Adding multi-factor authentication
A group within the American Association of Airport Executives was the first to start using technology associated with a National Strategy for Trusted Identities in Cyberspace pilot.
The pilot rolled out in March as a small group from the industry association began using the multi-factor technology to access a specific portal, says Cathy Tilton, vice president of Standards and Technology at Daon and lead for the company’s NSTIC pilot.
Participating members are using credentials based on Daon’s IdentityX – a risk-based, multi-factor, mobile authentication technology. They are utilizing smart phones or tablets to verify identity each time they access the web site sections that house sensitive data.
Participants in the pilot go to a special web site to access their portal, Tilton explains. If they haven’t enrolled they are walked through the process, which includes downloading the IdentityX app to their mobile device, entering a sponsorship number and then authenticating.
The IdentityX app enables many different types of authentication. Users enroll a password or PIN, facial image, voice and optional geolocation. The app also features cryptographic mutual authentication.
Depending on the risk of the transaction or the security level the relying party requests, it can also be any combination of the authentication types. “The system could require an individual to speak their PIN while being authentication via facial recognition and do mutual authentication,” Tilton says.
Daon is collecting initial information on the pilot and Purdue University is analyzing the data. The next step is to roll the system out to all AAAE members.