frontone our new and different solutions
TRANSCRIPT
Digital Security& Privacy
Redefined
Digital Risks&Opportunities
Risks
Electronic & Identity Fraud
Cyber Attacks, Espionage
Rapidly Changing Business
Environments
Competitive Landscape
Opportunities
New & Secure Digital Identity
New Hack-Resistant Security
Platform
Protects: Users Transactions;
Communications and Digital
Assets
Built-in Security: Apps; Cloud
Services;Internet &Mobile
Payments…etc
The Whole Solution
• FrontOnetakes care of security across all layers and all
components facilitating a digital exchange under one unified
platform.
• Digital Identity: Dynamic; Non-Transferable
• Authentication: Continuous Mutual Authentication
• Data Verification: Device Centric Digital Signature – Offers of a
physical element activated by user action.
• Data Protection: Encryption key is unique for each dataset.
Access to protected data is bi-directional requiring action from both
server and client. Add our patented 3A-Key for a true end-to-end
security solution that is hard to match.
Digital Identity
• Others• Static Identities: Password or One Time Password
• Vulnerabilities:Phishing, Malware, etc
• Fact:Cyber Criminals – HAVE MASTERED THE ART OF
STEALING DIGITAL IDENTITIES.
• FrontOne• Dynamic Identity: PHISHING & MALWARE - DEFEATED
Authentication• Others
• Login – One Time User Authentication
• Vulnerabilities:Authenticated Session - HIJACKED
• Fact: HACKERS CIRCUMVENT TWO-FACTOR STRONG
AUTHENTICATION – WITH EACH PASSING DAY TWO-
FACTOR AUTHENTICATION BECOMES INCREASINGLY
LESS SECURE.
• FrontOne• Continuous Mutual Authentication: MAN IN THE MIDDLE, MAN
IN THE BROWSER - DEFEATED
Data Verification
• Others• Out Of Band Verification
• Vulnerabilities:Data Leaks, Vishing, Man In The Mobile,
etc.
• Fact:ZeuS, SpyeyeMitmo found in the wild, attack banks
• FrontOne• User Authorization At Personal Device: NO DATA LEAKS -
VISHING &MITMo - DEFEATED
Data Protection
• Others• Transparent Data Encryption
• Vulnerabilities:Level 7 Attacks and Security Breaches
• Consensus:IF YOU ARE TARGETED YOU WILL BE BREACHED
• FrontOne• Dynamic, User Centric Security Key Management
&Controls:Systematic Failure Is Prevented – The Risks Of
Security Breaches Are Mitigated
Secure End to End
• User End– 3AKey: USB HID Key (no
storage)– Smartphone App (Virtual
Connection)• Application Server End
– Zero Knowledge proof API• JANUS Server/Service End
– Random, Dynamic Element– User Centric Data Protection
FrontOne Innovations
• “Future Proofs” its solutions by introducing a dynamic elementinto every transaction thereby outmaneuvering adversaries.
• Provides a secure conduit between a user, FrontOne’s Server and Content/Service Provider that allows a ‘zero knowledge’ digital exchange to be complete with a high level of security and confidentially.
• Mitigates the risks of unauthorized access to protected data by introducing user/device centric key management.
• FrontOne empowers organizations and users to take charge and be in control of digital identities, assets and transactions.
FrontOne Digital Signature
Message
Hash
FrontOne
Digital Signat
ure
Dynamic
Key
Hash
SIDCert
Important note: The data may be the same but our digital signature is not!
ADynamic Element In Every Transaction – Outmaneuvers Adversaries
Privacy Preserving Identification
User/ 3AKey
Service Provider
JANUS
Ea:>> Identity TokenSecure signaling path (if & when required)
Zero Knowledge
Proof
JANUS API
Application business
logic B>>U
serID, S
PID
C:<<A
ccess Token
F:>>userID, Identity Token
G:<<A
ccess Status
A:>
>Use
rID, r
eque
st
D:<
<Acc
ess
Toke
n
E:>
>Ide
ntity
Tok
en
H<<
Ser
vice
The Why, What and How
• Why We Need Something Better
1. Identity Theft:Phishing, Key-Logger, Malware …
2. Financial Fraud - Financial Malware,MITM, MITMO…
3. IP and Data Theft - APT, Zero Days, Insider…
4. Commercial Espionages and Economic Terrorists …
• What We have Done and How
Security Feature ComparisonProduct Name/
Feature Description3AKEY or SmartKey
Smartcard USB PKI
OTP Token
PKI Certificate
Strong Authentication (2FA) Y Y YMultiple Credential Support Y YTwo-Way Authentication Y Y YProtect Against Client Side Attacks YOffline Mutual Authentication YTransaction Signing Y Y YTransaction Verification YServer Task Authorization YUser-Centric Key For Data Protection YDevice ID& Verification YPhysical Control (not accessible digitally)
Y
Applications
• FrontOne’s Dynamic Digital Identity (ZERO KNOWLEDGE) – With simplistic user controls, here is the value proposition:
1. New hack-resistant digital identities for cloud and enterprise applications.
2. Advanced transaction security in internet banking and “card not present” transactions.
3. Advanced Data Protection for Enterprise &The Cloud
4. Advanced Mobile Payment Solution
5. Secure Electronic Voting
6. Many other digital security, privacy compliance and risk mitigation applications
FAQ - 1
• How is your solution compared with others?
Traditional layered security has limited effectiveness against new and emerging threats as attackers exploit weaknesses between uncoordinated layers to steal data or modify transactions.
FrontOne provides a unified security platform that delivers true end-to-end security. It starts by providing a secure digital credential, followed by continuous authentication with device centric data protection ultimately giving a user the final say in authentication.
FAQ - 2
• Will your solution protect users and transactions if a system is already infected?
1. Yes.
2. FrontOne provides true end-to-end security without being dependent. It has been designed with the assumption that a user’s computer has been compromised with unknown malware or may be at a future date.
3. Our solution provides a secure transaction environment for a broad range of applications.
FAQ - 3
• What about x.509 or PKI, isn’t it the best?
1. This technology is based on trust whereas FrontOne’s solution takes trust out of the equation. Our solution returns security and control to our clients.
2. Compliance is not equal to security.Most if not all companies that suffered security breaches were in “compliance” before falling victim to attacks.
3. Both x.509 are PKI are dumb in that they react to commands. There is no active authentication.
4. Extremely vulnerable to padding oracle attacks (recovers private certificate from physical device).
Are we finally ready to accept that the certificate system is completely broken?
