Delfigo Security - Strong Authentication

  • Increase font size
  • Default font size
  • Decrease font size
Home Strong Authentication What Is "Intelligent Authentication"?

What Is "Intelligent Authentication"?

Intelligent authentication is the future of data security. It is the next step in the ongoing effort to authenticate or confirm users accessing and executing transactions with protected information assets, by providing real-time risk assessment and event driven security response during each user session.

Authentication in the networked world is directly tied to your digital identity. For security purposes it has traditionally been the initial interaction between systems and user where you prove you are who you say you are.[1] The user is typically required to provide the system with one or more "authentication factors". In simple terms authentication factors are technical - something you have (id card or security token), personal - something you know (password, phrase or pin number) or human - something you are (fingerprint, retinal scan or other biometric identifier).

First factor authentication is normally username / password. However, this has proven to be of limited value for security. Passwords, even when properly enforced are a security vulnerability, as they can be easily shared, copied or stolen. Second factor authentication was devised to provide stronger authentication given the inherent weakness of single factor authentication. In two factor authentication, the standard login (username/ password) is combined with a second factor, usually in the form of a security token. But implementing many second factor authentication solutions usually requires expensive tokens, smart cards or other devices, and can prove cost prohibitive both in terms of initial distribution and overall management.

As an example of intelligent authentication, consider a typical online banking scenario. The system would become familiar with the user through an initial training period.  Additional data would be gathered over time to supplement the initial training, and the combination of this data would be used to profile the habitual nature of a user's online activity. If a transaction was attempted that was completely out of the norm (e.g. substantial monetary transfer at 3 am by an individual who historically never makes a transfer online), the event would be flagged, and the transaction would be put on hold while additional factors were analyzed. A requirement for verification, either in-band or out-band, could validate that the user attempting the transaction was legitimate. And depending on settings, the system response could range from simply logging the activity for tracking through reporting or dashboard features, to triggering an immediate alert for a system manager to take steps in real time to investigate the potential breech.

Intelligent authentication aims to move security beyond first and second factor authentication, while also eliminating many of the integration headaches and the high costs that accompany most strong authentication solutions. More importantly, intelligent, risk based authentication aims to deliver on the capacity to collect and analyze an unlimited series of behavioral factors (multi-factor) and authenticate in real time, on an event by event basis.

[1] Granted, there are times when you are asked to re-authenticate during a session. However, this typically requires re-entering the same factors as provided during the initial login.