Sunday, 14 May 2006

Recently I've been speaking with a lot of reporters and other media-types about the work we at Corillian do on financial services security. It's fun to be taken back to my old journalism days, and I've come to find there are a lot of very smart people out there working the security technology beat. In addition to speaking to the media, I've also been presenting in person at a number of conferences, and have quite a few more coming up over the next several months.

I recently had a chance to speak with one reporter to discuss the state of the industry in terms of online financial services and recent FFIEC mandates on banks to implement strong authentication for their online banking web sites. Eric Norlin is well-known to many, and he writes for some well-respected publications, including Digital ID World and on ZDNet.com. We talked about the risk management components that go into deciding how to solve the authentication problem. The strong authentication software we build at Corillian uses a risk-based model, and Norlin's approach to the story is (I think) spot-on, especially his recognition of the need for an identity-first/identity-risk mechanism:

"Corillian is one of those interesting companies that you hardly ever hear about: several hundred financial institutions as customers; running back-end financial industry specific software; aware of all of the stringent requirements of financial institutions. So, its not like Corillian is just "getting into the game," its more like they're adding to an already deep bench. They're adding their Intelligent Authentication product.

"The interesting thing about Intelligent Authentication is that it begins by recognizing the risk management approach to strong authentication. Accordingly, it uses a variety of methods to authenticate you based upon the interaction (or transaction) that you're having. These methods include: client OS and browser checks, behavioral pattern analysis, geo-location (via a partnership with Quova), challenge and response questions (chosen by the customer), and my favorite - out of band phone authentication (via a partnership with StrikeForce)."

(Link to Eric Norlin's story on ZDNet.com)

He also noted that we at Corillian have already done some early, in-depth work in conjunction with Microsoft integrating a new authentication technology code-named InfoCard, which places the control, proof and credentials used in the authentication process back in the user's hands (in other words, right where they belong) while also helping to solve weak authentication problems. What I especially like about InfoCard is the community support and open-ness, as well and the user/identity-centric approach, which ties directly to Kim Cameron's Laws of Identity and the concept of the Identity Metasystem (an interoperable architecture for identity on the Internet). The security model on the desktop (it will run in Windows XP and 2003 Server and will also ship in Windows Vista) is also very interesting and encouraging. It will be quite interesting to see how, where and when InfoCard is adopted. I'll be speaking and writing here about InfoCard more in the future.



Add/Read: Comments [0]
IT Security | Tech
Sunday, 14 May 2006 00:11:41 (Pacific Standard Time, UTC-08:00)
#  Trackback

Referred by:
http://sunblonatim490.land.ru/ [Referral]
http://search.daum.net/ [Referral]
http://www.jeanstruereligion.org/ [Referral]
http://www.seputarindonesia.com/Bisnis/koeka-zwembroek/ [Referral]
http://www.drebeatsheadphones.org/ [Referral]
http://www.jewelrymart86.com/earring-hoops [Referral]
http://www.jewelrymart86.com/Basketball-Wives-Earrings/ [Referral]
http://www.smartnootropics.com/2012/04/pramiracetam.html [Referral]
http://zwembroekblog.nl/zwembroek/ [Referral]
http://www.extensalighting.com/street-light-poles-lighting-c... [Referral]
http://www.smartnootropics.com/2012/04/anxiety.html%20%7Bsoc... [Referral]
http://zwem-broek.nl/zwembroek-heren [Referral]
http://b4el.ru/user/developers/ [Referral]
http://www.linkstutor.com/user/history/neophorious/ [Referral]
http://movie-jury.com/forum/memberlist.php?mode=viewprofile&... [Referral]
http://www.marinina.ru/forum/memberlist.php?mode=viewprofile... [Referral]
http://o-torrent.com/profile.php?mode=viewprofile&u=1434 [Referral]
http://vmire.us/user/midaskkiii/ [Referral]
http://ramilmemme.livejournal.com/ [Referral]
http://ninydycuna.livejournal.com/ [Referral]
http://paxadiwenv.livejournal.com/ [Referral]

More...
Comments are closed.