TECHNOLOGY: LIVEENSURE® CONTEXTUAL AUTHENTICATION
What is LiveEnsure®?
LiveEnsure® offers a multi-patented intelligent authentication that protects sites, apps and sessions from access by the wrong user. It also protects the genuine users from worrying about their devices or credentials being hacked or stolen and used illegitimately. LiveEnsure® does this by authenticating users in context with a simple scan or tap of their mobile device. It provides multiple factors of trust from a single API without the complexity or overhead of traditional security.
How is it different?
LiveEnsure® holistically verifies multiple factors of security from a single API without handling each individually. These are factors you already know, such as geolocation, time, device IDs, RFID, behavior or biometrics, and challenges or OTPs. However, individual factors can be used in isolation or false contexts to breach an account and gain access. Recent front-page hacks attest to such failings. LiveEnsure® verifies the security factors in context, preventing their use outside of a legitimate setting, even if accurate. It ensures you have authenticated the genuine user and not an imposter.
Give me an example or two.
With LiveEnsure®, the right passwords become useless on the wrong device. Stolen phones offer no passive verification in the wrong hands. OOB tokens sent to a compromised account cannot be used. Push messages can not merely be “acknowledged” to gain access. Files cannot be opened at the wrong time and place. Payments or products cannot be processed by or delivered to the wrong customer or location. Access to websites, apps, devices and even physical locations can be secured by LiveEnsure® authentication.
How does it work?
Developers mashup the API and users install the app on their smart devices. Next, upon login, the site or app calls the LiveEnsure® API with any or all desired factor arguments (biometrics, location, behavior, knowledge, time, etc.). The user scans the code on the screen or taps their mobile to authenticate. There are no push or OOB messages, tokens, keychains, passwords, dongles or reliance on the browser. Upon authentication, both the site/app and the user are mutually informed of the result. If you don’t want to use our mobile app, use yours! LE features embeddable libs for iOS and Android.
I mean, how does it *really* work?
LiveEnsure® mathematically triangulates all the factors at once from more than one perspective. This prevents any prediction, interception or replay by hackers on the device, website or network. Nothing is predicted or replayed, nor any authentication data or identity information sent, stored or seeded on the device. Each context is one-way, universally unique and holistically measured from multiple perspectives without revealing the ingredients of the context to any participant or the channel. In the end, the user is valid, access is legitimate and hackers are confounded.
What do my users have to do?
Users simply download the free app and scan your integrated site or tap the API link at login or access and authenticate according to your rules. Initial registration involves responding to a simple challenge or out-of-band token, or whatever rigor you decide new or existing users must do to prove their content. After that, it’s just a tap or scan. For an even more native experience, mashup our mobile library within your app and LiveEnsure® will simply appear when it’s time to authenticate your user in context, no separate downloads required. It’s that simple.
Awesome. How/where do I get it for my site or app?
LiveEnsure’s® patented approach is the strongest yet simplest way to authenticate mobile users in context across any digital network. It eliminates the need for passwords, captcha and traditional multi-factor solutions. Never before has such authentication power been available in a single API for developers to secure and protect their sessions and users. Get it here.
Authentication is not identity.
LiveEnsure® knows that authentication is different than identity. Identity is usually assigned by another entity and often self-reported in the context of trust. Most sites already suspect who they believe user ID to be. The challenge is to authenticate that ID in context. ID is great for federation, but authentication should remain independent. It’s what you bring to the session as a user, and how you can revoke your ID credentials if need be. Too many solutions conflate ID and authenticity within a single scan, fingerprint, login or cookie. Most solutions don’t understand the difference.
Security factors are not equal.
Not all security factors are made equal. The recent rush to accept and adopt involuntary biometrics as a single-stroke trust ID+authentication panacea has left end users with very few immutable tools to establish, control and revoke their real authenticity in the digital realm. Passwords, push tokens and PINs are useful, but as with biometrics, without context, they are dangerous. Few users know how to rescind a password. None know how to revoke bio or devices. We give users back control over credentials.
Trust has contextual meaning.
The majority of digital ID theft attacks and account takeover breaches are accomplished by hackers with the correct credentials, simply used in the wrong context. Modern systems are never fooled via brute forcing a false authenticity, but rather by effortlessly accept the right credentials from the wrong hands, location, device, time or context. Without context, IDs and security factors are essentially meaningless, as most hacked businesses have found. LiveEnsure® fixes that trust gap.
NEED MORE INFORMATION? Contact us and let’s get together to talk tech.
LiveEnsure® is the contextual authentication company. We develop mobile security technology for web, cloud and apps on iOS and Android.
Trust your crowd in the cloud.
© 2020 LiveEnsure Inc. Patented US/EU.