Delfigo Security - Strong Authentication

SoMoCloud^®

DSGateway's SoMoCloud^® mobile authentication platform evaluates 11 individual identity attributes to assign a risk score or Confidence Factor, enabling security policies that transparently provide the appropriate level of system access based on defined rules. This is a significant improvement in security over the common single factor (username/password) or PIN approach. Delfigo's strong mobile authentication adds additional layers as all three-factor categories (personal, technical, human) are covered, thereby exceeding the current standard for multi factor authentication and substantially strengthening the overall security of mobile access for cloud based services.

DSGateway™ Versatile Authentication Platform

DSGateway™ is a versatile authentication platform that utilizes multiple authentication factors, including keystroke and device identification, to validate the credentials of each user and protect confidential data from unauthorized access. Delfigo's flexible authentication solutions rely on the DSGateway platform, the industry's only intelligent authentication option that combines strong authentication with advanced cognitive capabilities to uniquely answer the question, "Are you who you say you are," when a user accesses a system.

Greater Identity Assurance

DSGateway evaluates 22 individual identity attributes to assign a Confidence Factor (CF), and transparently provide the appropriate level of system access. This is a significant improvement in security over the common single factor (username/password) approach.  With DSGateway all three factor categories (personal, technical, human) are covered meeting and exceeding the current standard for "multi factor authentication" and "strong authentication". ¹

DSGateway's decision engine captures and consumes the following:

• keystroke (flight time, dwell time, key-to-key, reflective time)
• device (agent, operating system, monitor resolution, browser type, browser size)
• geospatial (timestamp, IP address, location, hostname, proxy IP, georegion, country code, region code, city, area code, county, latitude, longitude, timezone)

Lower Total Cost Of Ownership

DSGateway does not require the distribution of any hardware (tokens, smartcards) or download/installation of any software. This typically results in savings of over 40% in helpdesk and maintenance costs when compared to a token based two factor authentication solution.

Usability

Delfigo has removed many of the challenges that frequently inconvenience users and increase overall support costs. There are no required changes in user behavior. Users simply type their password and they are enrolled in "silent mode". There are no additional steps added to login or transaction procedures; there are no help desk training requirements; there are no requirements for installation of supplementary software or regular software updates; and there are no requirements to have a cell phone available at all times.

Versatile Authentication Technology

Delfigo recognizes that customer needs vary considerably when it comes to authentication management.  There are specific security and compliance requirements, there are different levels of risk, and for many there are operational efficiency concerns that require implementation along side of existing identity management and authentication solutions. DSGateway utilizes open standards to provide greater interoperability and flexibility for our customers. The event driven security architecture enables integration of primary and secondary authentication methods, based on risk of activity or transaction, with minimal difficulty. This puts greater control in the hands of the customer in determining how they apply their overall authentication budget and where they deploy solutions to address distinct business needs.

• Open Standards and Web Services
  DSGateway supports open standards and web services to ease integration and create interoperability with existing systems and software. SOAP, WS-Security, SAML, XML, HTTP, SSL. Open to Security Models - User/Password Credentials, Kerberos tickets, X.509 certificates.
• Versatile Authentication Platform
  • Supports a broad range of standard protocols including Remote Authentication Dial-In User Service (RADIUS), Lightweight Directory Access Protocol (LDAP), Terminal Access Controller Access-Control System Plus (TACACS+), Kerberos and Security Assertion Markup Language (SAML).
  • Solution can be delivered as on-premise, behind the firewall or as a service (SaaS)
  • Natively supports .NET, JAVA, PHP and C/C++, and integrates with legacy applications and databases (Hibernate DAO is used to provide database transparency - code is agnostic to any change in database vendor)
  • Capable of working in combination with a variety of authentication methods: Keystroke Biometric Authentication; Device Authentication - (agent, operating system, monitor resolution, browser type, browser size); Geospatial ID - (timestamp, IP address, location, host name, and proxy IP); Out-of-band (OOB) authentication methods - One time passwords (OTP) delivered via email or Short Message Service (SMS); Knowledge-based authentication methods - Challenge Response Questions (CRQ)

---------------------------------

1. Authentication in an Internet Banking Environment, Federal Financial Institutions Examination Council, August 15, 2006. "By definition true multifactor authentication requires the use of solutions from two or more of the three categories of factors. Using multiple solutions from the same category would not constitute multifactor authentication."