Identity Cues Products
Identity Cues products help organizations exceed FFIEC & NCUA authentication guidelines & combat online fraud while delivering Maximum Security with Maximum Convenience
Identity Cues Two Factor
*NEW* Mobile Authentication Module for Identity Cues Two Factor *NEW*
Identity Cues (for Web Sites)
Identity Cues For Email
Identity Cues Two Factor
Download Identity Cues Two Factor Data Sheet
Identity Cues Two Factor: What It Is
Identity Cues Two Factor is a unique, user-friendly authentication system that both strongly authenticates users to an online system as well as informs users whether they are interacting with a legitimate web site or with a criminal’s clone site. As the most user-friendly two-factor (and two-way) authentication system available today, Identity Cues Two Factor typically requires no user enrollment, no extra steps during the login process, no user training, and little ongoing maintenance, yet implements true two-factor authentication.
Identity Cues can help your organization meet and exceed the new Federal Financial Institutions Examination Council (FFIEC) guidelines by providing both two-factor and two-way (mutual) authentication – but without forcing you to inconvenience your users in order to achieve that improved level of protection.
Identity Cues Two Factor: How It Works
Identity Cues Two Factor is delivered as software that easily integrates with existing web sites. True two-factor authentication takes place behind the scenes, and obvious cues enable all users to instinctively recognize whether or not they are interacting with an intended legitimate business.
With Identity Cues Two Factor, patent-pending technology authenticates users as well as the computers they use for access. Users type their login names & passwords as they always have – with no added steps. When a user accesses from an unknown machine, a one-time password is required for access; the one-time password can be sent to the user via an email message, delivered via SMS service to his cellphone, or generated by a third-party product such as a hardware token.
Identity Cues Two Factor generates visual cues by applying one-way cryptographic functions to user-entered text and a series of secret keys. Based on the result of the calculations, cues are selected and displayed in user’s web browser. Only the genuine site can generate the proper cue for any particular user; if no cue or an incorrect cue is displayed, it will be obvious to even an untrained user that something is very wrong with the site.
Identity Cues Two Factor delivers true two-factor authentication whenever a user accesses the system. It never relies on users answering questions (whose answers can often be obtained by criminals even easier than passwords can) in lieu of a true two-factor sign on.
Identity Cues Two Factor includes its own two-factor authentication systems, but can also be used with other two-factor systems so as to add both mutual authentication and convenience. With Identity Cues Two Factor in place, after a user’s initial login with the other two-factor technique, all two-factor activities take place behind the scenes – users have no extra steps to endure.
Identity Cues Two Factor: Business Benefits
The elegance and simplicity of Identity Cues Two Factor can provide significant benefits to many organizations transacting business online or allowing their employees remote access to sensitive resources. Among these benefits are:
- Strong two-factor authentication of users without the user dissatisfaction that normally accompanies transitions to two-factor authentication.
- Compliance with FFIEC guidelines.
- A significant reduction in the losses (financial and otherwise) incurred as a result of phishing-related fraud.
- The protection of sensitive data that is transmitted or accessible online.
- The ability to continue business operations without the need to impose new operationally disruptive processes, capital-intensive systems, or administrative restrictions intended to reduce exposure to phishing.
- Greater customer comfort with conducting business online due to improved security delivered imposing complicated requirements on users.
- An enhanced shielding against litigation that may arise from phishing-related incidents.
- “Reasonable safeguard” protection for organizations subject to regulatory compliance statutes, including the Sarbanes-Oxley Act, Gramm-Leach-Bliley Act and Health Insurance Portability and Accountability Act.
Identity Cues Two Factor: Advantages Over Alternative Two Factor Authentication Systems
Identity Cues offers several significant advantages over alternative two-factor authentication systems:
- Convenience for users:
- No user enrollment is required – significantly improving convenience for users and dramatically reducing the “real cost” of implementing and maintaining the two-factor authentication solution.
- No extra steps are added to the user’s login process – after their initial login, users enjoy the same, simple login experience that they always have with no added steps.
- No software download – the user does not need to download or install any software.
- The user does not need to carry any physical devices (e.g., tokens)
- Access is available from essentially any web-connected device.
- Proactive protection – Identity Cues Two Factor helps stop users from falling prey to phishing attacks before they surrender sensitive information to mischievous parties, not by trying to “clean up” afterwards.
- Designed by a psychologist to be maximally effective with minimal intrusion on users.
- Identity Cues Two Factor requires little ongoing maintenance.
- Identity Cues Two Factor offers double-layer protection against Man-in-the-Middle attacks.
- Lower Cost of Implementation and Ongoing Total Cost of Ownership (TCO) – because of the aforementioned unique attributes, Identity Cues sports a much lower expected cost of implementation and ongoing TCO numbers that do other authentication and anti-phishing technologies.
- Identity Cues does not disclose sensitive information to criminals – some anti-phishing systems allow any parties on the Internet (including criminals) to determine what usernames are valid for the online systems that they “protect.” If your organization would not post a list of all of your online system’s valid usernames on the Internet, such a vulnerability should be of significant concern.
Mobile Authentication Module for Identity Cues Two Factor
The Mobile Authentication Module add-on for Identity Cues Two Factor adds mobile-device-optimization for two-factor and site authentication to the Identity Cues Two Factor platform. Companies wishing to provide users with access to their web sites from RIM's Blackberry devices, Palm's Treo phones, Motorola's Q phone, Apple's iPhone, and other mobile devices need not sacrifice on security -- armed with Green Armor's Identity Cues Two Factor, companies can achieve maximum security and maximum convenience when users access from either computers or from handheld devices.
Identity Cues for Web Sites
Download Identity Cues for Websites Data Sheet
Identity Cues for Websites: What It Is
Identity Cues for Websites (formerly known as Identity Cues) is an innovative software solution designed to protect organizations, their employees, and their customers from phishing, pharming, and Internet fraud. It can help stop the digital leakage of corporate trade secrets or personal sensitive information, and can help prevent financial losses that may incur as a result of such leaks. Identity Cues for Websites was designed by a team consisting of an information-security expert and a psychologist, and leverages various aspects of both disciplines to protect even untrained users who never make any conscious effort to combat phishing.
Identity Cues for Websites is a software solution that can run on numerous platforms. It scales to accommodate environments of all sizes, and can be used in conjunction with other authentication and fraud-detection systems.
Identity Cues for Websites: How It Works
Criminals rely on their ability to replicate the “look and feel” of a legitimate business’s online presence in order to trick users into divulging sensitive information. Identity Cues products make it exceedingly difficult for criminals to do so.
Security is achieved through the use of easily recognizable visual cues that appear during the user login process. These cues were designed based on advanced psychology, and, even after a user’s first access to a web site, become an integral part of the user’s visual experience on that site; if the cues are not present on a subsequent login, even users who are not consciously looking for them will notice that something looks “very wrong” with the site that they are accessing and will not enter their credentials or sensitive information.
Visual cues vary between users, but are identical on each login for any particular user. Cues may be customized by an organization deploying Identity Cues products, but typically consist of colored boxes with basic text elements (such as letters, short words, or short numbers) or famous phrases/quotes within them.
Cues are generated by applying a one-way mathematical cryptographic function to portions of text that the user types and a series of keys established by (and known only to) the organization – criminals cannot spoof or generate the correct cues for any particular user. Users who access a phishing site will not see their cues and will quickly realize that “something is wrong.”
Identity Cues for Websites: Improved Authentication
Identity Cues products work with numerous forms of user authentication – so whether your users use usernames and passwords, one-time passwords, hardware tokens, biometrics, or other techniques to authenticate themselves to your system – you can use Identity Cues products to ensure that their authentication information is in fact being sent to you and not to a criminal.
Furthermore, Identity Cues products can help your organization meet the new Federal Financial Institutions Examination Council (FFIEC) regulations by providing two-way (mutual) authentication – but without forcing you to inconvenience your users in order to achieve that improved level of protection.
Identity Cues for Websites: Business Benefits
The elegance and simplicity of Identity Cues can provide significant benefits to many organizations transacting business online or allowing their employees remote access to sensitive resources. Among these benefits are:
- A significant reduction in the losses (financial and otherwise) incurred as a result of phishing-related fraud.
- The protection of sensitive data that is transmitted or accessible online.
- The ability to continue business operations without the need to impose new operationally disruptive processes, capital-intensive systems, or administrative restrictions intended to reduce exposure to phishing.
- Greater customer comfort with conducting business online due to improved security delivered without having to impose any new requirements on them.
- An enhanced shielding against litigation that may arise from phishing-related incidents.
- “Reasonable safeguard” protection for organizations subject to regulatory compliance statutes, including the Sarbanes-Oxley Act, Gramm-Leach-Bliley Act and Health Insurance Portability and Accountability Act.
More About the Business Benefits of the Identity Cues anti-phishing/pharming system
Identity Cues: Advantages Over Alternative Anti-Phishing Technologies
Identity Cues offers several significant advantages over alternative anti-phishing offerings:
- Proactive protection – Identity Cues helps stop users from falling prey to phishing attacks before they surrender sensitive information to mischievous parties, not by trying to “clean up” afterwards.
- Designed by a psychologist to be maximally effective with minimal intrusion on users.
- Convenience for users:
- No user enrollment is required – significantly improving convenience for users and dramatically reducing the “real cost” of implementing and maintaining the anti-phishing solution.
- No extra steps are added to the user’s login process – users enjoy the same experience that they always have. Furthermore, if an organization plans to implement a new authentication system it can minimize user disruption by implementing Identity Cues for anti-phishing purposes – as Identity Cues will not add any extra steps beyond those of the primary authentication.
- No software download – the user does not need to download or install any software.
- The user does not need to carry any physical devices (e.g., tokens)
- Access is available from essentially any web-connected device.
- The user experience remains the same for any particular user even across diverse locations and devices – simplifying the user experience and reducing the chance that criminals can exploit user confusion to successfully execute a phishing attack.
- Identity Cues requires little ongoing maintenance – cues are generated in real time, there is no database to maintain.
- Lower Cost of Implementation and Ongoing Total Cost of Ownership (TCO) – because of the aforementioned unique attributes, Identity Cues sports a much lower expected cost of implementation and ongoing TCO numbers that do other anti-phishing technologies.
- Identity Cues does not disclose sensitive information to criminals – some anti-phishing systems allow any parties on the Internet (including criminals) to determine what usernames are valid for the online systems that they “protect.” If your organization would not post a list of all of your online system’s valid usernames on the Internet, such a vulnerability should be of significant concern.
Please click here for a more detailed comparison between Identity Cues and alternative anti-phishing technologies
Identity Cues for Email
Download Identity Cues for Email Data Sheet
Identity Cues for Email: What It Is
Identity Cues for Email is an innovative software solution
that allows organizations to safely use email as a medium of communication with customers and employees by greatly reducing the risk of end-users being tricked by phishing email messages. Identity Cues for Email makes obvious to recipients of email messages sent by a person or organization that the messages were truly sent by the sender; even novices can quickly and easily spot a potential phishing email message. No user enrollment is necessary, and users do not need any training or special software; they can read email using the same email clients with which they are already comfortable. Users do not have to download/install any software, configure anything, carry any security devices, register for any services, or memorize any extra secrets.
Identity Cues for Email: How It Works
Criminals rely on their ability to replicate the "look and feel" of email messages sent by a legitimate business in order to trick users into divulging sensitive information. Identity Cues for Email makes it exceedingly difficult for criminals to do so.
Security is achieved through the use of easily recognizable visual cues that appear at the top of every email message sent by an organization using Identity Cues for Email. These cues are based on advanced psychology, and, even after a user has seen even one message from the organization, become an integral part of the user's expected visual experience when reading email sent by that entity. If an email message is received an the cues displayed are incorrect or simply missing, users will notice that something looks "very wrong" with the message and not follow the sender's instructions.
Visual cues vary between users, but are identical on every message for any particular user. Cues may be customized by an organization deploying Identity Cues for Email, but typically consist of colored boxes with basic text elements (such as letters, short words, or short numbers) or famous phrases/quotes within them. Cues are generated by applying a one-way mathematical cryptographic function to a secret key and to either the user's email address or some other user-specific information; without the secret key (which they do not possess) criminals cannot spoof or generate the correct cues for any particular user. Users who receive a phishing email message will not see their cues and will quickly realize that "something is wrong."
Identity Cues for Email requires no user enrollment, or client-side software downloads. Users can continue to read email with whatever email software they like – users are not burdened with any changes to the way that they receive and read email messages.
Identity Cues for Email: Business Benefits
The elegance and simplicity of Identity Cues for Email can provide significant benefits to essentially any organization relying on email as a means of communication. Among these benefits are:
- Identity Cues for Email allows organizations to safely use email as a mechanism for communicating with customers, partners, and employees - without inconveniencing those parties.
- Identity Cues for Email can help deliver a significant reduction in the losses (financial and otherwise) incurred as a result of phishing-related fraud.
- Identity Cues for Email can help protect of sensitive data that is transmitted or accessible online.
- Identity Cues for Email allows organizations to continue business operations without the need to impose new operationally disruptive processes, capital-intensive systems, or administrative restrictions intended to reduce exposure to phishing.
- Identity Cues for Email helps deliver greater customer comfort with conducting business online due to improved security delivered without having to impose any new requirements on them.
- Identity Cues for Email can provide an enhanced shielding against litigation that may arise from phishing-related incidents.
- Identity Cues for Email helps achieve “Reasonable safeguard” protection for organizations subject to regulatory compliance statutes, including the Sarbanes-Oxley Act, Gramm-Leach-Bliley Act and Health Insurance Portability and Accountability Act.
Green Armor™ also provides professional services and consulting associated with our information-security products. We help all of our customers install and integrate our offerings into their environments, so as to ensure quick and successful implementations. Of course, we offer ongoing support for all of our product deployments.
More Information:
Business Benefits of Identity Cues anti-phishing/pharming system
A comparison between Green Armor's Identity Cues and alternative anti-phishing technologies
Phishing: Background Information
Pharming: Background Information
The marks Green Armor Solutions, Green Armor, Identity Cues, Identity Cues for Websites, Identity Cues for Email, Identity Cues Two Factor, and the Green Armor Solutions logo are trademarks of Green Armor Solutions, Inc. All other marks are the trademarks of their respective owners.
|
