Nok Nok updates authentication suite
Nok Nok Labs announced its latest version of the Nok Nok S3 Authentication Suite, a platform enabling organizations to deploy customer-facing applications that require Internet scale authentication supporting the mobile devices with biometric authentication.
With this version, Nok Nok Labs addresses the trend of mobile device manufacturers embedding biometrics and security modules, including native support in platforms that include iOS 9 and Android Marshmallow.
The Nok Nok S3 Authentication Suite is a FIDO Certified solution enabling strong and scalable authentication for organizations with Internet-scale mobile applications and web properties, while also providing “future-proofing” with forward compatibility to future authentication methods that support FIDO specifications.
Key features of this latest version of the Nok Nok S3 Authentication Suite include:
- Fingerprint-Enabled Strong Authentication: On leading devices, such as the Samsung Galaxy S6 or iOS Touch ID-enabled devices, users only have to touch their finger to authenticate to a FIDO UAF-enabled mobile application, or to approve a website request for out-of-band authentication. Users don’t have to create, remember and type passwords — meaning that relying parties can now offer an improved user experience, reduce barriers to sales, lower deployments costs and deliver stronger security.
- Out-of-Band Authentication: Users can leverage the FIDO capabilities they already have on their mobile device to authenticate logins and transactions initiated on a separate device, such as a desktop web browser. Users simply need to register their authentication credentials on their mobile device and then use those credentials when authenticating from any other machine.
- Reduction of Friendly Fraud: In order to counter unintended fraud on shared devices, the Nok Nok S3 Authentication Suite is the only authentication solution capable of ensuring that only fingerprints authorized by the primary user or the application can authenticate to an account. This capability introduces policies to address applications requiring higher levels of security.
- Coverage with Multiple Authentication Modalities: The Nok Nok S3 Authentication Suite addresses both new and legacy devices, as well as a range of biometric authenticators including fingerprint sensors, iris recognition, voice biometrics, and face biometrics.
The Nok Nok S3 Authentication Suite has already seen deployments from industry leaders, including NTT DOCOMO, PayPal and Alipay. Further pilots are in progress at major banks, mobile network operators, healthcare solution integrators, and major trading networks. The new version of the Nok Nok S3 Authentication Suite is planned for availability in late Q4 2015.
Village Hotel uses mobile keys
Guests can check-in without standing in line and open their hotel rooms via the app and can also book their next stay directly on their smartphone. The mobile app is from hetras and is linked to the company’s cloud-based property management and central reservation system. The hetras app is available to hoteliers on a monthly subscription fee and can be customized to different hotel processes and brand designs.
hetras has integrated LEGIC Connect into the app for mobile key functionality.
Threat-centric IAM white paper released
OpenSky, a fully owned subsidiary of TÜV Rheinland, has published the first in a series of white papers on how enterprises can protect their assets against cyber attacks, entitled: Threat-Centric Identity Access Management (IAM). The principle of Threat-Centric IAM addresses this need for improved IAM maturity levels with a distinct focus on the means, motive and opportunity behind a threat model, aligned with security intelligence.
Conventional security architecture takes advantage of ingress and egress points on a set of enterprise perimeters. Cloud computing patterns have disrupted those perimeters and in some cases — such as mobile devices accessing SaaS — totally bypassed them.
Because identity and authentication remain the building blocks of cybersecurity, they are also the top vulnerabilities exploited in a high percentage of attacks. Traditional security methods do not go far enough in today’s evolving network environment.
Threat Centric IAM can be defined by the following elements:
- Next generation Security Information and Event Management tools that are built-in to big data technologies that analyze threat intelligence and risk/behavior
- Threat analytics with big data technologies can feed Structured Threat Information Expression intelligence to all security controls. This intelligence is then integrated into the IAM stack for “design time,” “provision time,” “run time,” and “access time” IAM control responses
- An intelligence-driven architecture that involves real-time responses based on actionable intelligence, which includes responses that can be fine-grained in terms of a recommended set of actions
Arcanum unveils secure auth for financial services
Arcanum Technology LLC, a developer of authentication solutions, announced the launch of the N-Kōd, a passcode authentication technology for financial institutions and online merchants.
Arcanum Technology’s N-Kōd authentication solution powered by the PINDragon engine creates a secure online business environment through a system that protects user information from entry through confirmation. Arcanum Technology is launching and demonstrating N-Kōd this week at the Money 20/20 conference in Las Vegas.
In the last decade, banks and most retailers have moved to establish an online presence in an effort to generate revenue and reduce service and support costs. Authentication is a necessary first step in any online transaction. However, traditional authentication methods are fraught with exposure points where user data is open to attack by cybercriminals. To date, the majority of investment has gone into adding complicated layers to the authentication process with no investment into strengthening the weakest link, the passcode.
Arcanum Technology’s N-Kōd is able to protect user credentials through a security framework that includes an expanded character set and a cypher algorithm.