The role of risk signals is evolving
Historically, risk signals have been used to compensate for the inherent weaknesses of passwords. However, they have proven ineffective against attacks such as adversary-in-the-middle (AITM) and phishing.
With the availability of FIDO (Fast Identity Online) passkeys and security keys, organizations now have access to convenient and robust protection against these threats.
However, new risk signals are needed to address different scenarios, such as:
- 1. Reducing the need for step-up authentication with new devices.
- 2. Prompting users to create passkeys only when there is strong evidence that the legitimate user has signed in.
- 3. Protecting users against advanced and emerging scams.
As an add-on to the Digipass S3 Authentication Software, Digipass Smart Sense leverages AI and machine learning technologies to analyze typical user behavior and generate an anomaly score that can be utilized in the Digipass Rules Engine. This enables organizations to tailor the use of passkeys based on the anomaly score associated with each authentication event.
Adaptive use of passkeys
For example, when the anomaly score is low, indicating that a legitimate user has been authenticated, you can prompt the user to create a passkey through Digipass Registration Rules.
The anomaly score also allows you to set User Verification to “required” in cases where suspicious activity is detected, while maintaining a default setting of “preferred” when no anomalies are present.
This approach strikes the right balance between security and user convenience, particularly for users operating laptops in clamshell mode, where accessing the fingerprint sensor may be difficult.
Additionally, the anomaly score can help determine whether to trigger step-up authentication when a synced passkey is used on a new device for the first time, or when the passkey provider does not supply an authentication intent signal (refer to NIST SP 800-63).
FEATURES AND BENEFITS
Anomaly score
The anomaly score makes it easy to detect and assess anomalous situations.
The anomaly score’s computational model is trained using multiple input signals, including GPS location, network information, device information, and authenticator information.
The anomaly score’s computational model is specific to the individual user. The score requires sufficient data points to produce meaningful results. The availability of a meaningful anomaly score can be checked via the rules engine.
Integration into Digipass Granular Adaptive Policies
Use the anomaly score within the rule conditions of adaptive authentication, to trigger passkey creation or step-up authentication in the case of unknown devices and other situations. The anomaly score can be used in Registration Rules and Authentication Rules.
Requires Digipass Smart Sense with Digipass S3 Authentication Software and Digipass S3 Cloud.
Dry Run
Test rules that use the anomaly scores to assess the expected impact on historic events before deploying rules for production. This can be used to fine-tune the threshold used in rules.
Data Control
Smart Sense processes behavioral signals locally alongside the Digipass S3 Server, allowing organizations to retain full control of the data and models with no cloud dependency.
Smart Sense supported platforms
Cloud platforms: AWS, Microsoft Azure, Google Cloud Platform
Operating systems: Rocky Linux 9, RHEL 8, RHEL 9
Java: Adoptium and Red Hat OpenJDK 17 and 21, Oracle JDK 17, Oracle JDK 21. Python 3.10 or higher
Databases: MySQL 8.0 and 8.4; PostgreSQL 14, 15, and 16; AWS Aurora