wtg new technology corp passfaces corp about the companies wtg new technology corporation (newtech)...
Post on 29-Mar-2015
214 Views
Preview:
TRANSCRIPT
WTG New Technology CorpPassfaces Corp About the companies
WTG New Technology Corporation (NewTech) is a technology transfer company specializing in the Washington DC market. Passfaces Corporation is a security technology company, featuring Passfaces,a bi-directional, two factor, cognometric authentication system based on a patented technology that leverages peoples’ innate ability to recognize faces.
The Companies
To provide the online world with a secure, usable and affordable strong authentication solution and a practical alternative to tokens and biometrics.
The Mission
WTG New Technology CorpPassfaces Corp
Royal Credit Union
More About Passfaces
Passfaces: Strong / Two Factor Authentication and Phishing Protection
Used primarily in Banking and Healthcare Also used – without problem – for 8 years by a
major branch of the US Government Core technology is cognometrics, the human
brain’s innate ability to recognize familiar faces
CU Service Provider
Patents granted world-wide Deployed without hitch to users at a major credit union in 2008 Selected by major healthcare provider with users in 2009 Customers include:
WTG New Technology CorpPassfaces Corp Why Strong Authentication ?
Strong authentication is an essential enabler for the provision of online services It is needed for: Transaction & Data Protection
E.g. Online banking, Personal Health Records Compliance
E.g. FFIEC, HIPAA User Reassurance / Trust
Insecure users won’t use online services
And because Passwords: can be guessed or “cracked” are written down And people use the same one everywhere Users forget them (and call the help desk) And, most critically today, they can be phished!
“Passwords are the weakest of weakest links” – Bill Gates
WTG New Technology CorpPassfaces Corp Why Passfaces ?
Passfaces provides strong authentication – and phishing protection – without pain!
Easy to deploy Leverages existing password infrastructure No user hardware or software – works in browser No new servers or databases
Easy for users No device to lose or forget No personal questions/answers to remember Machine & location independent – i.e. fully portable Built-in anti phishing does not require user attention
Easy for administrators [Almost] no resets Actually liked by users
Easy on budgets Less than one tenth the cost of tokens Save on purchase, implementation and support
WTG New Technology CorpPassfaces Corp Passfaces is Different
Graphics and images are among the simplest and most effective means to communicate and interact with people
But, like a password, you still need to recall a graphic or image
Faces are Different The brain uses a dedicated, intuitive process
to “learn” and remember faces The brain recognizes, not recalls, faces Face recognition is a universal skill –
independent of age, language or education
Source: Face Recognition: A Literature Survey. National Institute of Standards and Technology
Passfaces is a graphical authentication system
WTG New Technology CorpPassfaces Corp Passfaces Strong Authentication
Passfaces provide a simple, but powerful, means of overcoming the vulnerabilities of passwords
Passfaces are used with a password to provide two factor or strong authentication
For two-factor authentication, users are typically assigned 3 secret passfaces in addition to their password
Here are
your
Passfaces
WTG New Technology CorpPassfaces Corp Passfaces Strong Authentication
To log on, users pick out one of their Passfaces from a challenge grid of 9 faces
Each challenge grid contains 1 Passface and 8 decoy faces
The process is repeated for each of the users’ Passfaces
Click On Your Passface
WTG New Technology CorpPassfaces Corp A CREDIT UNION DEMONSTRATION
For your convenience, we would like to show you a brief demonstration of a credit union's use of Passfaces for their online members
WTG New Technology CorpPassfaces Corp
1. Security – better than passwords alone2. Usability – no complex pass codes or procedures3. Non-Intrusive – users are averse to change and reluctant to do more4. Visibility – users want to see that companies are increasing security 5. Mobility – users log on using different PCs in different locations6. Consistency – of user experience7. Reliability – no false rejection, no system errors, no user errors8. Bidirectional – verify the User to the Site AND the Site to the User9. Flexibility – for varying risk levels and customer choice 10.Easy Integration – with current systems and procedures11. Low Cost – Procurement, deployment and ongoing maintenance
Source: Gartner Inc.
Strong Authentication Requirements
Usability is key – especially for consumers. If they can’t or won’t use the security system, then it won’t work!
WTG New Technology CorpPassfaces Corp What Are the Alternatives?
BiometricsSmart Cards
Tokens
Crypto CookieCode Cards
Keypad Scrambler
WTG New Technology CorpPassfaces Corp Strong Authentication Alternatives
PassfacesVirtual Keypad
BiometricsRisk
AnalysisCode Cards
Crypto Cookies
Smart Cards
TokensPersonal Pictures
Security █ █ █ █ █ █ █ █ █
Bidirectional █ █ █ █ █ █ █ █ █
Intrusiveness █ █ █ █ █ █ █ █ █
Visibility █ █ █ █ █ █ █ █ █
Usability █ █ █ █ █ █ █ █ █
Mobility █ █ █ █ █ █ █ █ █
Management █ █ █ █ █ █ █ █ █
Integration █ █ █ █ █ █ █ █ █
Rollout █ █ █ █ █ █ █ █ █
Cost █ █ █ █ █ █ █ █ █
Click On Your Passface
█ █ █Good OK Bad
Passfaces is unique in meeting all the requirements for strong authentication
WTG New Technology CorpPassfaces Corp
Integrates Passfaces with any Internet platform
Includes Server-side code Passfaces Web Clients Administration Console Reference Implementations Detailed integration information Passfaces Image Library
Passfaces For NFCU
WTG New Technology CorpPassfaces Corp
Existing UserDatabase
ODBC or LDAP connector or
JDBC/JNDI Interface
Web
Ser
ver
Passfaces Web Access
End User Client
Java Script, ActiveX, or Java
No Software or Installation Required
Ap
plic
atio
n S
erve
r
Windows, Java, or SDK
Face LibraryPassfaces Admin
Existing Web Application Integrated with
WTG New Technology CorpPassfaces Corp
Passfaces Web AccessSeparate Passfaces Server
(JavaScript, ActiveX or Java) No installation!
Web Users
Passfaces Web Client
Web Server/Outlook Web Access
Internet
Existing Application Server
Passfaces Server (Windows IIS or Java) SSL
SQL Database orLDAP Directory Server
AD or SQL Database orLDAP Directory Server
Administrator
Passfaces Admin Console
WTG New Technology CorpPassfaces Corp
SSL
Passfaces Web Access – Architecture for SSL VPN Connectivity
Corporate NetworkPassfaces
Admin ConsoleWeb Users
Passfaces Web Client
Passfaces Server (Windows IIS or Java)
DMZ
Login information and control
Co
rpo
rate Reso
urces
SSL/VPN
AD or SQL Database orLDAP Directory Server
WTG New Technology CorpPassfaces Corp
SSL
Passfaces Web Access – Architecture for Citrix Connectivity
Corporate NetworkPassfaces
Admin ConsoleWeb Users
Passfaces Web Client
Passfaces Server (Windows IIS or Java)
DMZ
Login information and control
Co
rpo
rate Reso
urces
Citrix Server
AD or SQL Database orLDAP Directory Server
WTG New Technology CorpPassfaces Corp
Everything Needed to Add Passfaces
Administration Console Web Based (Java application servers) Windows (Microsoft IIS)
Server-side code Java class package Java servlet (HTTP interface) ISAPI extension DLL for Microsoft IIS
Passfaces Web Clients JavaScript / Java applet / ActiveX
Reference Implementations Sample JSP/ASP/HTML pages
Detailed integration information Passfaces Image Library
Standard or Custom
WTG New Technology CorpPassfaces Corp Customizable User Interface
Add Your Logo
Change Background Colors
WTG New Technology CorpPassfaces Corp
Integrated, Editable User Help Manual
User Authentication
Thornberry is adding Passfaces, an enhanced logon procedure, to our online services. The new process places an additional security lock to existing Online IDs and passwords. We are taking this step to provide the best protection possible for your online account information.
Users are required to enable Passfaces over the next thirty days. You will be prompted to enable Passfaces each time you login. We recommend you enhance your login security as soon a s possible. The process takes from 3 to 5 minutes. We also recommend you View the Demo before starting the process.
Thornberry Authentication
Link to Passfaces Help Modify Files to Create a
Custom Help Manual Add Your Logo Easily edited HTML lets
you add sections specific to your Web Access procedures
Built In Help
WTG New Technology CorpPassfaces Corp
NIST Acknowledgment of Passfaces?
From NIST 800.63 Appendix A2 page 61:
A.2 Other Types of PasswordsSome password systems require a user to memorize a number of images, such as faces. Users are then typically presented with successive fields of several images (typically 9 at a time), each of which contains one of the memorized images. Each selection represents approximately 3.17 bits of entropy. If such a system used five rounds of memorized images, then the entropy of system would be approximately 16 bits. Since this is randomly selected password the guessing entropy and min-entropy are both the same
value.
It is possible to combine randomly chosen and user chosen elements into a single composite password. For example a user might be given a short randomly selected value to ensure min-entropy to use in combination with a user chosen password string. The random component might be images or a character string.
WTG New Technology CorpPassfaces Corp Customer Testimonials
“Passfaces is one of those products that just works… We installed it 7 years ago and have never had a problem with it… I see all these complicated new authentication systems being introduced by the banks and wonder why they don’t just use Passfaces.” CISO, US Government.
“We selected Passfaces as it not only raises the bar in terms of security, but it is both easy to use and to implement.” David Vandeven, President/CEO Midwest Independent Bank.
"ParadigmHealth was an early innovator of website security and authentication. Security and data privacy remain our focus, but now with Passfaces we are also highlighting the importance of increasing ease of use. Passfaces fully addresses the authentication requirements for the large-scale deployment of Personal Health Records." Tom Hagan, ParadigmHealth CIO.
“Thank you again for your support, your product is already making my life a lot easier and you can quote me on that if you like…” Paul Osnes, CIO Easter Seals of Southern California.
“Passfaces was so unique and we felt our client base would find it very much ‘cutting edge’. We wanted something exciting; something different that had security second to none. It excited our folks internally and I knew it would excite our client base as well.” Tom Leib, Product Manager RC Olmstead.
“Buckeye State Credit Union understands its members concerns for secure online banking. We feel that our member’s financial information is worth the best and most secure layer of authentication we could find. That is why we chose Passfaces. This is much more secure than asking questions like your mother’s maiden name or your favorite pet’s name, or choosing a static picture like a watermelon or a beach scene as your login sign.… Our initial rollout was far more successful than I had ever imagined. My staff and I were prepared and we set realistic expectations that were exceeded. Sometimes the right choice is hard to make but today I am confident that our member’s information is secure because of Passfaces.” Charles Stanfield, Information Systems Director, Buckeye State Credit Union.
top related