Real-time authentication is that familiar process of being identified as an authorized user as immediately as the system can perform the verification. The instant identification is in contrast to a trip to the department of motor vehicles and submitting your credentials, having a person check the information and sends you the results by USPS mail. In both of these scenarios you are in control of the credentials. It is not hard to understand that the computer username/password invention was modeled after the paper systems that preceded it.
Online account access almost always provides real-time authentication. Entering the username and password and gaining access to an application is an example of real-time authentication.
Once access to the application has been granted, users enjoy the authorized services. For instance, using real-time authentication to access your online banking application may give you the ability to check balances, transfer funds, etc. but not add a signatory to the account. Adding a signatory to the account requires the signatory to make that trip to the bank and identify themselves.
Given the honest nature of people and the fact that a new signatory of an account must show up at the bank, most think that there wouldn’t be much fraud with in-person identity verification.
Real-time authentication is needed that offers the same assurance as in person physical identification. That was problematic for remote or unattended authentication. Fortunately the technology has improved and the cost has subsided to allow for a user identification using common place commodity hardware and biometrics based solutions. While biometrics can verify that the submission was made by an individual, it still cannot determine when the submission was collected. Real-time identification must include verifying the submission is live.
Learn How Our Out-Of-Band Authentication Solutions Help Protect User Identity
How it works:
The authenticating user answers a knowledge questions and speaks a random phrase unique to each login and sent to the user OOB. There is no way a hacker can know how to response. Malicious insiders still pose a threat even with this method, a tough problem to be sure.
The biometric submission is analyzed with a collection of technologies including voice, face and speech recognition. The Sovay process biometrically identifies the person in the A/V submission and confirms the user is live by transcribing the random, real-time spoken phrases. This biometrics and speech recognition approach to real-time identification helps prevent unauthorized access. Add in algorithms to thwat man-in-the-iddle attacks and we’re talking identification.
The malicious insider must speak the response and the combined use of voice and speech recognition ensure they spoke in the current login. Using algorithms that thwart man-in-the-middle attacks the malicious insider can’t pass control the another machine and pass the blame; they’ve been identified.