authentication products fall under one of these 3 authentication methods. Knowledge-based Vendors These solutions, however, authenticate the website AFTER the customer has divulged their website login ID or other sensitive information. PhishCops™, follows the FFIEC’s recommendation and authenticates websites to customers BEFORE the customer has divulged any website login ID or other sensitive information. In their Guidance Letter, the FFIEC urged financial institutions to: “authenticate their web sites to the customer BEFORE collecting sensitive information” Return to Website
Other Authentication VendorsOther Authentication Vendors Click to continue Passmark Sitekey Cyota eStamp PostX Anakam Cloudmark Cavion Digital ResolveSecure Computing Soltrus 41st Parameter Other Authentication Vendors All other authentication products fall under one of these 3 authentication methods. Knowledge-based VendorsObject-based Vendors Vasco RSA As a result, some hardware token vendors are latching on to knowledge-based solution vendors in an attempt to keep their aging technologies viable in a changing world. = Passmark = Cyota PhishCops™, however, was specifically developed for the modern challenges of online identity theft. Sestus Data Corporation developed PhishCops™ from the ground up, working with internet "backbone" companies and government regulators, merging thoroughly tested unbreakable (and government- approved) authentication algorithms with modern web-based technologies to create the most powerful and user-friendly multi-factor authentication solution in the world. VerisignTriCipher Object based vendors (hardware solution providers) have struggled to adapt outdated technology to meet the modern problems of online identity theft. Unfortunately, while possessing a token or other physical piece of hardware may help identify a user to the website, they are incapable of authenticating the website to the user. Return to Website
Other Authentication VendorsOther Authentication Vendors Click to continue Passmark Sitekey Cyota eStamp PostX Anakam Cloudmark Cavion Digital ResolveSecure Computing Soltrus 41st Parameter Other Authentication Vendors All other authentication products fall under one of these 3 authentication methods. Object-based Vendors Vasco RSA= Passmark = Cyota PhishCops™ Virtual Tokens exist “virtually” and cannot be lost or stolen. As a result, customers experience no account “down-time”. VerisignTriCipher Objects such as hardware tokens, smart cards, and other devices can be lost, stolen, or forgotten. Until they are retrieved or restored, the customer is unable to access their online account. Knowledge-based Vendors Return to Website
Other Authentication VendorsOther Authentication Vendors Click to continue Passmark Sitekey Cyota eStamp PostX Anakam Cloudmark Cavion Digital ResolveSecure Computing Soltrus 41st Parameter Other Authentication Vendors All other authentication products fall under one of these 3 authentication methods. Object-based Vendors Vasco RSA= Passmark = Cyota The PhishCops™ Virtual Token Device can only be accessed by their owners, and only following a valid request from a genuine website, eliminating the “Nordea Bank” possibility of “man-in-the-middle” type attacks. 4. Source: “Scandinavian Attack Against Two-Factor Authentication” Schneier on Security. October 25, 2005 VerisignTriCipher Knowledge-based Vendors Many organizations mistakenly believe hardware tokens, smartcards, and similar devices are invulnerable to phishing and other forms of online identity theft. Nordea Bank’s recent experience shows the error of this thinking. In Nordea Bank’s widely publicized phishing scare, phishers simply acted as the “go-between”, or “man-in-the- middle” between the bank’s customers and the legitimate website, and accessed the victim’s accounts using token data solicited from unsuspecting customers4 . Return to Website
Other Authentication VendorsOther Authentication Vendors Click to continue Passmark Sitekey Cyota eStamp PostX Anakam Cloudmark Cavion Digital ResolveSecure Computing Soltrus 41st Parameter Other Authentication Vendors All other authentication products fall under one of these 3 authentication methods. Object-based Vendors Vasco RSA= Passmark = Cyota PhishCops™ users, however, ARE more secure. PhishCops™ also provides unbreakable security at a fraction of the cost of object-based authentication devices. Finally, PhishCops™ utilizes user-friendly technology familiar to every internet user. 5. Source: The Washington Post, August 28, 2005 VerisignTriCipher Knowledge-based Vendors Hardware based approaches are among the most costly solutions. In addition to being costly, they are unpopular with users. The Washington Post reported on a study conducted by Gartner Research that concluded: “devices like the RSA token are unpopular with consumers. What's more, they might not be offering the right kind of protection… These tokens mainly offer a "placebo effect" to users who want to feel more secure.“5 Return to Website
Other Authentication VendorsOther Authentication Vendors Click to continue Passmark Sitekey Cyota eStamp PostX Anakam Cloudmark Cavion Digital ResolveSecure Computing Soltrus 41st Parameter Other Authentication Vendors All other authentication products fall under one of these 3 authentication methods. Object-based Vendors Vasco RSA= Passmark = Cyota We agree. Physical tokens and similar hardware devices are stealable. PhishCops™ is not. For its patent-pending “virtual” token based approach, InfoWorld Magazine awarded PhishCops™ its highest honor, the Infoworld 100 Award. Of the 100 organizations honored for their groundbreaking technological achievements, PhishCops™ was the only multi-factor authentication solution so honored. 6. Source: International Biometric Industry Association Letter to the NIST.March 15, 2004 VerisignTriCipher Knowledge-based Vendors Regarding hardware tokens, smartcards, and similar device-based authentication, the International Biometric Industry Association (IBIA) recently reported in a strongly- worded letter of concern to the National Institute of Standards and Technology: “IBIA does NOT agree that combining a token with a password offers “good” two-factor authentication… [why?] …passwords and tokens are eminently stealable .“6 Return to Website
Other Authentication VendorsOther Authentication Vendors Click to continue Passmark Sitekey Cyota eStamp PostX Anakam Cloudmark Cavion Digital ResolveSecure Computing Soltrus 41st Parameter Other Authentication Vendors All other authentication products fall under one of these 3 authentication methods. Object-based Vendors Vasco RSA= Passmark = Cyota VerisignTriCipher ID (Biometric) Based Vendors PhishCops™ includes biometric notification features that does not require hardware. This feature is patent- pending and the first of its kind in the world. By integrating biometrics into our process, PhishCops™ can deliver unbreakable mathematic authentication in a form easily understandable by human beings. Knowledge-based Vendors Biometric authentication is recognized as the strongest authentication method, but biometrics can only authenticate customers to the website. Biometrics cannot authenticate the website to the customer as recommended by the FFIEC. In addition, biometric authentication is the costliest approach and hardware limitations prevent its general use. Return to Website
Problems reported with other solutions…Problems reported with other solutions… Click to continue Bank of America Reports Implementation Problems with Passmark Sitekey… PCWorld8 Bank of America spokesperson, Betty Riess “declined to comment” on whether or not the BofA's Sitekey system would even meet FFIEC requirements. 9. Source: Information Week, “Phishing Attacks Show Sixfold Increase This Year” June 13, 2005 Cloudmark, Cyota, PassMark Security, PostX, None Offer a Complete Answer to the Problem… Information Week9 “There are a number of anti-phishing products available from companies such as Cloudmark, Cyota, PassMark Security, PostX, and others, but none offer a complete answer to the problem.…They don't confirm if a web site is legitimate". 8. Source: PCWorld, “Bank of America Delays Security Update” October 21, 2005 Passmark Sitekey: Answering the Wrong Question… IT Management News10 “The SiteKey system fails to address the fundamental problem of phishing because it leaves the customer susceptible to the classic Man in the Middle false-storefront attack.” 10. Source: IT Management News, “PassMark's SiteKey - Answering The Wrong Question ” July 26, 2005 RSA (Cyota) is Entering Markets it has no Experience in… Gartner Group11 “RSA Security Acquires Cyota, but Relationship Will Need Work…RSA is entering markets it has no experience in” 11. Source: Gartner Group, “RSA Security Acquires Cyota, but Relationship Will Need Work ” January 4, 2006 Other Authentication Vendors Because of their reliance on fundamentally inadequate technology and flawed processes, problems are already being reported by early adopters of other solutions. Return to Website Gartner Groups warns prospective Passmark Sitekey customers to “consider alternative vendors”… Gartner Group7 “ Consider smaller competitors that offer similar solutions at lower prices.” 7. Source: Gartner Group, “RSA/PassMark Deal” April 27, 2006
StrongStrong multi-factor authenticationmulti-factor authentication Both the FDIC and the FFIEC recommended implementing “strong” multi-factor authentication methods. The strongest authentication methods available are mathematic algorithms developed by the National Institute of Standards & Technology (NIST) and the Information Technology Laboratory (ITL) under the authority of the U.S. Department of Commerce12 . These algorithms are the current standard used by all branches of the U.S. federal government. PhishCops™ uses these unbreakable government-approved algorithms to accomplish all of its critical processes. First, PhishCops™ uses these algorithms to authenticate a website for the user in such a way that it is mathematically invulnerable to fraud or abuse. Next, PhishCops™ uses these algorithms to produce a “virtual” token which the user uses to identify themselves to the website, which token value also cannot be mathematically predicted. For a more thorough technical review of the PhishCops™ process, we invite you to refer to our technical whitepaper. Click to continue 12. Source: “Source: Processing Standards Publication 180-2. U.S. Department of Commerce, National Institute of Standards and Technology (NIST), Information Technology Laboratory (ITL). Return to Website
The PhishCopsThe PhishCops™ Process™ Process The Process Explained PhishCops™ uses unbreakable mathematic authentication algorithms in a patent-pending approach that employs elements of public-key & private-key cryptography. PhishCops™ does not resort to blacklisted databases, obscure filtering, questionable public records, replicatable images, or other non-standard approaches. PhishCops™ Authentication is real authentication and is invulnerable to fraud or abuse. If the website is authentic, the user's "virtual" token generator is presented for their use. If the website is counterfeit, the generator is unavailable and a warning is presented to the user. There is no way for a phisher to compromise the process. In addition, unlike other authentication solutions, users are able to authenticate the website BEFORE divulging any website login or other confidential account information. Click to continue Return to Website
The PhishCopsThe PhishCops™ Process™ Process The Process Explained First, the user types their anonymous PhishCops™ User ID into a simple textbox on the webpage. Click to continue “WILDMAN345” IMPORTANT: This “PhishCops™ User ID” is NOT the user’s website account login or password. If the website is a phishing website, the user will not have compromised any account login credentials. This User ID is simply an anonymous identifier which the user created during the enrollment process (or had created for them by the website owner). It acts as sort of a “virtual token device serial number”, telling the authentic website which “virtual token device” to retrieve from PhishCops.com (or from the authenticating website if they are hosting the solution). Return to Website
The PhishCopsThe PhishCops™ Process™ Process The Process Explained The website performs the necessary processing to produce a “digital signature”. This signature is produced using mathematic authentication scripts previously supplied to the website by PhishCops™. The website uses this produced “signature” to request the user’s virtual token device from PhishCops.com (or from the financial services website if they are hosting the authentication solution). Click to continue 325f8a61c85aef21fc8dba14a250420a3754e13ebef833da615637f210793c5d IMPORTANT: Only an authentic website can produce a valid “digital signature”. If the signature is invalid, authentication stops. Return to Website
The PhishCopsThe PhishCops™ Process™ Process The Process Explained Since the digital signature is valid, the requested “virtual” token device is returned to the user. Click to continue IMPORTANT: Since ONLY a genuine website can produce a valid digital signature, a phishing website cannot present their victims with their virtual token device. This also means users cannot be tricked into divulging their token values to phishers and there is no device which can be lost or stolen. Return to Website
The PhishCopsThe PhishCops™ Process™ Process The Process Explained The token is presented in a ‘locked’ state. The user/owner enters their 4-digit Token PIN to unlock their token in much the same way they would unlock a physical token device. This produces a valid token value which they then enter to the requesting website. Click to continue 1234 744012 Authentication is now complete. The website has been authenticated to the user because only a valid website can produce the user’s token device. The user has been authenticated to the website because only they can retrieve a valid token value from their virtual token device. Return to Website
The PhishCopsThe PhishCops™ Process™ Process The Process Summary All the user has to do to use PhishCops™ is request their virtual token device, unlock the device, and return its secure token to the website. Simple and easy. Click to continue The User: 1) enters “WILDMAN345” (to request their virtual token device from the website) 2) enters “1234” (to unlock their virtual token device and generate a token) 3) returns the secure token “744012” to the website. Return to Website
Click to continue Other… This represents, in the simplest terms, the basic PhishCops™ process. This presentation did not describe how PhishCops™ prevents “man in the middle” phishing attacks through our “Restricted Access” feature, how we protect user’s privacy in the event of a data breach, how we notify users that the authentication was successful through our patent-pending biometric notification feature, and many other security features of PhishCops™. Obviously, much more time will be required to explain these and other elements in detail, however we invite you to refer to the technical whitepaper on our website for a more thorough discussion. The PhishCopsThe PhishCops™ Process™ Process Return to Website
ArchitectureArchitecture Click to continue Architecture OPERATING SYSTEM REQUIREMENTS None. Entirely web-based. SOFTWARE & HARDWARE REQUIREMENTS None. Entirely web-based using traditional HTML and server-side scripting. STAFFING & SUPPORT REQUIREMENTS If the website already employs someone to maintain their website, they already have all the technical support staffing they need to support PhishCops™. USER REQUIREMENTS: None. If the user can get to the internet, they can use PhishCops™. Return to Website
ArchitectureArchitecture Click to continue Architecture Since PhishCops™ is an entirely web-based process, interoperability is no longer a concern. Unlike other solutions which must accommodate different operating system environments, hardware constraints, and user computer configurations, PhishCops™ relies entirely on traditional html and server-side scripting. ALL websites in the world can implement PhishCops™. ALL Internet users in the world can use PhishCops™. Since PhishCops™ uses only traditional html and server-side scripting, it can be accessed from any device with browser capabilities, including PDAs, PCs, web-effective phones, etc. Processing constraints are extremely low on the part of the hosting website. The website server performs no processing which may be different than that which the website currently performs. The solution is also infinitely scalable to accommodate future growth. Return to Website
Sestus Data CorporationSestus Data Corporation Click to continue Sestus Data Corporation Company Background PhishCops™ is solely owned by Sestus Data Corporation. Headquartered in Phoenix, Arizona, Sestus Data Corporation has created innovative solutions to internet challenges for more than 10 years. Sestus Data Corporation is entirely self-funded and maintains development and support staff in both the United States and Canada. The PhishCops™ Project Development of PhishCops™ began in 2004 in response to the growing problem of internet account hijacking and identity theft. PhishCops™ is copyrighted, patent pending, and is protected by both U.S. and international laws. Industry Recognition PhishCops™ was recently rated #1 among multi-factor authentication solutions for ease of implementation and overall low-cost of ownership, and it was the only multi-factor authentication solution to receive InfoWorld's highest honor, the InfoWorld 100 Award. Within the past 30 days, we have facilitated 3528 live demonstrations and 286 companies have contacted us for additional information or to begin a free 14-day trial implementation. Government Praise PhishCops™ uses unbreakable mathematic authentication algorithms developed by the National Institute of Standards and Technology (NIST) and the Information Technology Laboratory (ITL) under the authority of the U.S. Department of Commerce. For its use of these unbreakable authentication algorithms in a revolutionary new approach to internet security, in 2005 the U.S. government named PhishCops™ a semi-finalist for the Homeland Security Award, the only multi-factor authentication solution ever named to this award. Return to Website
Thank YouThank You Contact Information: Sestus Data Corporation 10030 W. McDowell Rd. Suite 150-508 Avondale, AZ 85323 USA Tel: (800) 788-1927 Fax: (800) 741-9048 Email: info@sestusdata.com End of Presentation Return to Website

Recommandé

Securing Citizen Facing Applications
Securing Citizen Facing ApplicationsSecuring Citizen Facing Applications
Securing Citizen Facing Applicationsedwinlorenzana
 
Global Scale Identity Management
Global Scale Identity ManagementGlobal Scale Identity Management
Global Scale Identity ManagementGaurav Bhatia
 
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...Entrust Datacard
 
Switch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration GuideSwitch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration GuideEntrust Datacard
 
IAM: Getting the basics right
IAM: Getting the basics rightIAM: Getting the basics right
IAM: Getting the basics rightDavid Doret
 
Lessons in privacy engineering from a nation scale identity system - connect id
Lessons in privacy engineering from a nation scale identity system - connect idLessons in privacy engineering from a nation scale identity system - connect id
Lessons in privacy engineering from a nation scale identity system - connect idDavid Kelts, CIPT
 
Data Leakage Prevention
Data Leakage PreventionData Leakage Prevention
Data Leakage PreventionMicrosoft TechNet - Belgium and Luxembourg
 
Taking Control of the Digital and Mobile User Authentication Challenge
Taking Control of the Digital and Mobile User Authentication ChallengeTaking Control of the Digital and Mobile User Authentication Challenge
Taking Control of the Digital and Mobile User Authentication ChallengeEMC
 

Recommandé

Securing Citizen Facing Applications
Securing Citizen Facing ApplicationsSecuring Citizen Facing Applications
Securing Citizen Facing Applicationsedwinlorenzana
 
Global Scale Identity Management
Global Scale Identity ManagementGlobal Scale Identity Management
Global Scale Identity ManagementGaurav Bhatia
 
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...Entrust Datacard
 
Switch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration GuideSwitch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration GuideEntrust Datacard
 
IAM: Getting the basics right
IAM: Getting the basics rightIAM: Getting the basics right
IAM: Getting the basics rightDavid Doret
 
Lessons in privacy engineering from a nation scale identity system - connect id
Lessons in privacy engineering from a nation scale identity system - connect idLessons in privacy engineering from a nation scale identity system - connect id
Lessons in privacy engineering from a nation scale identity system - connect idDavid Kelts, CIPT
 
Data Leakage Prevention
Data Leakage PreventionData Leakage Prevention
Data Leakage PreventionMicrosoft TechNet - Belgium and Luxembourg
 
Taking Control of the Digital and Mobile User Authentication Challenge
Taking Control of the Digital and Mobile User Authentication ChallengeTaking Control of the Digital and Mobile User Authentication Challenge
Taking Control of the Digital and Mobile User Authentication ChallengeEMC
 
Information Leakage & DLP
Information Leakage & DLPInformation Leakage & DLP
Information Leakage & DLPYun Lu
 
Improving Collaboration Through Identity Management
Improving Collaboration Through Identity ManagementImproving Collaboration Through Identity Management
Improving Collaboration Through Identity ManagementGov BizCouncil
 
Cardware Conference presentation on BIG DATA June 17-18 2014
Cardware Conference presentation on BIG DATA June 17-18 2014Cardware Conference presentation on BIG DATA June 17-18 2014
Cardware Conference presentation on BIG DATA June 17-18 2014Lisa Abe-Oldenburg, B.Comm., JD.
 
Wear fit
Wear fitWear fit
Wear fitAndrey Apuhtin
 
Enterprise Mobile Security for PeopleSoft
Enterprise Mobile Security for PeopleSoftEnterprise Mobile Security for PeopleSoft
Enterprise Mobile Security for PeopleSoftHendrix Bodden
 
idOnDemand | Article | Looking For An ID Solution? Get It From idOnDemand!
idOnDemand | Article | Looking For An ID Solution? Get It From idOnDemand!idOnDemand | Article | Looking For An ID Solution? Get It From idOnDemand!
idOnDemand | Article | Looking For An ID Solution? Get It From idOnDemand!Identive
 
New Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataNew Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataEMC
 
Protecting Intellectual Property and Data Loss Prevention (DLP)
Protecting Intellectual Property and Data Loss Prevention (DLP)Protecting Intellectual Property and Data Loss Prevention (DLP)
Protecting Intellectual Property and Data Loss Prevention (DLP)Arpin Consulting
 
Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)Network Intelligence India
 
Research Report Health Informatics 05-2016_FINAL
Research Report Health Informatics 05-2016_FINALResearch Report Health Informatics 05-2016_FINAL
Research Report Health Informatics 05-2016_FINALBenjamin Wyrick
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enoughEMC
 
Analyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - ChinaAnalyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - ChinaEMC
 
Mswe601 Research Presentation Andrew Notarian
Mswe601 Research Presentation Andrew NotarianMswe601 Research Presentation Andrew Notarian
Mswe601 Research Presentation Andrew Notariannotarian
 
Data Leakage Prevention - K. K. Mookhey
Data Leakage Prevention - K. K. MookheyData Leakage Prevention - K. K. Mookhey
Data Leakage Prevention - K. K. MookheyNetwork Intelligence India
 
Cloud computing
Cloud computingCloud computing
Cloud computingAli Raza
 
Your Data Center Boundaries Don’t Exist Anymore!
Your Data Center Boundaries Don’t Exist Anymore! Your Data Center Boundaries Don’t Exist Anymore!
Your Data Center Boundaries Don’t Exist Anymore! EMC
 
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...Authentic8
 
Authentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webAuthentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webSafeNet
 
Information Technology Security Is Vital For The Success...
Information Technology Security Is Vital For The Success...Information Technology Security Is Vital For The Success...
Information Technology Security Is Vital For The Success...Brianna Johnson
 
We Know Your Type
We Know Your TypeWe Know Your Type
We Know Your TypeCTIN
 
Two factor authentication
Two factor authenticationTwo factor authentication
Two factor authenticationHai Nguyen
 
Two factor authentication
Two factor authenticationTwo factor authentication
Two factor authenticationHai Nguyen
 

Contenu connexe

Tendances

Information Leakage & DLP
Information Leakage & DLPInformation Leakage & DLP
Information Leakage & DLPYun Lu
 
Improving Collaboration Through Identity Management
Improving Collaboration Through Identity ManagementImproving Collaboration Through Identity Management
Improving Collaboration Through Identity ManagementGov BizCouncil
 
Cardware Conference presentation on BIG DATA June 17-18 2014
Cardware Conference presentation on BIG DATA June 17-18 2014Cardware Conference presentation on BIG DATA June 17-18 2014
Cardware Conference presentation on BIG DATA June 17-18 2014Lisa Abe-Oldenburg, B.Comm., JD.
 
Enterprise Mobile Security for PeopleSoft
Enterprise Mobile Security for PeopleSoftEnterprise Mobile Security for PeopleSoft
Enterprise Mobile Security for PeopleSoftHendrix Bodden
 
idOnDemand | Article | Looking For An ID Solution? Get It From idOnDemand!
idOnDemand | Article | Looking For An ID Solution? Get It From idOnDemand!idOnDemand | Article | Looking For An ID Solution? Get It From idOnDemand!
idOnDemand | Article | Looking For An ID Solution? Get It From idOnDemand!Identive
 
New Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataNew Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataEMC
 
Protecting Intellectual Property and Data Loss Prevention (DLP)
Protecting Intellectual Property and Data Loss Prevention (DLP)Protecting Intellectual Property and Data Loss Prevention (DLP)
Protecting Intellectual Property and Data Loss Prevention (DLP)Arpin Consulting
 
Research Report Health Informatics 05-2016_FINAL
Research Report Health Informatics 05-2016_FINALResearch Report Health Informatics 05-2016_FINAL
Research Report Health Informatics 05-2016_FINALBenjamin Wyrick
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enoughEMC
 
Analyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - ChinaAnalyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - ChinaEMC
 
Mswe601 Research Presentation Andrew Notarian
Mswe601 Research Presentation Andrew NotarianMswe601 Research Presentation Andrew Notarian
Mswe601 Research Presentation Andrew Notariannotarian
 
Cloud computing
Cloud computingCloud computing
Cloud computingAli Raza
 
Your Data Center Boundaries Don’t Exist Anymore!
Your Data Center Boundaries Don’t Exist Anymore! Your Data Center Boundaries Don’t Exist Anymore!
Your Data Center Boundaries Don’t Exist Anymore! EMC
 
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...Authentic8
 

Tendances (17)

Information Leakage & DLP
Information Leakage & DLPInformation Leakage & DLP
Information Leakage & DLP
 
Improving Collaboration Through Identity Management
Improving Collaboration Through Identity ManagementImproving Collaboration Through Identity Management
Improving Collaboration Through Identity Management
 
Cardware Conference presentation on BIG DATA June 17-18 2014
Cardware Conference presentation on BIG DATA June 17-18 2014Cardware Conference presentation on BIG DATA June 17-18 2014
Cardware Conference presentation on BIG DATA June 17-18 2014
 
Wear fit
Wear fitWear fit
Wear fit
 
Enterprise Mobile Security for PeopleSoft
Enterprise Mobile Security for PeopleSoftEnterprise Mobile Security for PeopleSoft
Enterprise Mobile Security for PeopleSoft
 
idOnDemand | Article | Looking For An ID Solution? Get It From idOnDemand!
idOnDemand | Article | Looking For An ID Solution? Get It From idOnDemand!idOnDemand | Article | Looking For An ID Solution? Get It From idOnDemand!
idOnDemand | Article | Looking For An ID Solution? Get It From idOnDemand!
 
New Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataNew Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud Data
 
Protecting Intellectual Property and Data Loss Prevention (DLP)
Protecting Intellectual Property and Data Loss Prevention (DLP)Protecting Intellectual Property and Data Loss Prevention (DLP)
Protecting Intellectual Property and Data Loss Prevention (DLP)
 
Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)
 
Research Report Health Informatics 05-2016_FINAL
Research Report Health Informatics 05-2016_FINALResearch Report Health Informatics 05-2016_FINAL
Research Report Health Informatics 05-2016_FINAL
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enough
 
Analyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - ChinaAnalyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - China
 
Mswe601 Research Presentation Andrew Notarian
Mswe601 Research Presentation Andrew NotarianMswe601 Research Presentation Andrew Notarian
Mswe601 Research Presentation Andrew Notarian
 
Data Leakage Prevention - K. K. Mookhey
Data Leakage Prevention - K. K. MookheyData Leakage Prevention - K. K. Mookhey
Data Leakage Prevention - K. K. Mookhey
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Your Data Center Boundaries Don’t Exist Anymore!
Your Data Center Boundaries Don’t Exist Anymore! Your Data Center Boundaries Don’t Exist Anymore!
Your Data Center Boundaries Don’t Exist Anymore!
 
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
 

Similaire à Phishcops multifactor-authentication-website-authentication1096

Authentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webAuthentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webSafeNet
 
Information Technology Security Is Vital For The Success...
Information Technology Security Is Vital For The Success...Information Technology Security Is Vital For The Success...
Information Technology Security Is Vital For The Success...Brianna Johnson
 
We Know Your Type
We Know Your TypeWe Know Your Type
We Know Your TypeCTIN
 
Two factor authentication
Two factor authenticationTwo factor authentication
Two factor authenticationHai Nguyen
 
Two factor authentication
Two factor authenticationTwo factor authentication
Two factor authenticationHai Nguyen
 
Identity_and_Access_Management_Overview.ppt
Identity_and_Access_Management_Overview.pptIdentity_and_Access_Management_Overview.ppt
Identity_and_Access_Management_Overview.pptmamathajagarlamudi2
 
PharmaLedger: A Digital Trust Ecosystem for Healthcare
PharmaLedger: A Digital Trust Ecosystem for HealthcarePharmaLedger: A Digital Trust Ecosystem for Healthcare
PharmaLedger: A Digital Trust Ecosystem for HealthcareSSIMeetup
 
Identity Federation on JBossAS
Identity Federation on JBossASIdentity Federation on JBossAS
Identity Federation on JBossASRoger CARHUATOCTO
 
Cyber Security: User Access Pitfalls, A Case Study Approach
Cyber Security: User Access Pitfalls, A Case Study Approach Cyber Security: User Access Pitfalls, A Case Study Approach
Cyber Security: User Access Pitfalls, A Case Study Approach Aviva Spectrum™
 
#MFSummit2016 Secure: Mind the gap strengthening the information security model
#MFSummit2016 Secure: Mind the gap strengthening the information security model#MFSummit2016 Secure: Mind the gap strengthening the information security model
#MFSummit2016 Secure: Mind the gap strengthening the information security modelMicro Focus
 
DevOps for Highly Regulated Environments
DevOps for Highly Regulated EnvironmentsDevOps for Highly Regulated Environments
DevOps for Highly Regulated EnvironmentsDevOps.com
 
Three Step Multifactor Authentication Systems for Modern Security
Three Step Multifactor Authentication Systems for Modern SecurityThree Step Multifactor Authentication Systems for Modern Security
Three Step Multifactor Authentication Systems for Modern Securityijtsrd
 
Kerberos-PKI-Federated identity
Kerberos-PKI-Federated identityKerberos-PKI-Federated identity
Kerberos-PKI-Federated identityWAFAA AL SALMAN
 
Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?
Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?
Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?CA Technologies
 
Biometrics and authentication webinar v3
Biometrics and authentication webinar v3Biometrics and authentication webinar v3
Biometrics and authentication webinar v3DigitalPersona
 
The Federal Information Security Management Act
The Federal Information Security Management ActThe Federal Information Security Management Act
The Federal Information Security Management ActMichelle Singh
 
21 cfr part 11 compliance for software validation and saa s
21 cfr part 11 compliance for software validation and saa s21 cfr part 11 compliance for software validation and saa s
21 cfr part 11 compliance for software validation and saa sGlobalCompliancePanel
 
Finding Your Lost Keys
Finding Your Lost KeysFinding Your Lost Keys
Finding Your Lost Keystrueidentity
 
Oath appsec sf 2015 dem rev. 2
Oath appsec sf 2015 dem rev. 2Oath appsec sf 2015 dem rev. 2
Oath appsec sf 2015 dem rev. 2Donald Malloy
 

Similaire à Phishcops multifactor-authentication-website-authentication1096 (20)

Authentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webAuthentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_web
 
Information Technology Security Is Vital For The Success...
Information Technology Security Is Vital For The Success...Information Technology Security Is Vital For The Success...
Information Technology Security Is Vital For The Success...
 
We Know Your Type
We Know Your TypeWe Know Your Type
We Know Your Type
 
Two factor authentication
Two factor authenticationTwo factor authentication
Two factor authentication
 
Two factor authentication
Two factor authenticationTwo factor authentication
Two factor authentication
 
Identity_and_Access_Management_Overview.ppt
Identity_and_Access_Management_Overview.pptIdentity_and_Access_Management_Overview.ppt
Identity_and_Access_Management_Overview.ppt
 
PharmaLedger: A Digital Trust Ecosystem for Healthcare
PharmaLedger: A Digital Trust Ecosystem for HealthcarePharmaLedger: A Digital Trust Ecosystem for Healthcare
PharmaLedger: A Digital Trust Ecosystem for Healthcare
 
Identity Federation on JBossAS
Identity Federation on JBossASIdentity Federation on JBossAS
Identity Federation on JBossAS
 
Cyber Security: User Access Pitfalls, A Case Study Approach
Cyber Security: User Access Pitfalls, A Case Study Approach Cyber Security: User Access Pitfalls, A Case Study Approach
Cyber Security: User Access Pitfalls, A Case Study Approach
 
#MFSummit2016 Secure: Mind the gap strengthening the information security model
#MFSummit2016 Secure: Mind the gap strengthening the information security model#MFSummit2016 Secure: Mind the gap strengthening the information security model
#MFSummit2016 Secure: Mind the gap strengthening the information security model
 
DevOps for Highly Regulated Environments
DevOps for Highly Regulated EnvironmentsDevOps for Highly Regulated Environments
DevOps for Highly Regulated Environments
 
Three Step Multifactor Authentication Systems for Modern Security
Three Step Multifactor Authentication Systems for Modern SecurityThree Step Multifactor Authentication Systems for Modern Security
Three Step Multifactor Authentication Systems for Modern Security
 
Kerberos-PKI-Federated identity
Kerberos-PKI-Federated identityKerberos-PKI-Federated identity
Kerberos-PKI-Federated identity
 
Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?
Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?
Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?
 
Biometrics and authentication webinar v3
Biometrics and authentication webinar v3Biometrics and authentication webinar v3
Biometrics and authentication webinar v3
 
test
testtest
test
 
The Federal Information Security Management Act
The Federal Information Security Management ActThe Federal Information Security Management Act
The Federal Information Security Management Act
 
21 cfr part 11 compliance for software validation and saa s
21 cfr part 11 compliance for software validation and saa s21 cfr part 11 compliance for software validation and saa s
21 cfr part 11 compliance for software validation and saa s
 
Finding Your Lost Keys
Finding Your Lost KeysFinding Your Lost Keys
Finding Your Lost Keys
 
Oath appsec sf 2015 dem rev. 2
Oath appsec sf 2015 dem rev. 2Oath appsec sf 2015 dem rev. 2
Oath appsec sf 2015 dem rev. 2
 

Plus de Hai Nguyen

Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideHai Nguyen
 
Session 7 e_raja_kailar
Session 7 e_raja_kailarSession 7 e_raja_kailar
Session 7 e_raja_kailarHai Nguyen
 
Securing corporate assets_with_2_fa
Securing corporate assets_with_2_faSecuring corporate assets_with_2_fa
Securing corporate assets_with_2_faHai Nguyen
 
Scc soft token datasheet
Scc soft token datasheetScc soft token datasheet
Scc soft token datasheetHai Nguyen
 
Rsa two factorauthentication
Rsa two factorauthenticationRsa two factorauthentication
Rsa two factorauthenticationHai Nguyen
 
Quest defender provides_secure__affordable_two-factor_authentication_for_okla...
Quest defender provides_secure__affordable_two-factor_authentication_for_okla...Quest defender provides_secure__affordable_two-factor_authentication_for_okla...
Quest defender provides_secure__affordable_two-factor_authentication_for_okla...Hai Nguyen
 
Pg 2 fa_tech_brief
Pg 2 fa_tech_briefPg 2 fa_tech_brief
Pg 2 fa_tech_briefHai Nguyen
 
Ouch 201211 en
Ouch 201211 enOuch 201211 en
Ouch 201211 enHai Nguyen
 
N ye c-rfp-two-factor-authentication
N ye c-rfp-two-factor-authenticationN ye c-rfp-two-factor-authentication
N ye c-rfp-two-factor-authenticationHai Nguyen
 
Multiple credentials-in-the-enterprise
Multiple credentials-in-the-enterpriseMultiple credentials-in-the-enterprise
Multiple credentials-in-the-enterpriseHai Nguyen
 
Mobile authentication
Mobile authenticationMobile authentication
Mobile authenticationHai Nguyen
 
Ijcsi 9-4-2-457-462
Ijcsi 9-4-2-457-462Ijcsi 9-4-2-457-462
Ijcsi 9-4-2-457-462Hai Nguyen
 
Identity cues two factor data sheet
Identity cues two factor data sheetIdentity cues two factor data sheet
Identity cues two factor data sheetHai Nguyen
 
Hotpin datasheet
Hotpin datasheetHotpin datasheet
Hotpin datasheetHai Nguyen
 
Ds netsuite-two-factor-authentication
Ds netsuite-two-factor-authenticationDs netsuite-two-factor-authentication
Ds netsuite-two-factor-authenticationHai Nguyen
 
Datasheet two factor-authenticationx
Datasheet two factor-authenticationxDatasheet two factor-authenticationx
Datasheet two factor-authenticationxHai Nguyen
 
Cryptomathic white paper 2fa for banking
Cryptomathic white paper 2fa for bankingCryptomathic white paper 2fa for banking
Cryptomathic white paper 2fa for bankingHai Nguyen
 

Plus de Hai Nguyen (20)

Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guide
 
Sms based otp
Sms based otpSms based otp
Sms based otp
 
Session 7 e_raja_kailar
Session 7 e_raja_kailarSession 7 e_raja_kailar
Session 7 e_raja_kailar
 
Securing corporate assets_with_2_fa
Securing corporate assets_with_2_faSecuring corporate assets_with_2_fa
Securing corporate assets_with_2_fa
 
Scc soft token datasheet
Scc soft token datasheetScc soft token datasheet
Scc soft token datasheet
 
Rsa two factorauthentication
Rsa two factorauthenticationRsa two factorauthentication
Rsa two factorauthentication
 
Quest defender provides_secure__affordable_two-factor_authentication_for_okla...
Quest defender provides_secure__affordable_two-factor_authentication_for_okla...Quest defender provides_secure__affordable_two-factor_authentication_for_okla...
Quest defender provides_secure__affordable_two-factor_authentication_for_okla...
 
Pg 2 fa_tech_brief
Pg 2 fa_tech_briefPg 2 fa_tech_brief
Pg 2 fa_tech_brief
 
Ouch 201211 en
Ouch 201211 enOuch 201211 en
Ouch 201211 en
 
N ye c-rfp-two-factor-authentication
N ye c-rfp-two-factor-authenticationN ye c-rfp-two-factor-authentication
N ye c-rfp-two-factor-authentication
 
Multiple credentials-in-the-enterprise
Multiple credentials-in-the-enterpriseMultiple credentials-in-the-enterprise
Multiple credentials-in-the-enterprise
 
Mobile authentication
Mobile authenticationMobile authentication
Mobile authentication
 
Ijcsi 9-4-2-457-462
Ijcsi 9-4-2-457-462Ijcsi 9-4-2-457-462
Ijcsi 9-4-2-457-462
 
Identity cues two factor data sheet
Identity cues two factor data sheetIdentity cues two factor data sheet
Identity cues two factor data sheet
 
Hotpin datasheet
Hotpin datasheetHotpin datasheet
Hotpin datasheet
 
Gambling
GamblingGambling
Gambling
 
Ds netsuite-two-factor-authentication
Ds netsuite-two-factor-authenticationDs netsuite-two-factor-authentication
Ds netsuite-two-factor-authentication
 
Datasheet two factor-authenticationx
Datasheet two factor-authenticationxDatasheet two factor-authenticationx
Datasheet two factor-authenticationx
 
Csd6059
Csd6059Csd6059
Csd6059
 
Cryptomathic white paper 2fa for banking
Cryptomathic white paper 2fa for bankingCryptomathic white paper 2fa for banking
Cryptomathic white paper 2fa for banking
 

Dernier

How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 

Dernier (20)

How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 

Phishcops multifactor-authentication-website-authentication1096

  • 1. PhishCops™PhishCops™ Multi-Factor Authentication Website Authentication Click to continue This communication © 2006 Sestus Data Corporation. All Rights Reserved. THE CONTENTS OF THIS COMMUNICATION ARE PROTECTED UNDER COPYRIGHT AND/OR PATENT. Some elements, technologies, processes, and/or information contained in this communication are confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mis-transmission of this information. You may not, directly or indirectly, use, disclose, distribute, print, or copy any part of this communication if you are not the intended recipient. Requires: Microsoft PowerPoint® 2003 Return to Website
  • 2. Powerpoint RequirementsPowerpoint Requirements Click to continue This Presentation This presentation was developed using Microsoft Powerpoint 2003® . If you are using an earlier version of Microsoft Powerpoint®, certain visual effects may be unavailable. If you require a earlier (Microsoft Powerpoint 95®) version of this presentation, a web-based version of this presentation, or would like to have this presentation on CD, please contact us at (800) 788-1927, or email us at info@sestusdata.com. Microsoft PowerPoint® 2003 Return to Website
  • 3. The FDIC and FFIEC made TWO RecommendationsThe FDIC and FFIEC made TWO Recommendations Click to continue The FDIC’s Findings On December 14, 2004, the U.S. Federal Deposit Insurance Corporation (FDIC) published a study presenting their findings on how the financial industry and its regulators could mitigate the risks associated with phishing and identity theft. In this report, the FDIC identified TWO root causes for the problem of online identity theft1 : 1) Authentication methods are insufficiently strong. 2) The internet lacks email and website authentication capabilities. 1. Source: “Putting an End to Account Hijacking Identity Theft”, FDIC, December 14, 2004. 2. Source: “Authentication in an Internet Banking Environment (Updated Guidance Letter)”, FFIEC, October 12, 2005. The FFIEC’s Recommendations On October 12, 2005, the Federal Financial Institutions Examination Council (FFIEC) issued an updated guidance letter for banks and financial institutions which echoed the FDIC’s findings and made TWO corresponding recommendations:2 : 1) Implement strong multi-factor authentication. 2) “authenticate their websites to customers BEFORE collecting sensitive information” and “assess the adequacy of such authentication techniques in light of new or changing risks such as phishing”. Return to Website
  • 4. Other Authentication MethodsOther Authentication Methods Other Authentication Methods To understand how PhishCops™ works, it is necessary to understand how it differs from other types of authentication. All Other authentication methods fall under one of 3 categories: Knowledge Based, Object Based, and ID Based… Click to continue ID-Based ("who you ARE") methods are the strongest of the three authentication methods, and are characterized by uniqueness to one person. Biometrics, such as a fingerprint, eye scan, voiceprint, or signature fall under this category. Vulnerabilities: If a biometric is compromised, it can not be as easily replaced. Hardware limitations also make the use of this authentication unaffordable to many and difficult to implement en-masse. Knowledge-Based ("what you KNOW") methods are the most common (and the weakest) of the three authentication methods and are characterized by secrecy or obscurity. This is the most widely used method and includes the memorized Login ID, password, selectable image, personal question challenge / response, etc. Vulnerabilities: People can be tricked into divulging logins, passwords, and the answers to personal questions. Images can be copied and re-used. Object-Based ("what you HAVE") methods are the most technically complex of the three authentication methods and are characterized by physical possession. Physical keys, hardware tokens, etc. fall into this category. Vulnerabilities: Objects can be lost. Users can be tricked into disclosing the object’s returned values. The objects are costly and unpopular with consumers. Return to Website
  • 5. Other Authentication VendorsOther Authentication Vendors Click to continue Other Authentication Vendors All other authentication products fall under one of these 3 authentication methods. Knowledge-based Vendors PhishCops™, however, uses mathematic authentication algorithms developed by the National Institute of Standards & Technology (NIST) and the Information Technology Laboratory (ITL) under the authority of the U.S. Department of Commerce3 These algorithms are the current standard used by all branches of the U.S. federal government. PhishCops™ is the ONLY multi-factor authentication solution vendor using government-approved authentication algorithms in a multi-factor authentication solution. 3. Source: “Source: Processing Standards Publication 180-2. U.S. Department of Commerce, National Institute of Standards and Technology (NIST), Information Technology Laboratory (ITL). Passmark Sitekey Cyota eStamp PostX Anakam Cloudmark Cavion Digital ResolveSecure Computing Soltrus 41st Parameter Many vendors have rushed to bring “image-based” or similar shared-secret solutions to market (a “knowledge- based” approach). In an attempt to satisfy “multi-factor” authentication requirements, some have added a “device ID” to the customer’s computer, but if no device ID can be retrieved from the customer’s computer, they simply fall back on asking the customer (or the phisher) to supply answers to personal questions (again, a “knowledge-based” approach). Bottom line: If the customer (or the phisher) can supply the right credentials, and/or answer the questions correctly, these solutions will let them into the account. Return to Website
  • 6. Other Authentication VendorsOther Authentication Vendors Click to continue Other Authentication Vendors All other authentication products fall under one of these 3 authentication methods. 2005 Homeland Security Award Semi-Finalist As a result of our innovative and groundbreaking use of these government-approved authentication algorithms, the U.S. government named PhishCops™ a semi-finalist for the 2005 Homeland Security Award. PhishCops™ was the only multi-factor authentication solution named to this award. Passmark Sitekey Cyota eStamp PostX Anakam Cloudmark Cavion Digital ResolveSecure Computing Soltrus 41st Parameter Knowledge-based Vendors Many vendors have rushed to bring “image-based” or similar shared-secret solutions to market (a “knowledge- based” approach). In an attempt to satisfy “multi-factor” authentication requirements, some have added a “device ID” to the customer’s computer, but if no device ID can be retrieved from the customer’s computer, they simply fall back on asking the customer (or the phisher) to supply answers to personal questions (again, a “knowledge-based” approach). If the customer (or the phisher) can supply the right credentials, or answer the questions correctly, these solutions will let them into the account. Return to Website
  • 7. Other Authentication VendorsOther Authentication Vendors Click to continue Passmark Sitekey Cyota eStamp PostX Anakam Cloudmark Cavion Digital ResolveSecure Computing Soltrus 41st Parameter Other Authentication Vendors All other authentication products fall under one of these 3 authentication methods. Knowledge-based Vendors These solutions, however, authenticate the website AFTER the customer has divulged their website login ID or other sensitive information. PhishCops™, follows the FFIEC’s recommendation and authenticates websites to customers BEFORE the customer has divulged any website login ID or other sensitive information. In their Guidance Letter, the FFIEC urged financial institutions to: “authenticate their web sites to the customer BEFORE collecting sensitive information” Return to Website
  • 8. Other Authentication VendorsOther Authentication Vendors Click to continue Passmark Sitekey Cyota eStamp PostX Anakam Cloudmark Cavion Digital ResolveSecure Computing Soltrus 41st Parameter Other Authentication Vendors All other authentication products fall under one of these 3 authentication methods. Knowledge-based VendorsObject-based Vendors Vasco RSA As a result, some hardware token vendors are latching on to knowledge-based solution vendors in an attempt to keep their aging technologies viable in a changing world. = Passmark = Cyota PhishCops™, however, was specifically developed for the modern challenges of online identity theft. Sestus Data Corporation developed PhishCops™ from the ground up, working with internet "backbone" companies and government regulators, merging thoroughly tested unbreakable (and government- approved) authentication algorithms with modern web-based technologies to create the most powerful and user-friendly multi-factor authentication solution in the world. VerisignTriCipher Object based vendors (hardware solution providers) have struggled to adapt outdated technology to meet the modern problems of online identity theft. Unfortunately, while possessing a token or other physical piece of hardware may help identify a user to the website, they are incapable of authenticating the website to the user. Return to Website
  • 9. Other Authentication VendorsOther Authentication Vendors Click to continue Passmark Sitekey Cyota eStamp PostX Anakam Cloudmark Cavion Digital ResolveSecure Computing Soltrus 41st Parameter Other Authentication Vendors All other authentication products fall under one of these 3 authentication methods. Object-based Vendors Vasco RSA= Passmark = Cyota PhishCops™ Virtual Tokens exist “virtually” and cannot be lost or stolen. As a result, customers experience no account “down-time”. VerisignTriCipher Objects such as hardware tokens, smart cards, and other devices can be lost, stolen, or forgotten. Until they are retrieved or restored, the customer is unable to access their online account. Knowledge-based Vendors Return to Website
  • 10. Other Authentication VendorsOther Authentication Vendors Click to continue Passmark Sitekey Cyota eStamp PostX Anakam Cloudmark Cavion Digital ResolveSecure Computing Soltrus 41st Parameter Other Authentication Vendors All other authentication products fall under one of these 3 authentication methods. Object-based Vendors Vasco RSA= Passmark = Cyota The PhishCops™ Virtual Token Device can only be accessed by their owners, and only following a valid request from a genuine website, eliminating the “Nordea Bank” possibility of “man-in-the-middle” type attacks. 4. Source: “Scandinavian Attack Against Two-Factor Authentication” Schneier on Security. October 25, 2005 VerisignTriCipher Knowledge-based Vendors Many organizations mistakenly believe hardware tokens, smartcards, and similar devices are invulnerable to phishing and other forms of online identity theft. Nordea Bank’s recent experience shows the error of this thinking. In Nordea Bank’s widely publicized phishing scare, phishers simply acted as the “go-between”, or “man-in-the- middle” between the bank’s customers and the legitimate website, and accessed the victim’s accounts using token data solicited from unsuspecting customers4 . Return to Website
  • 11. Other Authentication VendorsOther Authentication Vendors Click to continue Passmark Sitekey Cyota eStamp PostX Anakam Cloudmark Cavion Digital ResolveSecure Computing Soltrus 41st Parameter Other Authentication Vendors All other authentication products fall under one of these 3 authentication methods. Object-based Vendors Vasco RSA= Passmark = Cyota PhishCops™ users, however, ARE more secure. PhishCops™ also provides unbreakable security at a fraction of the cost of object-based authentication devices. Finally, PhishCops™ utilizes user-friendly technology familiar to every internet user. 5. Source: The Washington Post, August 28, 2005 VerisignTriCipher Knowledge-based Vendors Hardware based approaches are among the most costly solutions. In addition to being costly, they are unpopular with users. The Washington Post reported on a study conducted by Gartner Research that concluded: “devices like the RSA token are unpopular with consumers. What's more, they might not be offering the right kind of protection… These tokens mainly offer a "placebo effect" to users who want to feel more secure.“5 Return to Website
  • 12. Other Authentication VendorsOther Authentication Vendors Click to continue Passmark Sitekey Cyota eStamp PostX Anakam Cloudmark Cavion Digital ResolveSecure Computing Soltrus 41st Parameter Other Authentication Vendors All other authentication products fall under one of these 3 authentication methods. Object-based Vendors Vasco RSA= Passmark = Cyota We agree. Physical tokens and similar hardware devices are stealable. PhishCops™ is not. For its patent-pending “virtual” token based approach, InfoWorld Magazine awarded PhishCops™ its highest honor, the Infoworld 100 Award. Of the 100 organizations honored for their groundbreaking technological achievements, PhishCops™ was the only multi-factor authentication solution so honored. 6. Source: International Biometric Industry Association Letter to the NIST.March 15, 2004 VerisignTriCipher Knowledge-based Vendors Regarding hardware tokens, smartcards, and similar device-based authentication, the International Biometric Industry Association (IBIA) recently reported in a strongly- worded letter of concern to the National Institute of Standards and Technology: “IBIA does NOT agree that combining a token with a password offers “good” two-factor authentication… [why?] …passwords and tokens are eminently stealable .“6 Return to Website
  • 13. Other Authentication VendorsOther Authentication Vendors Click to continue Passmark Sitekey Cyota eStamp PostX Anakam Cloudmark Cavion Digital ResolveSecure Computing Soltrus 41st Parameter Other Authentication Vendors All other authentication products fall under one of these 3 authentication methods. Object-based Vendors Vasco RSA= Passmark = Cyota VerisignTriCipher ID (Biometric) Based Vendors PhishCops™ includes biometric notification features that does not require hardware. This feature is patent- pending and the first of its kind in the world. By integrating biometrics into our process, PhishCops™ can deliver unbreakable mathematic authentication in a form easily understandable by human beings. Knowledge-based Vendors Biometric authentication is recognized as the strongest authentication method, but biometrics can only authenticate customers to the website. Biometrics cannot authenticate the website to the customer as recommended by the FFIEC. In addition, biometric authentication is the costliest approach and hardware limitations prevent its general use. Return to Website
  • 14. Problems reported with other solutions…Problems reported with other solutions… Click to continue Bank of America Reports Implementation Problems with Passmark Sitekey… PCWorld8 Bank of America spokesperson, Betty Riess “declined to comment” on whether or not the BofA's Sitekey system would even meet FFIEC requirements. 9. Source: Information Week, “Phishing Attacks Show Sixfold Increase This Year” June 13, 2005 Cloudmark, Cyota, PassMark Security, PostX, None Offer a Complete Answer to the Problem… Information Week9 “There are a number of anti-phishing products available from companies such as Cloudmark, Cyota, PassMark Security, PostX, and others, but none offer a complete answer to the problem.…They don't confirm if a web site is legitimate". 8. Source: PCWorld, “Bank of America Delays Security Update” October 21, 2005 Passmark Sitekey: Answering the Wrong Question… IT Management News10 “The SiteKey system fails to address the fundamental problem of phishing because it leaves the customer susceptible to the classic Man in the Middle false-storefront attack.” 10. Source: IT Management News, “PassMark's SiteKey - Answering The Wrong Question ” July 26, 2005 RSA (Cyota) is Entering Markets it has no Experience in… Gartner Group11 “RSA Security Acquires Cyota, but Relationship Will Need Work…RSA is entering markets it has no experience in” 11. Source: Gartner Group, “RSA Security Acquires Cyota, but Relationship Will Need Work ” January 4, 2006 Other Authentication Vendors Because of their reliance on fundamentally inadequate technology and flawed processes, problems are already being reported by early adopters of other solutions. Return to Website Gartner Groups warns prospective Passmark Sitekey customers to “consider alternative vendors”… Gartner Group7 “ Consider smaller competitors that offer similar solutions at lower prices.” 7. Source: Gartner Group, “RSA/PassMark Deal” April 27, 2006
  • 15. StrongStrong multi-factor authenticationmulti-factor authentication Both the FDIC and the FFIEC recommended implementing “strong” multi-factor authentication methods. The strongest authentication methods available are mathematic algorithms developed by the National Institute of Standards & Technology (NIST) and the Information Technology Laboratory (ITL) under the authority of the U.S. Department of Commerce12 . These algorithms are the current standard used by all branches of the U.S. federal government. PhishCops™ uses these unbreakable government-approved algorithms to accomplish all of its critical processes. First, PhishCops™ uses these algorithms to authenticate a website for the user in such a way that it is mathematically invulnerable to fraud or abuse. Next, PhishCops™ uses these algorithms to produce a “virtual” token which the user uses to identify themselves to the website, which token value also cannot be mathematically predicted. For a more thorough technical review of the PhishCops™ process, we invite you to refer to our technical whitepaper. Click to continue 12. Source: “Source: Processing Standards Publication 180-2. U.S. Department of Commerce, National Institute of Standards and Technology (NIST), Information Technology Laboratory (ITL). Return to Website
  • 16. The PhishCopsThe PhishCops™ Process™ Process The Process Explained PhishCops™ uses unbreakable mathematic authentication algorithms in a patent-pending approach that employs elements of public-key & private-key cryptography. PhishCops™ does not resort to blacklisted databases, obscure filtering, questionable public records, replicatable images, or other non-standard approaches. PhishCops™ Authentication is real authentication and is invulnerable to fraud or abuse. If the website is authentic, the user's "virtual" token generator is presented for their use. If the website is counterfeit, the generator is unavailable and a warning is presented to the user. There is no way for a phisher to compromise the process. In addition, unlike other authentication solutions, users are able to authenticate the website BEFORE divulging any website login or other confidential account information. Click to continue Return to Website
  • 17. The PhishCopsThe PhishCops™ Process™ Process The Process Explained First, the user types their anonymous PhishCops™ User ID into a simple textbox on the webpage. Click to continue “WILDMAN345” IMPORTANT: This “PhishCops™ User ID” is NOT the user’s website account login or password. If the website is a phishing website, the user will not have compromised any account login credentials. This User ID is simply an anonymous identifier which the user created during the enrollment process (or had created for them by the website owner). It acts as sort of a “virtual token device serial number”, telling the authentic website which “virtual token device” to retrieve from PhishCops.com (or from the authenticating website if they are hosting the solution). Return to Website
  • 18. The PhishCopsThe PhishCops™ Process™ Process The Process Explained The website performs the necessary processing to produce a “digital signature”. This signature is produced using mathematic authentication scripts previously supplied to the website by PhishCops™. The website uses this produced “signature” to request the user’s virtual token device from PhishCops.com (or from the financial services website if they are hosting the authentication solution). Click to continue 325f8a61c85aef21fc8dba14a250420a3754e13ebef833da615637f210793c5d IMPORTANT: Only an authentic website can produce a valid “digital signature”. If the signature is invalid, authentication stops. Return to Website
  • 19. The PhishCopsThe PhishCops™ Process™ Process The Process Explained Since the digital signature is valid, the requested “virtual” token device is returned to the user. Click to continue IMPORTANT: Since ONLY a genuine website can produce a valid digital signature, a phishing website cannot present their victims with their virtual token device. This also means users cannot be tricked into divulging their token values to phishers and there is no device which can be lost or stolen. Return to Website
  • 20. The PhishCopsThe PhishCops™ Process™ Process The Process Explained The token is presented in a ‘locked’ state. The user/owner enters their 4-digit Token PIN to unlock their token in much the same way they would unlock a physical token device. This produces a valid token value which they then enter to the requesting website. Click to continue 1234 744012 Authentication is now complete. The website has been authenticated to the user because only a valid website can produce the user’s token device. The user has been authenticated to the website because only they can retrieve a valid token value from their virtual token device. Return to Website
  • 21. The PhishCopsThe PhishCops™ Process™ Process The Process Summary All the user has to do to use PhishCops™ is request their virtual token device, unlock the device, and return its secure token to the website. Simple and easy. Click to continue The User: 1) enters “WILDMAN345” (to request their virtual token device from the website) 2) enters “1234” (to unlock their virtual token device and generate a token) 3) returns the secure token “744012” to the website. Return to Website
  • 22. Click to continue Other… This represents, in the simplest terms, the basic PhishCops™ process. This presentation did not describe how PhishCops™ prevents “man in the middle” phishing attacks through our “Restricted Access” feature, how we protect user’s privacy in the event of a data breach, how we notify users that the authentication was successful through our patent-pending biometric notification feature, and many other security features of PhishCops™. Obviously, much more time will be required to explain these and other elements in detail, however we invite you to refer to the technical whitepaper on our website for a more thorough discussion. The PhishCopsThe PhishCops™ Process™ Process Return to Website
  • 23. ArchitectureArchitecture Click to continue Architecture OPERATING SYSTEM REQUIREMENTS None. Entirely web-based. SOFTWARE & HARDWARE REQUIREMENTS None. Entirely web-based using traditional HTML and server-side scripting. STAFFING & SUPPORT REQUIREMENTS If the website already employs someone to maintain their website, they already have all the technical support staffing they need to support PhishCops™. USER REQUIREMENTS: None. If the user can get to the internet, they can use PhishCops™. Return to Website
  • 24. ArchitectureArchitecture Click to continue Architecture Since PhishCops™ is an entirely web-based process, interoperability is no longer a concern. Unlike other solutions which must accommodate different operating system environments, hardware constraints, and user computer configurations, PhishCops™ relies entirely on traditional html and server-side scripting. ALL websites in the world can implement PhishCops™. ALL Internet users in the world can use PhishCops™. Since PhishCops™ uses only traditional html and server-side scripting, it can be accessed from any device with browser capabilities, including PDAs, PCs, web-effective phones, etc. Processing constraints are extremely low on the part of the hosting website. The website server performs no processing which may be different than that which the website currently performs. The solution is also infinitely scalable to accommodate future growth. Return to Website
  • 25. Sestus Data CorporationSestus Data Corporation Click to continue Sestus Data Corporation Company Background PhishCops™ is solely owned by Sestus Data Corporation. Headquartered in Phoenix, Arizona, Sestus Data Corporation has created innovative solutions to internet challenges for more than 10 years. Sestus Data Corporation is entirely self-funded and maintains development and support staff in both the United States and Canada. The PhishCops™ Project Development of PhishCops™ began in 2004 in response to the growing problem of internet account hijacking and identity theft. PhishCops™ is copyrighted, patent pending, and is protected by both U.S. and international laws. Industry Recognition PhishCops™ was recently rated #1 among multi-factor authentication solutions for ease of implementation and overall low-cost of ownership, and it was the only multi-factor authentication solution to receive InfoWorld's highest honor, the InfoWorld 100 Award. Within the past 30 days, we have facilitated 3528 live demonstrations and 286 companies have contacted us for additional information or to begin a free 14-day trial implementation. Government Praise PhishCops™ uses unbreakable mathematic authentication algorithms developed by the National Institute of Standards and Technology (NIST) and the Information Technology Laboratory (ITL) under the authority of the U.S. Department of Commerce. For its use of these unbreakable authentication algorithms in a revolutionary new approach to internet security, in 2005 the U.S. government named PhishCops™ a semi-finalist for the Homeland Security Award, the only multi-factor authentication solution ever named to this award. Return to Website
  • 26. Thank YouThank You Contact Information: Sestus Data Corporation 10030 W. McDowell Rd. Suite 150-508 Avondale, AZ 85323 USA Tel: (800) 788-1927 Fax: (800) 741-9048 Email: info@sestusdata.com End of Presentation Return to Website