SecureAuth Named a Leader in KuppingerCole Leadership Compass Report for Customer Identity and Access Management

Immutable Identity Authentication Is Achievable

Dr. Abdulrahman Kaitoua
October 14, 2019

Get the latest from the SecureAuth Blog

How do you prove you are who you are?  Now how do you do that in the digital world? In the physical world you have government issued identification cards such as a passport, driver’s license or social security card as well as maybe a trusted reference to validate you. In the digital world you create a username and password to meet specific computer, network or application requirements and may even have a token of some form of multifactor authentication. The only thing consistent between the physical and virtual world being the ability to counterfeit or hijack those identity credentials.  So that begs the question of is it possible to create an immutable identity authentication process?

Forms Of Digital Identity Authentication

Digital identifies today are based on some form of a multifactor authentication. According to Wikipedia that is:

“A method of confirming a user’s claimed identity in which a computer user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something the user and only the user knows), possession (something the user and only the user has), and inherence (something the user and only the user is).”

Typically, it involves two “pieces of evidence” which is a subset of MFA called Two-factor Authentication which could be:

  • Something that you know: e.g. password, PIN, pattern
  • Something only you have: e.g. smart card, mobile phone
  • Something inherent to you: e.g. biometric data such as fingerprint, face or voice
  • Some unique, contextual data associated with you: e.g. location, known device token

Unfortunately, these solutions impose significant friction through a variety of temporal (e.g., OTP, captchas, reset links) and binary (e.g., fingerprint) controls that have all still proven ineffective safeguards against credential stuffing and identity spoofing. So, now is the time to revisit how we evaluate identity authentication solutions in order to impose a higher standard for selection.

Achieving Immutable Digital Identity Authentication

Ultimately, the only thing about you that is immutable is your behavior, or more specifically, your digital behaviors.  How and when you access technology and applications, how fast you type, where you are, what time you are doing specific things.  These biobehavioral characteristics can be securely tracked while maintaining anonymity and privacy using the latest in AIML technology in order to define your immutable identity.

Continuous Behavioral Authentication Is Immutable

Acceptto’s eGuardian engine continuously creates, and monitors user behavior profiles based on the user interaction with the It’sMe authenticator. Every time an activity occurs, actionable intelligence is gathered and used to optimize the user profile. eGuardian is capable of autonomously and continually learning new policies and adapting existing ones. While policies can still be manually defined and contribute to the computation, our Biobehavioral AIML approach automatically finds the optimal policy for each transaction. eGuardian leverages a mixture of AI & ML, expert systems and SMEs to classify, detect, and model behavior, and assign real-time risk scores to continuously validate your identity prior to, during and post-authentication.

Download the Enterprise Management Associates’ Ten Priorities For Identity Management in 2019  today and then check out what Acceptto can do to ensure your employees, partners and customers can authenticate without passwords and still ensure security and privacy registering for a free demo today.


Related Stories

Pin It on Pinterest

Share This