Historically, before computers and the Internet, business transactions were conducted face to face; establishing your partner's identity in such situations presented few problems. As human beings, we are well equipped to discern the extraorginarily subtle variations of the human face and voice to enable positive recognition and identification of our partner.
Defender 5A PassGo Technologies' Whitepaper
Because Passwords Simply Aren't Enough
Historically, before computers and the Internet, business transactions
were conducted face to face; establishing your partner's identity in
such situations presented few problems. As human beings, we are
well equipped to discern the extraordinarily subtle variations of the
human face and voice to enable positive recognition and
identification of our partner.
In today's e-transaction driven world, recognizing the party trying to access your network resources is much more difficult.
To establish a connection and the identity of the parties taking part in the conversation, a password or pass-phrase may have been exchanged. This provides a degree of control over the identity of the parties, but passwords and phrases are often compromised; they are written down, visually or electronically observed, or even coerced.This whitepaper begins by asking the question - how can you prove the identity of the other party in an e-transaction or exchange of information? Throughout the rest of this document, we aim to provide the answer.
Scalability and PerformanceSeamlessly integrated with Microsoft's® Active Directory®, Defender offers a truly extensible architecture which is capable of scaling to fit your business needs. Defender has been deployed across the globe in organizations spanning finance, high technology, government and health care to name a few, and is proven to deliver the highest levels of performance and availability.Proving Identity and Establishing Trust
Something you know - a secret password or passphrase associated with your name provides a degree of identification. As already discussed, this alone cannot be guaranteed to identify an individual.
Something you own - a physical device, such as a token, smart card or USB keyfob, when combined with something you know, such as a personal identification number (PIN) or a passcode, provides a much stronger level of authentication. An example of this technology is the ATM card, described later in this document.
The combination of something you know and something you own is often referred to as two-factor authentication.
Something about you- something which is unique to you, such as your fingerprint, or the pattern of your iris, or even your voice, adds a third factor to the equation. For many people these techniques still border on the realms of science fiction, but recent developments in biometric technology are proving that the likes of fingerprint, iris and facial recognition security systems are becoming increasingly science fact.
Two-Factor AuthenticationThe Defender solution is built on the two-factor approach, knowing that a single factor, such as a remembered password, provides an inherently low proof of authenticity.
With the addition of the second physical proof, the certainty of authenticity increases exponentially.
Probably the most common example of two-factor authentication in use today is the automatic teller machine or ATM. The combination of something you own - the card, and something you know - the PIN, provides sufficient authentication and proof of identity to permit access to bank services and funds.With the Defender solution, authorized users are individually issued with registered Defender tokens that generate single-use codes (one-time passcodes) that change according to time.
A different code is generated, typically every 60 seconds, which
is unique for each token and can be used only once. Defender,
as the authentication server protecting the business infrastructure,
validates this dynamic code and grants or denies access as
appropriate.It is impossible to predict the value of future codes based upon
recording previous codes. So, when the code is supplied together
with a password or PIN, there is a high degree of certainty that the
person in possession of the authentication device is a valid user.
Figure 1: Defender Two Factor Authentication
Three Faces of Two-Factor AuthenticationIt is generally agreed within the IT professional community that two-factor authentication is vital for effective network security. There are, however, three principal types of two-factor authentication:
Challenge-Response (Asynchronous)1. The user enters a user name.2. The server sen... [download for more]
