StrikeForce Announces New Weapon in Cyber-Security Has Roots in 70's Phone Phreaking; Cap'n Crunch Giveaway Leads to Second Revolution in Security.Business Editors/High-Tech Writers EDISON, N.J.--(BUSINESS WIRE)--Oct. 7, 2003 As IT managers struggle to sure up and integrate security of their networks and applications, one company is offering a new security platform that traces its origins to the successful model the phone company used to stop hacking in the 1970s. In the same way that AT&T split the pathways that carried its voice and signaling data to stop phone phreaking (jargon) phreaking - /freek'ing/ "phone phreak" 1. The art and science of cracking the telephone network so as, for example, to make free long-distance calls. 2. By extension, security-cracking in any other context (especially, but not exclusively, on communications 30 years ago, the new model takes the authentication (1) Verifying the integrity of a transmitted message. See message integrity, e-mail authentication and MAC. (2) Verifying the identity of a user logging into a network. step of security out-of-band -- splitting the physical pathways that carry usernames and authentication data. The proprietary out-of-band methodology, known as C.O.B.A.S. (Centralized Out-of-Band Authentication Solution) was developed by StrikeForce Technology. It is recognized as the world's only universal authentication platform to solve the underlying fatal flaw of computer security - packaged credentials. Phreaking - The Original Hacking According to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. hacking lore, in 1971 a Vietnam vet named John Draper
In the COBAS COBAS Comitati Di Base model, a user's credentials (password, biometrics or layered combination) are routed over a private one-way outbound server, away from the client network and out of reach from hackers or intruders. Out-of-band authentication has proven to be exponentially more secure than other forms of security, where both the username The name you use to identify yourself when logging into a computer system or online service. Both a username (user ID) and a password are required. In an Internet e-mail address, the username is the left part before the @ sign. For example, KARENB is the username in karenb@mycompany. and authentication data are packaged together and travel across the same network. "COBAS represents the second revolution in security in a complex and fragmented industry," said George Waller George Waller VC (June 1827-10 January 1877) was an English recipient of the Victoria Cross, the highest and most prestigious award for gallantry in the face of the enemy that can be awarded to British and Commonwealth forces. , Vice President of Sales for StrikeForce. "Usernames and passwords have been traveling on the same vulnerable pathways since IBM (International Business Machines Corporation, Armonk, NY, www.ibm.com) The world's largest computer company. IBM's product lines include the S/390 mainframes (zSeries), AS/400 midrange business systems (iSeries), RS/6000 workstations and servers (pSeries), Intel-based servers (xSeries) programmers first started using computer passwords in the 1950s. COBAS not only changes the game for hackers, it gives IT managers a flexible and robust solution that achieves higher levels of security at 25 % to 50% of the cost, said Waller." COBAS - How it Works To understand how COBAS works, one must understand the fundamental fatal flaw in existing computer security -- the inextricable in·ex·tri·ca·ble adj. 1. a. So intricate or entangled as to make escape impossible: an inextricable maze; an inextricable web of deceit. b. pairing of usernames with credentials sent over vulnerable networked pathways. Regardless of the password scheme or device, tying a username to authentication acceptance makes hacking possible. Once a hacker has one piece of the security equation, it is only a matter of time before he gets the other. COBAS creates a separate pathway for authenticating a user's credentials using existing platforms that nearly everyone already has access to -- phones or instant messaging Exchanging text messages in real time between two or more people logged into a particular instant messaging (IM) service. Instant messaging is more interactive than e-mail because messages are sent immediately, whereas e-mail messages can be queued up in a mail server for seconds or . Its distinction is obvious at login. Instead of being asked for a username and password, a user is only asked to supply a username. Within two seconds of supplying a username, the user's telephone rings (a single cell or desk phone programmed to be called for that user). For two-factor authentication The use of two independent mechanisms for authentication; for example, requiring a smart card and a password. The combination is less likely to allow abuse than either component alone. See authentication. (what you know and what you have), the user is asked to enter a password on the phone keys. (The password is what you know. The phone is what you have.) For the three-factor authentication, that guarantees a user's identity, a biometric-based voice authentication can be performed over the same phone. Once the authentication is complete, the original application that asked for the username springs to life as though the user had just entered a password with the keyboard or authenticated au·then·ti·cate tr.v. au·then·ti·cat·ed, au·then·ti·cat·ing, au·then·ti·cates To establish the authenticity of; prove genuine: a specialist who authenticated the antique samovar. with local biometrics. Is that a biometric in your pocket? Instant messaging devices can replace phones to perform a similar two-factor authentication. The company's proprietary instant messaging agent, installed on the client device, serves as the client side of a secondary band for carrying authentication data of any type. This agent can work with something as simple as a password, or with a finger print reader, a Smart Card, a USB-based token, or any number of local biometric devices for two-factor, three-factor -- or unlimited-factor authentication. The Switzerland of Security The company's out-of-network model easily integrates with all current and emerging authentication products -- biometrics, tokens and Smart Cards Example of widely used contactless smart cards are Hong Kong's Octopus card, Paris' Calypso/Navigo card and Lisbon' LisboaViva card, which predate the ISO/IEC 14443 standard. The following tables list smart cards used for public transportation and other electronic purse applications. - and tied with a password, is the only single product to achieve tri-factor authentication. Its out-of-band model adds a critical measure of security to all platforms -- extending functionality and eliminating the need for costly middleware. Its "client neutral" status gives it an immediate ability to layer all biometric devices over any combination of operating systems Operating systems can be categorized by technology, ownership, licensing, working state, usage, and by many other characteristics. In practice, many of these groupings may overlap. including, Microsoft, Linux, SUN, Unix, Novell or Mainframe. By partnering with best-of-breed service providers and manufacturers, the company's COBAS model is fast becoming the recognized standard authentication platform for today's smart networks, access scenarios and enterprises. Synchronized Secure Approval Chains COBAS can also be applied to workflow or process authentication situations in which approvals have to be escalated up the chain of authority. For example, when a bank employee with the privileges to authorize wire transfers up to $25,000 needs to exceed that threshold amount, COBAS automatically does another out-of-band authentication with a second user to authorize the requested amount." About StrikeForce Technologies StrikeForce Technologies is an identity solutions firm that has developed a revolutionary new security platform providing unprecedented levels of security, interoperability, and usability -- in seamless cost-effective designs. The company's award-winning distinction is a patent-pending technology, called COBAS. for (Centralized Out-of-Band Authentication Solution). COBAS creates a separate "out-of-band" pathway for authenticating a user's credentials, away from the client network and out of reach from hackers. The open, out-of-band server allows easy integration and layering with today's security devices (tokens, Smart Cards and biometrics) - and tied with a password, is the only product to achieve tri-factor authentication. Headquartered in Edison, NJ, the company was established through the merger of Netlabs.com and Strike Force Technical Services, Inc. (SFT SFT Statens Forurensningstilsyn (Norwegian Pollution Control Authority) SFT System Fault Tolerance SFT Shaft SFT Secure File Transfer SFT School Food Trust (UK) SFT Societe Francaise des Traducteurs ). Partnering with best-of-breed service providers and manufacturers, the company's COBAS model is fast becoming the recognized standard authentication platform for today's smart networks, access scenarios and enterprises. For more information please visit www.sftnj.com. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion