The BioGraphic Profile (BGP®) offering
Nowadays, text passwords have proven to be increasingly insecure, difficult to remember, prone to theft and or cracking, resulting in identity thefts, stolen company secrets and the loss of personal information. It has become clear that text passwords no longer provide adequate security. Hackers using key loggers (software and hardware) which can be easily purchased copy text password and gain access to personal and sensitive information.
Recognizing this worldwide security breach and the growing demand for new authentication solutions, ANB offers an innovative IT security solution for accessing Internet sites and information systems via a secured login gateway. ANB's BioGraphic Profile (BGP®) replaces text passwords by using highly secured unique graphic passwords. Unlike typing text password, the graphic password is drawn using a PC mouse, a stylus or a human finger on any available touch screen. And unlike any drawn still images, BGP® can identify the behavioral pattern of the graphic password in order to securely and positively authenticate users as the makers of that graphic password.
BGP® – The need & the solution
The current text passwords systems require users to remember several different passwords for approaching different systems and web sites. Consequently, users prefer to use easy-to-remember passwords, which tend to be susceptible to security breach. As of today, it is common knowledge that easy-to-remember passwords can be easily cracked. Hackers take this fact as an advantage in breaking into systems, in stealing sensitive information, in causing damages and engaging in other hostile activities. Information systems can be highly protected by firewalls, anti-viruses, IDS systems and more, but they can still be vulnerable via the weakest security chain, the well-known breach that beckons hackers – easy-to-remember passwords. Therefore, the need for a different paradigm and a highly secured password mechanism is constantly on the rise.
access to internet/intranet information
When presenting BGP®, ANB was the first to come out with a new security concept eliminating the need for alphanumeric passwords while ensuring ease of use and ease of recall. The latest researches prove that visual passwords are easier to remember compared to text passwords. BGP®'s innovative concept was based on employing the user’s visual memory rather than the Linguistic/Logic Long Term Memory, which is used for remembering text passwords. Moreover, visual passwords are very difficult to copy for hackers using key loggers, making them a far superior authentication solution as far as security is concerned. And finally, BGP® offers a Single Sign-in module, which enables users to use a single graphic password in accessing multiple different systems.
BGP® - a unique, cost-effective solution
BGP® implements multi-security-layers using a Single Sign-in module. It presents a highly cost-effective, pure software-based solution, without a need to install any dedicated hardware at remote PC workstations. Thus, BGP® is an optimal solution for securing Information systems, Internet and/or intranet information resources in a cost-effective manner.
BGP®’s main modules
ANB's BGP® consists of the following main software modules:
• BGP® Password Verification service module
• Security Alerts service module
• Personal Profiles service module
• Encrypted Security Databases module
• Encrypted Data Exchange module
• Secured communication using SSL v3 module
• Installation module
• Training module
• Maintenance module
• Dot Net SOAP interfacing module
BGP®’s multi-security layers architecture
ANB’s BGP® implements three independent layers of security:
I. Authentication layer: This layer is part of the main secured gateway module. It enables the Login gateway to authenticate users in real-time based on their unique BioGraphic Profile. The logged user gains access to the protected system and/or Internet/Intranet site only after a successful BioGraphic Profile authentication process.
II. Customers' Personal Behavior layer: This layer enables the security team to track down suspicious login activities in real-time. The alerts are generated based on pre-defined global security policy, which is defined by the organization’s IT team. Whenever there is a trigger by any suspicious event, a security alert is generated and directed to the security team.
III. Security Information Privacy layer: All security information is encrypted and any sensitive information is stored in the system central database. Sensitive information is highly encrypted both before and after exchanging it with certified remote terminals. This security layer records all important transactions as defined by the global security policy. All significant transactions, alerts, security profiles etc. are recorded for future reference as may be required.
BGP®’s Users Personal Security Profile - UPSP
For each user, BGP® stores a unique security profile, which encapsulates personal security information as follows:
• General details
• A Dynamic Unique BioGraphic Profile – (generated at the end of a successful personal enrolment process)
• Personal User's behavior
BGP®’s Enrolment Process
Each user's security information is gathered during a short enrolment process at the time the user joins the system. After providing his/her personal details, the user is asked to create a unique BioGraphic Profile that will be used for accessing the protected system or site via a secured Login gateway. For each new user, a UPSP (User Personal Security Profile) is automatically created.
Within the enrolment process, the user is requested to create his/her unique BioGraphic Profile by:
• Choosing a unique background skin – a personal picture to be displayed on the computer screen
• Choosing a series of icons that will be randomly mapped on the background skin
• Drawing a unique graphic password, either by finger line drawing or by mouse clicking on specific locations (right and/or left clicks) and/or dragging chosen icons from one location to another. Each such profile represents a unique biometric signature allowing for positive and secure authentication of the user.
BGP® Evaluation Metrics
BGP® has been tested by the Israeli Institute of Standards (an affiliate of “VeryTest” ZDLabs). The performed metrics were:
• Identification user rate > 99.50%
• Failure rate (false reject in three successive tries) < 4.5%
• Signatures required for User's Registration: 4-5 signatures
• Average Signature: 3 to 15 seconds (up to 400 samples dots – signature image resolutions)
BGP® System Requirements
BGP® Authentication Service Center is installed on a server farm, at either the customer’s site or using Cloud services.
On the client side there is no need to install any special peripheral device. The user draws his/her unique biographic picture by using a mouse or stylus if using a tablet PC, or by finger on a touch screen. The drawn BioGraphic profile is then sent directly for authentication to the secured Login Gateway in the BGP® Authentication Service Center. The server-farm in which the Authentication Service Center is installed consists of a few (3 or more) servers according to scope of usage and performance requirements. The system consists of two types of servers, as follows:
I. SQL Servers for storing all security information in a central database – the system was designed by separating the encrypted MS SQL database transactions from the Graphic Passwords authentication request/transaction in order to ensure high performance. The MS SQL database is installed in two redundant servers (RAID 5). It stores all security information, PUSP Profiles, Global and personal policies, all recorded transactions, all recorded alerts, all accounts administrators and more.
II. BioGraphic Profile Authentication Services - the other type of servers are the authentication servers that are dedicated for running the authentication process and requests. These servers are installed in NLB (Network Load Balancing) structure in order to ensure high availability.
ANB’s BGP® is an innovative authentication solution that provides secured access to Information systems and Internet/intranet resources via a secured login gateway. BGP® brings a new concept of behavioral dynamic graphic passwords, offering a user-friendly, easy to use alternative to traditional text-passwords authentication solutions. BGP® was designed as an enterprise IT security solution, it requires no dedicated hardware, and interfaces seamlessly with all common existing Sign-on management systems.