On an Analyst Call yesterday our new technology, LiveEnsure™ came in the spotlight as new ways of doing things always do. We are making security available for developers to download and use without a long winded sales trail or price tag to match.
The Mash Up Question:
" I am concerned that as a mash-up - which is the combining of two different apps/services to create a new one that - this new " app" is somehow compromised because of a side door / opening created inadvertently in the process.. "
Answer:
LiveEnsure™ is a side-chain mashup, not a front-door mashup like openID, Google or Facebook login.
The communication, session and credential exchange are private to the site and LiveEnsure™, not the user. The user cannot "inadvertently" do anything outside or beside the site/app from their own volition. In addition, the ONLY the the user does is react and respond to the challenge, they are not initiators.
The process of authentication with LiveEnsure™ is a multi-factor "verification" of the primary "identification" process already resident in the existing site or app.
LiveEnsure™ does not "identify" users, which removes all possibility of false positives/negatives, or "letting someone in via side/back door".
The site identifies, we authenticate. We step outside the browser, app or session in a side chain, and merely verify the credentials of the site or app, session, device and user. The site then polls LE directly (outside of the user communication at either the site/app or Live endpoint) for authentication status. Status is not propagated or forced up the chain from LE to the site or user, thus also prevent unrequested or illegitimate status notification and possible bypass, hack, spoof or replay.
For these two fundamental reasons, LiveEnsure™ is:
a) additive security, not replacement or reduction (in the case of backdoor, "other" way in)
b) completely under the control of the site at all times, as there is no user session sharing or user initiation capabilities
c) side-chain logic, vs. front door, side door or back door "identify/detect" logic, thus immune to brute force
d) only adding security by its presence, not removing it by its absence (above what was initially there, i.e. user/pass, OpeniD, sso, etc).
LiveEnsure™ affordable, accessible authentication for web and mobile.
http://www.liveensure.com/
Cast your vote for LiveEnsure in the mashable awards... best newcomer:
The Mash Up Question:
" I am concerned that as a mash-up - which is the combining of two different apps/services to create a new one that - this new " app" is somehow compromised because of a side door / opening created inadvertently in the process.. "
Answer:
LiveEnsure™ is a side-chain mashup, not a front-door mashup like openID, Google or Facebook login.
The communication, session and credential exchange are private to the site and LiveEnsure™, not the user. The user cannot "inadvertently" do anything outside or beside the site/app from their own volition. In addition, the ONLY the the user does is react and respond to the challenge, they are not initiators.
The process of authentication with LiveEnsure™ is a multi-factor "verification" of the primary "identification" process already resident in the existing site or app.
LiveEnsure™ does not "identify" users, which removes all possibility of false positives/negatives, or "letting someone in via side/back door".
The site identifies, we authenticate. We step outside the browser, app or session in a side chain, and merely verify the credentials of the site or app, session, device and user. The site then polls LE directly (outside of the user communication at either the site/app or Live endpoint) for authentication status. Status is not propagated or forced up the chain from LE to the site or user, thus also prevent unrequested or illegitimate status notification and possible bypass, hack, spoof or replay.
For these two fundamental reasons, LiveEnsure™ is:
a) additive security, not replacement or reduction (in the case of backdoor, "other" way in)
b) completely under the control of the site at all times, as there is no user session sharing or user initiation capabilities
c) side-chain logic, vs. front door, side door or back door "identify/detect" logic, thus immune to brute force
d) only adding security by its presence, not removing it by its absence (above what was initially there, i.e. user/pass, OpeniD, sso, etc).
LiveEnsure™ affordable, accessible authentication for web and mobile.
http://www.liveensure.com/
Cast your vote for LiveEnsure in the mashable awards... best newcomer:
No comments:
Post a Comment