TechJabber.com

ConfIdent Technologies, a Portland, Oregon-based software technology company, has unveiled a revolutionary secure login authentication technology.  RecognitionAUTH™ promises to change the face of Internet security with a new secure login solution that eliminates passwords, adding a layer of security that is more secure yet intuitive for users to understand, without requiring additional hardware.

“The ConfIdent solution addresses the fact that passwords are the weak link in Internet security. No matter how complicated or lengthy passwords are, they are easily compromised by readily available keystroke recording software,” says ConfIdent Technologies President and CEO, Joel Norvell. “And as consumers use more online services, they tend to use the same passwords over and over which creates an added security risk. ConfIdent addresses this problem by eliminating passwords altogether and replacing them with stronger authentication that is also easier on users.”

“For the first time, corporate-grade security is available for the web,” says ConfIdent’s EVP Mitchell Savage.  “With a software-only one-time access code, online banking can now be as secure as the best-guarded corporate networks, still enhancing the user experience.”

How ConfIdent RecognitionAUTH Works

Based on more than five decades of research showing that recognition is an easier task for the human brain than recall, the ConfIdent login eases the burden on the user, while still heightening security.

Without requiring any additional hardware, the ConfIdent login system is a software-only method of giving the user a one-time access code at the last moment, just in time for login.

The innovative system draws the user’s eye to the secret based on a personal selection made during the enrollment process.  Instead of a password, each user chooses from a number of “categories”, like airplanes, cars or keys.  At time of login, ConfIdent displays an array of images including an airplane, a car, or a key, along with several other unrelated images. Without knowledge of the secret, the display appears completely random to other observers.

The user spots the secret categories known only to him and sees a series of digits that act as the one-time access code.  Since other observers do not know the user’s categories, they do not know which of the displayed access codes to use as the key. Only the user can interpret the one-time access code from the display.

About ConfIdent Technologies

ConfIdent principals Joel Norvell and Luke Sontag are the veteran founders of Vidoop, an online identity service established in March 2006 that uses the ConfIdent Technologies secure login to secure web single sign-on for consumers.

ConfIdent Technologies was founded to deliver robust security solutions tailored to the unique needs of enterprise and financial institutions.

The two assembled a team of software engineers led by Scott Blomquist, CTO, an 8-year Microsoft veteran who shipped four versions of the Windows operating system.  Team members now include those with security backgrounds from the Naval Research Laboratory, the National Institute of Standards and Technology, and JPMorgan Chase’s Identity & Access Management division.

The company is privately held and funded with principal management controlling a majority of the company’s stock.  Private investors form a syndicate that owns stock and has representation on an Advisory Council.

For more information on ConfIdent Technologies, visit ConfIdentTechnologies.com.

How ConfIdent RecognitionAUTH™ Secures the Login

Without additional hardware, ConfIdent Technology’s RecognitionAUTH™ eliminates passwords and is effective against the prevalent forms of hacking.

Described as Cognitive Decryption, the ConfIdent system is a method of giving the online user a one-time access code from an on-screen display that is unrecognizable by others.  Because the authorized user knows a secret choice he made during the enrollment process, he can discern the one-time access code from the seemingly random display.  Unauthorized users who do not know the user’s secret see only an array of random images and digits.

When the user enters his username, ConfIdent RecognitionAUTH responds by displaying a variable size matrix of photographs, each bearing a number of random alphanumeric characters.  The photos are different for every login.  However the user knows what to look for because the photos are based on categories that are the same for every login.

Among the dozens of image categories, examples include images of dogs, flowers, castles, food, cars, golf, babies, airplanes, and many others.

When the user chose his username (during enrollment for the online system), the user also chose a number of categories.  Every time he logs on, he finds his categories in the random display.  The alphanumeric characters shown in the images matching his category become his one-time access code for this single login.

Upon the next login, the categories will have shifted positions randomly throughout the matrix.  In addition, the image representing each category will have changed.  These facts combine to mean that human-level cognition is needed in order to recognize the secret in the matrix.

In addition, the alphanumeric characters shown with the images will also have changed.  So even if the user’s machine is infected with keystroke-logging (keystroke-recording) software, any keystrokes captured by the hacker are useless in the future.

Yet the login remains simple for the user who easily spots his categories and ‘cognitively decrypts’ his one-time access code from the seemingly random display.

The system also withholds displaying of the matrix from unknown computers, protecting against guessing schemes by denying unauthorized users access to the matrix to attempt the guessing process.  However, the true user can always see his matrix by registering a new computer through a one-time-per-computer out-of-band PIN process.

Thus, the system protects against keystroke logging, phishing, and brute force, while mitigating man-in-the-middle attacks.