Device profiling will scan customers' 'digital DNA'
An Internet access verification system that checks online users’ so-called ‘Digital DNA’ is claiming to offer a more flexible approach to account security.
French solutions provider Mobilegov’s Digital DNA package takes a ‘fingerprint’ of client devices by logging their unique characteristics at component level. These can include hardware registrations or system configurations; Digital DNA can also taking a fingerprint reading from a plug-in device like a USB stick.
The software then uses this data to form a stored DNA ‘profile’ of the user device that is matched against users when they connect to their account. Any number of components can be used to make-up the profile, Mobilegov says. If the profile does not match the client device, then access is denied.
Digital DNA is unique, like the Deoxyribonucleic acid molecules that store information about human genetic blueprints, says Michel Frenkiel, president & chairman of Mobilegov: “It does not replace conventional username/password bases security. It is an additional layer of authentication”.
Digital DNA can also be deployed to block attempts at illicit access where it detects profile characteristics that match those of a malevolent source (i.e., those of a hacker).
“The system has advantages over dedicated access authentication devices – such as bank-issued smartcards, tokens or readers – because in the event of loss or misappropriation of the client device, bank customers are more likely to sooner realise that the device is missing,” adds Mobilegov’s Frenkiel.
Digital DNA is being evaluated by the Federal Chancellery of Austria to see if it could also be used in conjunction with national e-ID card for its staff authentication. The solution is being sold in the UK by IT continuity firm ToroTech.