Live Ensure® launches latest product features into US Market


 Live Ensure® the SAAS  multi-factor authentication solution has spent the last year and a half field trialing the mobile version of the product with a few select customers who have collectively made millions of authentications without a single breach or failure.  Feedback provided valuable input which allowed the product to be further refined and streamlined making the user experience even better while making the solution stronger.  

Live Ensure® is easily integrated into an existing log-in form including SSO solutions like Twitter and Facebook.   This means that sites which allow users to log in e.g. with Twitter can now include a strong authentication layer thereby thwarting ID theft hacks which have become ubiquitous.   Examples are too numerous to mention but the weakness of password log-ins to emails (Bush Hack)  and social media products (Twitter and Facebook) and their consequent failure are well documented. 

Live Ensure® leverages the smart-phone, now virtually ubiquitous, as the second factor ( the ‘ something you have ‘) for use in the authentication process.  The site integrates the Live Ensure® service by simply  ‘mashing up’ the API code into its log in form (like mashing up Google maps)  and inviting its customers to download the Live Ensure®  App (iOS, Android, Windows Mobile).

Live Ensure® uses a triangulated architecture and the context of the session to validate the correct parties (the legitimate site and user) to ensure iron clad authentication.   Not only does Live Ensure® come with an insurance warranty from Munich Re but it is now being resold by, amongst others, CSC.   As a Cloud based service harnessing users existing devices Live Ensure® can scale rapidly allowing social media sized user bases to be enrolled quickly and effortlessly.   

The recent launch of the FIDO Alliance  (FIDO)  in response to the growing need for a more secure and easier to use alternative to user name / passwords is to be lauded.    The rapid increase of cyber crime whether at a military ‘level’  i.e. ‘cyberwar’ or the more innocuous social media [Twitter hacked] is testimony to the manifest failure of the majority of authentication solutions in use today.   The desire by FIDO to architect a simpler and more secure authentication solution that leverages users existing hardware makes good sense.     FIDO aims to provide specifications or standards to the industry that embody an approach to authentication which starts to move away from the ‘security by obscurity ‘  (i.e. the shared secret  -  user name/password paradigm prevalent today. )   

There is a concern that by creating another industry body there will be the need to get a critical mass of players on board in order for the standard to become effective, which will undoubtedly lead to much heel dragging at a time when things need to proceed with alacrity. 

FIDO aims to leverage hardware devices such as phones and tablets as well as fingerprint readers, webcams, TPM chips and tokens into an open-standard whereby there will be inter-operability between different systems but which comply to the standard.   A client/server architecture in combination with some hardware fingerprint starts to approach a much more secure approach than the exchange of self reported credentials.    

The creation of a global repository and browser based plug-in  (a la certificate authority) is a potential weakness in the model.   Who will be the custodian of this information and who will ensure it is updated. ?   

Some of the key elements of FIDO are already embodied in the architecture of Live Ensure®

·      Passwordless authentication
·      Leveraging existing hardware
·      Rapid scalability
·      Triangulated architecture

We will support the initiative with cautious enthusiasm while expanding the Live Ensure® footprint into the US market.

Comments

  1. Anonymous20 February 2013 at 02:17

    Hi Ross

    There appears, in my opinion, an opportunity for a company with expertise in security to offer a web based service for retail (purchasing goods and services), extending the current offering of Live Ensure from transaction verification to end to end purchase verification and non-repudiation. This has a real relevance in Africa, an area of the globe I note your fondness for. Look forward to talking to you next week.

    Anonymous :-)

    ReplyDelete

Post a Comment

Popular posts from this blog

The End of Passwords

Finally it seems … the penny has dropped.   Passwords are a poor substitute for real online security.   There is more and more ‘chatter’ about it.    Robin Henry writing in the Sunday Times on New Years Day talks of the end of ‘password hell’ invoking solutions in the pipeline from the Web Gods – Apple and Google.  The talk is of new biometric solutions such as facial and hand movement recognition.  Even IBM is talking this way.  ( http://www.forbes.com/sites/thestreet/2011/12/20/ibms-tech-predictions-for-the-next-5-years/ )  I agree with the notion that passwords are a dying breed but not that biometrics will become vogue.   They are fraught with problems of their own such as reliability, accuracy and the need for referencing of data-bases ( fail !) .    Why are passwords defunct?   Basically they are difficult to remember and they are easy to steal.    The solutions needed are those that require no cognitive load for the user ( the most unreliable participant in this enterprise
Read more

WIKILEAKS - the fuss?

Why all the fuss ? Why the ‘outrage’ at this ‘threat to national security’ ?   Are we really worried that nuclear war is going to break out because of these ‘dirty’ secrets getting out.  As if the North Koreans are going to up the ante any more than their mock charge of last week because of the abuse and scorn heaped upon them by US Diplomats.  ? !    Come on. To me the irony of this bluster is that it is (largely) from the right wing establishment in the US - calling it treason!     Any party that parades a half wit like Palin as a presidential hopeful hardly holds any moral high ground when it comes to protecting the USA.   Her appointment as the ‘leader of the free World’ will be enough to send any level headed American ( let alone any one of their Allies ) into a panicky tailspin at the thought of what she may stumble into ( by accident or design) . So how did these documents get out there?   Poor security.  Plain and simple.   If the US is so worried about this incident su
Read more

SPOOKS - CYBER ATTACK

Well I’ll be damned – if the subject of my last blog wasn’t the central theme to last nights episode of Spooks – CYBERWAR.    (To those who live outside the UK – Spooks is a very popular TV series about the goings on of a key team inside MI5 who spend their time thwarting terrorist attacks on the UK – while engaging in risqué amorous trysts on the side ).   And so last night we had the Russians and the Chinese –(working together !!) – ganging up on MI5 by infiltrating ( hacking ) their ‘secure’ internal network.     Whether the events portrayed were within the bounds of possibility or credibility who knows?     But if teenagers can break into the Pentagon – then I am sure that Russian/Chinese expert hackers can probably do something along the lines of infiltrating a UK Govt ‘Spooks’ departments network.      Either way it constituted an attack on British soil by foreign ‘combatants’ – which ( if it were true ) would have been a first since the Normans in 1066.   So we saw how vulner
Read more