Trusted identity, the next security solution

Giovanni Verhaeghe,

Nowadays it is common practice to log on to websites and applications using a username and static password. But have we ever asked ourselves why?  You’d probably reply that the answer is obvious: we want to protect our personal information and credentials from falling into another’s hands. It is something mankind has been doing for thousands of years: to protect their valuables. Whereas in the Middle Ages huge belfries were built to safeguard important documents, we now protect our confidential information online with a password.

The evolution from belfries, physical keys to digital PINs is a natural one. I believe this evolution is far from over and will continue to evolve in decades to come. Static passwords are still widely in use but are in face, out of date. They no longer offer sufficient protection against today’s threats. Dynamic, ever changing passwords offer a higher level of security as they cannot be intercepted and reused by fraudsters.

New techniques are on the rise and combinations of passwords and behavioral, contextual, and risk/ fraud scoring mechanisms are introduced. These scoring mechanisms form in fact a sort of decision engine, an authentication process which is completed in the back-end, often without the user knowing it.

A trusted identity becomes key, and not only to secure online and mobile applications.

Let me give you an example: you are logging on to a mobile application that contains sensitive information. Therefore, access to that app is protected with a password. You enter the correct password and access is granted. That’s the part you can see. In the back-end, however, the app may have determined that you are indeed logging on at a certain time from a certain place that is ‘safe’. If you usually log on from home and all of a sudden would try to log on when in Japan, the system would raise red flags. This is called ‘proof of presence’ and can be a part of such a scoring system.

High-risk applications (containing sensitive data or large transaction amounts) will use combined security solutions that make use of more stringent security measures such as electronic signatures, one-time password or PKI technology.

A trusted identity becomes key, and not only to secure online and mobile applications.

Giovanni Verhaeghe is Vice President Corporate Development and Hardware Operations for OneSpan. He joined the company in 2000 and was instrumental in driving the company’s significant growth. Giovanni has served as OneSpan’s Director of Product and Product Management and more recently as Director of Corporate Strategy and IPR. He established OneSpan’s Innovation Centers in Cambridge and Brussels. Prior to joining OneSpan, Giovanni was IT-Manager at Vinçotte, a company specialized in safety