Monday, April 1, 2013
Patent number 7,870,599, called the "599 Patent," is titled Multichannel Device Utilizing A Centralized Out-of-Band Authentication System (COBAS). StrikeForce said the patent, granted by the United States Patent and Trademark Office in January 2011, and reissued the following December, "relates to several key technologies underlying a multichannel security system for granting and denying access to a host computer in response to a demand from an access-seeking individual and computer."
StrikeForce uses COBAS in its ProtectID authentication product, which, according to the FAQ on its website, can be employed in mobile device environments. "Methods that are used include, for example, receiving a call and entering a PIN number or one-time password (OTP) on a phone-type device," StrikeForce said. "This approach leverages a [second] network for entering or receiving passwords, which locks out hackers – even if they have your username and password."
PhoneFactor, a Microsoft Corp. subsidiary based in Overland Park, Kan., also offers multifactor out-of-band authentication software. PhoneFactor said its technology involves placing an automated call to the online banking user during login; the user answers the call and presses # on the mobile device or enters a PIN to complete the login.
"In addition to ensuring that the legitimate user is logging in, PhoneFactor can verify specific online transactions, protecting against man-in-the-middle attacks from malware like Clampi and ZeuS, all through an out-of-band channel," PhoneFactor added.
In May 2010, the company partnered with Fiserv to integrate PhoneFactor's technology into Fiserv's own authentication tool, called Intelligent Authentication. Fiserv, which provides processing services primarily to financial institutions (FIs), said its integration with PhoneFactor allowed FIs to offer "both passive and active user authentication options in addition to a traditional user name and password, reducing the risk of fraud and identity theft in the online channel."
In November 2011, First Midwest Bank, which operates bank branches and ATMs in Illinois, northwestern Indiana and eastern Iowa, reported that it had integrated PhoneFactor into its security infrastructure. At the time, the bank said the additional protection "afforded by this new service was validated within a few weeks after it was enabled, as it successfully thwarted a number of attempts by attackers on clients' accounts."
In October 2012, Microsoft acquired PhoneFactor and offered it as a standalone product to complement the technology giant's Windows Azure Active Directory solution, a cloud-based service that provides identity and access capabilities for Windows software applications.
StrikeForce characterized its out-of-band user authentication technology as critical in the increasingly difficult fight against fraud. "This increase in cyber-attacks and the strengthening of regulations, such as the FFIEC [Federal Financial Institutions Examination Council] in the financial market and HIPAA [Health Insurance Portability and Accountability Act] HiTech and Electronic Protected Healthcare Information (ePHI) in the health care market, are prompting an exponential increase in the use of out-of-band authentication," the company said.
StrikeForce filed the lawsuit in the U.S. District Court for the District of Delaware in Wilmington and retained the law firm of Blank Rome LLP to represent it in the litigation. StrikeForce Chief Executive Officer Mark L. Kay said, "We will take whatever action is necessary to protect our intellectual property rights and maximize shareholder value."
Editor's Note:
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.