HID Global, a secure identity solutions provider, has partnered with behavioral biometrics company BehavioSec to combine BehavioSec's Behaviometrics technology with HID Global's 4TRESS Authentication Server. The joint offering brings a new layer of security to HID Global's Fraud Detection System without sacrificing user convenience by employing behavioral “fingerprints” as an additional authentication mechanism.

Users today increasingly spend time identifying themselves to access digital resources, such as logging into company networks or banking online. Once users log in and cross the first layer of the authentication security perimeter, however, the only factor that ensures they are the same person that logged in is time-based. As long as continuous activity resumes, the application assumes the user is the same person and lets the user remain logged in, presenting a potential security risk.

The integrated 4TRESS Authentication Server and Behaviometrics solution addresses this risk by increasing security at the time of login. If a user's password or OTP token is stolen, but the credentials are not entered the way the user would enter them, login would be impossible. Once logged in, user behavior is continuously monitored to ensure that a third party has not intercepted or taken over the session.

BehavioSec's Behaviometrics solutions can create digital fingerprints of users' ongoing keyboard pressing patterns, including speed, frequency and pressure, when interacting with computer applications and websites. With significant accuracy, the system can detect deviations from a user's normal behavior and whether an attacker takes control of a computer.

By integrating Behaviometrics into the 4TRESS Authentication Server Fraud Detection System, customers can now benefit from:

Improved user experience by using the behavioral “fingerprint” as an authentication mechanism. If the system is confident that a user is who he/she claims to be based on behavior, device type, location and other user-transparent parameters collected and analyzed by the Fraud Detection System, the user will not need to re-authenticate.

Increased security by adding transparent behavioral analysis to user interactions with the application or system, making the initial authentication more secure and provides ongoing protection after the initial login.

Strengthened audit capabilities by capturing deviations in user behavior, which can be useful for forensics studies around internal and external data breaches. It can also help assess whether a session was hijacked or the authenticated user committed the fraud.

Explains BehavioSec co-founder Olov Renberg: “By combining our Behaviometrics technology with HID Global's 4TRESS offering, we can add a new layer of security in a transparent way to deliver a complete solution for risk-based authentication.”