Security Experts:

Connect with us

Hi, what are you looking for?


Identity & Access

ImageWare Launches Multi-modal Biometric Authentication for Enterprises

Today’s security consensus is that password-based authentication and access is insecure, and that some form of two- or multi-factor authentication is necessary. The simplest and easiest second factor is an SMS-based soft token, and that is the route already adopted by many organizations.

Today’s security consensus is that password-based authentication and access is insecure, and that some form of two- or multi-factor authentication is necessary. The simplest and easiest second factor is an SMS-based soft token, and that is the route already adopted by many organizations. However, NIST’s recently published concern over some implementations of SMS-based 2FA has provided new impetus for biometric authentication.

ImageWare has today launched what it describes as the “first ever multimodal biometric authentication solution for the Microsoft ecosystem.” Called GoVerifyID Enterprise Suite (no connection to the UK’s Verify system), the system combines ImageWare’s Biometric Engine and its GoMobile Interactive products to provide true multi-factor biometric authentication.

“As the digital workforce expands, with data extended to external stakeholders and across numerous types of devices and systems, the need for high-assurance, enterprise-wide protection has intensified,” said Jim Miller, chairman & CEO of ImageWare. “The traditional security perimeters have changed and executives are being held accountable for safeguarding data against potentially devastating breaches that can tarnish a brand’s reputation. Armed with GoVerifyID Enterprise Suite, corporations have access to a scalable and affordable solution that works with their existing Microsoft infrastructure and gives them the ultimate peace of mind.”

One of GoVerify’s strongest points is the ease and speed with which it can be integrated into any Microsoft installation. It integrates with Active Directory and is essentially a snap-in to the Microsoft Management Console. It is a SaaS cloud service with the biometrics database held in the cloud, and GoMobile operating as the agent on mobile devices. As a result, costs are kept down (including Opex rather than Capex) while scalability is limitless.

The database stores only anonymized biometric information. If there were ever a compromise, the biometric data would be unusable because it is unattributable. Because it is multi-modal, customers can choose the correct level of secure authentication for different user situations: for example, voice or voice/face or voice/face/fingerprint, etcetera. And because it is cloud/device based, authentication can be achieved even when disconnected from the corporate network.

Out-of-band authentication is achieved with GoMobile on Apple or Android smart devices, while in-band authentication is achieved using any Windows Biometric Framework-compatible device. Since it uses biometrics, it promises to solve the primary weakness inherent in token-based authentication: it authenticates the person and not just the device. Having said that, biometric authentication is not without its critics. Some critics claim that there are few if any biometrics that cannot be spoofed, and that a person’s biometric definitions do not remain constant over time. Fingerprints are a good example.

However, since GoVerify offers multi-modal biometrics, it would be extremely difficult to adequately spoof multiple modes simultaneously. Other biometric options include eye and DNA; but the system can also be used in conjunction with other authentication controls, such as tokens, digital certificates, passwords, and PINS.

ImageWare is no newcomer to the biometrics field. It has extensive existing arrangements with leading biometrics companies and can incorporate existing and new biometric algorithms into its database. The intent is to be complete, yet extensible and agile.

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Expert Insights

Related Content

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Identity & Access

Strata Identity has raised $26 million in a Series B funding round led by Telstra Ventures, with additional investment from Forgepoint Capital, Innovating Capital,...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Google’s Threat Analysis Group (TAG) has shared technical details on an Internet Explorer zero-day vulnerability exploited in attacks by North Korean hacking group APT37.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Big-game malware hunters at Volexity are shining the spotlight on a sophisticated Chinese APT caught recently exploiting a Sophos firewall zero-day to plant backdoors...