A Thing
The Green SheetGreen Sheet

Monday, April 1, 2013

Lawsuit claims user authentication patent infringement

Security technology firm StrikeForce Technologies Inc. filed a patent infringement lawsuit against three companies concerning multichannel security technology that controls access by third parties to host computers. StrikeForce said it sued phone-based two-factor authentication solution provider PhoneFactor Inc.; bankcard processor Fiserv Inc.; and First Midwest Bancorp Inc., the holding company for First Midwest Bank, to protect its patented technology as cyber-attacks continue to increase.

Patent number 7,870,599, called the "599 Patent," is titled Multichannel Device Utilizing A Centralized Out-of-Band Authentication System (COBAS). StrikeForce said the patent, granted by the United States Patent and Trademark Office in January 2011, and reissued the following December, "relates to several key technologies underlying a multichannel security system for granting and denying access to a host computer in response to a demand from an access-seeking individual and computer."

StrikeForce uses COBAS in its ProtectID authentication product, which, according to the FAQ on its website, can be employed in mobile device environments. "Methods that are used include, for example, receiving a call and entering a PIN number or one-time password (OTP) on a phone-type device," StrikeForce said. "This approach leverages a [second] network for entering or receiving passwords, which locks out hackers – even if they have your username and password."

Multifactor

PhoneFactor, a Microsoft Corp. subsidiary based in Overland Park, Kan., also offers multifactor out-of-band authentication software. PhoneFactor said its technology involves placing an automated call to the online banking user during login; the user answers the call and presses # on the mobile device or enters a PIN to complete the login.

"In addition to ensuring that the legitimate user is logging in, PhoneFactor can verify specific online transactions, protecting against man-in-the-middle attacks from malware like Clampi and ZeuS, all through an out-of-band channel," PhoneFactor added.

In May 2010, the company partnered with Fiserv to integrate PhoneFactor's technology into Fiserv's own authentication tool, called Intelligent Authentication. Fiserv, which provides processing services primarily to financial institutions (FIs), said its integration with PhoneFactor allowed FIs to offer "both passive and active user authentication options in addition to a traditional user name and password, reducing the risk of fraud and identity theft in the online channel."

In November 2011, First Midwest Bank, which operates bank branches and ATMs in Illinois, northwestern Indiana and eastern Iowa, reported that it had integrated PhoneFactor into its security infrastructure. At the time, the bank said the additional protection "afforded by this new service was validated within a few weeks after it was enabled, as it successfully thwarted a number of attempts by attackers on clients' accounts."

In October 2012, Microsoft acquired PhoneFactor and offered it as a standalone product to complement the technology giant's Windows Azure Active Directory solution, a cloud-based service that provides identity and access capabilities for Windows software applications.

Multifraud

StrikeForce characterized its out-of-band user authentication technology as critical in the increasingly difficult fight against fraud. "This increase in cyber-attacks and the strengthening of regulations, such as the FFIEC [Federal Financial Institutions Examination Council] in the financial market and HIPAA [Health Insurance Portability and Accountability Act] HiTech and Electronic Protected Healthcare Information (ePHI) in the health care market, are prompting an exponential increase in the use of out-of-band authentication," the company said.

StrikeForce filed the lawsuit in the U.S. District Court for the District of Delaware in Wilmington and retained the law firm of Blank Rome LLP to represent it in the litigation. StrikeForce Chief Executive Officer Mark L. Kay said, "We will take whatever action is necessary to protect our intellectual property rights and maximize shareholder value." end of article

Editor's Note:

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

Facebook
Twitter
LinkedIn
2024 2023 2022 2021 2020 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007
A Thing