Authentify offers a comprehensive list of functional elements that can be built into any Authentify enabled process. These elements can often be combined in ways to mimic an existing manual process, or develop a new high security process for your organization. Authentify’s approach permits considerable flexibility in designing and interfacing with your existing applications. Individual elements can be tuned to match the security level and functionality necessary for your particular authentication requirements.
| Application Element |
Functionality |
What does this add to an application? |
| Automated outbound call |
Places outbound call, synchronized to a Web session, requires # sign reply that call is expected. |
Confirms that a valid phone number has been offered or is on file for the user. Call must be answered for a process to continue. |
| Confirmation Code Exchange -DTMF |
Displays a number on the Web screen that must be entered via telephone keypad in the phone |
Confirms that the person, computer and phone are all in the same place at the same
time. |
| Confirmation Code Exchange- Spoken |
Displays a number on the Web screen that must be spoken into the telephone |
Confirms that the person, computer and phone are all in the same place at the same time. |
| Voice Recording Capture |
Application prompts person to speak an agreed upon Word, phrase or their name. |
Useful as an e-signature. When a person says the words “I agree to these terms” there can be little doubt they understood what they were doing. Also useful as a deterrent. Site spoofers do not want to be personally connected to their online identities if it can be avoided. A voice recording can be used to link a person in the real world to their online identity. |
| Speech Recognition |
If a voice recording is used, speech recognition can be employed to ensure that the correct phrase has been spoken. |
It may be desirable to have the user speak the confirmation code vs. keying it in on the telephone keypad. Speech Recognition ensures the string has been spoken correctly. Adds stronger support for e-signature. |
| “Liveness” Test |
Test to ensure speech is from a live person vs. an engine or both |
Prevents use of recordings, bots or other devices ensuring there is a perso |
| Voice Biometrics |
Voice “print” capture, used for high security. A returning user must possess the correct voice to make use of a biometrically enabled
application. |
Ensures that a returning user is the same user who enrolled originally. May permit access to high security applications or financial transactions based on high certainty the user is the legitimate account owner. Can be used in lieu of security tokens or manual phone calls placed to confirm users ID. |
| Inbound Call to Console |
Inbound Call can use voice biometric as authentication for PIN replacement or telephone access to phone based systems |
Can be used when user can not logon to their computer because they have forgotten their password or it has expired. Biometrics used to authenticate the account holder. |
| Multiple Telephone Calls |
Used to reach a user a second time. |
Can be used to confirm possession and control of a cell phone, or the ability of a person to be reached at through a switchboard vs. a direct line or vice versa. Can be used to call a 3rd party to the transaction, controlled by business rules on the customer server side. |
| Shared Secret Challenge Response |
Requires Speech Recognition. Requires user to speak an on file secret – favorite movie, secret word, secondary pass phrase etc. |
Used to add security to an application, or perhaps used for a password or PIN replacement application. Instead of typing a maiden name or other “secret”, user is required to speak a previously agreed upon “shared secret”. |
| PIN PW Delivery |
Text to speech engine will “read” a string to the user on the other end of the phone. |
Used for PIN replacement or delivery applications, PW reset applications. |
| 2-Way Authentication Playback |
Application stores a word or pass phrase that has been recorded by the user on a previous visit, and plays it back to them over the phone on a subsequent visit. |
Offers a simple way to authenticate email offers and Web sites if phishing and spoofing is a concern. The site has both the ability to
phone the user, and play back a recording only the Web site can have. Removes risk of compromised information. |
| Email Integration |
A provisioning tool that integrates to email. Permits an administrative user to send an email to an end user that will trigger the authentication phone call at a number the administrator designated. |
Used for sponsored enrollment or delegated administration and access control. An authorized administrator or supervisor is presented with a tool for enrolling/authorizing remote users in a secure system provided they can complete the authentication process at a phone number the administrator has designated and trusts. |
| Telephone Data Services (TDS) |
Behind the scenes analysis of the “data” that can be associated with a telephone number, including a provisioning indication such as cellular versus landline. |
Telephone Data Analysis is used for verification that a call is being placed to a phone that can be traced to a particular user. Indications include cellular versus land line provisioning, prison phone, business phone indication, geographic proximity of an area code and exchange combination relative to a zip code, reverse look-up billing name and address information, indication of the age of the billing relationship between the user and the phone company. There are wide variations in availability of phone records on an International basis. TDS should be discussed with your Authentify representative for validity in your particular are of interest. |
| USPS Electronic Postmark |
Wraps an electronic postmark around the online transaction employing the Athentify service |
A United States Postal Service Electronic Postmark provides additional trust by adding USPS jurisdiction to the transaction. This designation adds a highly recognized authority as a verifying third party and places the transaction under USPS jurisdiction, making fraudulent attempts against the transaction a felony punishable by USPS wire fraud laws. |
| Audit Trail Reporting |
Transaction records from Authentify telephony and Web servers in downloadable format tied to Web sessions. |
Audit reports include the transaction record tied to user ID and telephone, timestamps from the Internet and Telephone network, voice recordings etc. Effectively the audit trail of a transaction involving Authentify in digital format. |
| Delegated or Sponsored Enrollment Template |
Employs a combination of
provisioning tools, email, and multiple phone calls to permit a manager or administrator to remotely sponsor or approve the access of another party. |
Used when an employee or other user’s access must be approved by a senior colleague. Application template will help identify the senior colleague, notify them via e-mail of the access request, authenticate the senior colleague via phone call linked to the email, record their approval or denial, then forward via email a link to an authentication session for the user seeking access. |
| 3rd Party Participant in an Enrollment or Re-activation Session |
Permits 2 individuals to participate in a single call event. May or May not use voice biometrics. |
Used when an employee or a subordinate needs additional authorization to enroll or reset their account. Call flow is initiated by Supervisory access to a Web utility and the call directs Supervisor when to use phone and when to hand it over to the employee or subordinate. |
| e-Signature template |
Employs telephone call, Speech recognition, voice biometric (optional), call recording, ultimately a “hash” of the transaction record into a document for an irrefutable e-signature. |
E-signature is a generic term for any form of digital “indicator” that is used to “capture” the consent of the individuals involved in an agreement or transaction. Clicking on “I Agree” is a form of e-signature.
The e-sign law, however, merely states that a digital signature will be given the same weight at law as a “wet” or in person signature. In order to be “bulletproof” from a legal standpoint, an e signature must clear 3 hurdles. It must be unique to the individual, demonstrably under their control and indicative of their consent. Clicking an “I Agree” button does not meet this type of
standard and becomes less useful for important transactions.
A voice recording of someone saying “I Agree”, however, can meet all three. It is one of the few biometrics that can capture a “behavioral” characteristic, such as agreement or intent in an undisputable way. |
PKI Activation
Code delivery
template |
Application designed to deliver activation codes for pki digital certificates. Combines elements of sponsored enrollment and PIN delivery for security layer. |
Ability to remotely manage large number of certificates issued to diverse and remote work force or partners. Valuable for VPN and intra/extranet implementations |
Time and
Attendance
Application
Template |
Application designed to offer remote reporting on mobile workforce. Remote workers check-in via voice from remote assignment phone. |
Ability to automate and provide audit trail for consultants, contract workers etc. without incurring infrastructure cost at the client location, or “hands on” determination if worker has in fact arrived at designated location. Biometric application ensures correct individuals checked in from client location. |
