Whether you know it or not, you have probably been a victim of cybercrime! In a 2009 study, 90% of respondents said their company experienced a computer security incident within the past 12 months. An amazing 340,242,628 records containing personal information has been lost or stolen since January 2005 and every three seconds another identity is stolen.  In April 2009, President Obama stated “It’s been estimated that last year alone, cyber criminals stole intellectual property from businesses worldwide worth up to $1 trillion.”

Recent studies state that the average number of records compromised in a single incident is 431,077 and the average company cost of a data breach has risen to $194 per customer record.  Symantec found that in 2011, the average 2011 cost per incident of a data breach in the United States was $5.5 million, and lost business amounted to an average of $3.01 million.  

Breach Date	Company	Consequences
Mar 2012	Mastercard/Visa	10 million records compromised – cost not determined
Jun 2011	Sony Pictures	Hackers obtained over one million Sony customer unencrypted passwords
Apr 2011	Sony	101.6 million records compromised; 12 million unencrypted credit card numbers
Apr 2011	WordPress	18 million records compromised; Data includes source code, API code, and social media passwords
Apr 2011	Texas Comptroller’s Office	3.5 million records compromised; Two class action lawsuits have been filed
Mar 2011	Health Net Inc., International Business Machines (IBM)	1.9 million records compromised; 9 disc drives containing sensitive health information missing from Health Net’s data center
Dec 2010	American Honda Motor	4.9 millions records compromised
Dec 2009	RBS Worldpay	$9 million stolen in a single day; Lawsuits filed
May 2009	Virginia Dept. of Health	$10,000,000 ransom demand & mailing individual notifications to 530,000 people

More notable breaches:

• ChoicePoint settles data security breach charges; pays $10 million in civil penalties, $5 million for consumer redress.  At least 800 cases of identity theft arose from company’s data breach.
• The TJX Companies Inc. experienced an “unauthorized intrusion” into its computer systems.   TJX has reported the cost to date at approximately $250 million.

Why are we at risk of a data breach?   
Verizon in their 2009 Data Breach Report investigations, Verizon lists:

• 74% resulted from external sources
• 20% caused by insiders
• 32% implicated business partners
• 39% involved multiple parties
• 67% aided by significant errors
• 64% resulted from hacking
• 38% utilized malware
• 22% involved privilege misuse

Still think your world class organization is secure and protected?

Since we cannot eliminate the weak link – human fallibility, the only viable solution needs to ensure that errors and omissions do not result in compromised access. The most secure environment is one where it is useless to steal, loan, or copy the credentials. Each and every use of the credentials should be validated for proof that is in genuine, that it offers the same assurance as an in-person physical identification. Real-time authentication is needed that identifies the physical person. In order that authentication uniquely identifies an individual at the moment of login, replay must be immediately rejected, denying access.

Positive identification removes the threat of negligent insiders; those well-meaning employees that pass their credentials to fellow employees, or worse yet, write down the myriad of passwords in a handy place for others to view. Imagine attempting to break into an account where the credentials you have are useless. Keyboard loggers, spyware, malware, phishing, man-in-the-middle, social networking scams, etc… would all be thwarted by requiring positive identification.

Veritrix’s patented Multichannel, Multifactor Authentication is a human identification technology that employs a number of biometrics, speech and communications technologies to verify identity the same way humans do. The Sovay login process is quick and simple.

• Enter username
• Receive a prompt
• Face your webcam and speak

Great care should be taken in storing biometrics, but we should all recognize that protecting any data from the malicious insider is nearly impossible. The best option is to store biometrics that cannot be used for account access.

IT organizations will spend a bundle replacing obsolete password technology in favor of more secure authentication methods. Password technology is fundamentally flawed in that a password can be copied and therefore stolen and shared. Because of the replay flaw, passwords don’t identify the user. The same flaw can be said of many other technologies including tokens, smartcards and even biometrics. Without a method of determining if authentication data is genuine, biometrics and other technologies are no more secure than a password.

The Most Innovative and Thorough Technology For Verifying and Identifying A Computer User, Authenticates the Authentication Data.

Biometrics identifies unique characteristics of a person. Determining if a biometrics sample is live at the moment of login is key to securely implementing biometrics. Many static biometrics such as fingerprint, iris scans and other image based biometrics can uniquely identify a person as long as the sample can itself be authenticated to be genuine. Unfortunately, attended operation of scanners is not practical. Let’s face it, fingerprint and iris scanners are also too expensive to consider on a large scale.

Other biometrics technology including face and voice recognition can be captured using inexpensive and widely deployed webcams and microphones. Like the aforementioned scanning technologies malicious insiders and other criminals can obtain copies of pictures and voice recordings leaving security engineers with the problem of authenticating the authentication data.

Any ol’ sample of someone’s voice may be ok to access you recipes online, but for big money transfers, probably not. Determining that a voice sample was spoken for the sole purpose of the current authentication must be at the heart of your authentication technology. Of course, that goes for all modalities, not just voice.

Independent of the problem of determining if biometrics samples are genuine, there is the problem of convenience. Users find it easy to submit samples in the quiet of their well-lit office. In the real world, the roar of jet engines and the dark of the Porsche-office can pose significant challenges for users.

An approach including numerous modalities can mitigate many of these challenges in combination with algorithms that payoff with one of the modalities passing. Implementing “OR” logic can significantly increase the frequency of successful positive identification in the real world as opposed to strict fusion scores. For instance, allowing genuine voice identification or genuine face recognition will allow users to be identified in poorly lit or noisy venues.

Perhaps equally important is the notion of using multiple biometrics engines to run against the same sample. Each vendor offers different advantages. For instance, some voice recognition vendors have better noise suppression while others have focused on removing electronic signatures from samples. Depending on the user’s noisy environment or microphone, different signal processing gives the user a better experience.

Adding face recognition to mix can provide a useful alternative to voice recognition when a good audio sample is difficult to obtain. Facial recognition from a genuine sample is also a significant deterrent to the malicious insider. Having your picture on six o’clock new is not usually a goal of the criminally minded.

Of course, the key to successful user identification must start with genuine samples and not replays. When deciding on any security system, one must consider the possible actions of the malicious insider. We should assume that insiders can gain access to samples. If those samples can be replayed to gain access to accounts, then the system is not secure. We should also assume malicious insider will give self-samples to coconspirators leaving the system with no way to identify perpetrators. Anonymity continues to invite the criminals to the crime scene.

To learn more about Veritrix solutions, please contact sales@veritrix.com.

Is it Sovay or replay?

A study by CERT® offers the following insider cybercrime observations:

• “Many insiders exhibited a sense of entitlement to the information they stole. Insiders generally disregarded IP agreements (44%).”
• “Many Entitled Independents showed signs of dissatisfaction with some aspect of their job, often compensation, benefits, or promotions (39%).”
• “Most insiders were involved with significant planning activities more than a month before resignation. (59%).”
• “Some insiders started stealing information more than one month prior to their departure. (21%).”
• “Most insiders stole at least some information within a month of resignation (65%).”
• “Most insiders stole information in their area of job responsibility (74%), and many at least partially developed the information and/or product stolen (41%).”
• “In a third of the cases (33%), the insider used the information to get a new job or to benefit his new employer in some way.”

Whether it is viewed as a crime without punishment, that they are really entitled to the information that they helped create or that copying data is not really a crime; malicious insiders are a very serious threat to the health of the organization.  Most IT security executives rightly view the malicious insiders as the most difficult cybercrime problem.  After all, the trusted insider has been granted legitimate access to the intellectual property.   So how do you prevent or deter them from misbehaving?

We need to change everyone’s view that it is a crime without punishment. In 40% of the incidents the individual could not be identified committing the eCrime and in 39% there was a lack of sufficient evidence to prosecute.  By providing an evidentiary capability and convincing everyone that they will be conclusively identified criminals might think twice and might get prosecuted.  Positive identification is the foundation needed to change the dynamic.  A conclusive A/V audit record with biometric identification of the individual, such as Sovay Authentication, is a great deterrent.  Criminals do not want to get caught and are easily deterred when they believe there will be conclusive evidence to their crime.

Read more about How Sovay ID works

Real-time authentication is that familiar process of being identified as an authorized user as immediately as the system can perform the verification.  The instant identification is in contrast to a trip to the department of motor vehicles and submitting your credentials, having a person check the information and sends you the results by USPS mail. In both of these scenarios you are in control of the credentials. It is not hard to understand that the computer username/password invention was modeled after the paper systems that preceded it.

Online account access almost always provides real-time authentication.  Entering the username and password and gaining access to an application is an example of real-time authentication.

Once access to the application has been granted, users enjoy the authorized services.  For instance, using real-time authentication to access your online banking application may give you the ability to check balances, transfer funds, etc. but not add a signatory to the account.  Adding a signatory to the account requires the signatory to make that trip to the bank and identify themselves.

Given the honest nature of people and the fact that a new signatory of an account must show up at the bank, most think that there wouldn’t be much fraud with in-person identity verification.

Real-time authentication is needed that offers the same assurance as in person physical identification. That was problematic for remote or unattended authentication. Fortunately the technology has improved and the cost has subsided to allow for a user identification using common place commodity hardware and biometrics based solutions. While biometrics can verify that the submission was made by an individual, it still cannot determine when the submission was collected. Real-time identification must include verifying the submission is live.

Learn How Our Out-Of-Band Authentication Solutions Help Protect User Identity

How it works:

The authenticating user answers a knowledge questions and speaks a random phrase unique to each login and sent to the user OOB.  There is no way a hacker can know how to response.  Malicious insiders still pose a threat even with this method, a tough problem to be sure.

The biometric submission is analyzed with a collection of technologies including voice, face and speech recognition. The Sovay process biometrically identifies the person in the A/V submission and confirms the user is live by transcribing the random, real-time spoken phrases. This biometrics and speech recognition approach to real-time identification helps prevent unauthorized access. Add in algorithms to thwat man-in-the-iddle attacks and we’re talking identification.

The malicious insider must speak the response and the combined use of voice and speech recognition ensure they spoke in the current login.  Using algorithms that thwart man-in-the-middle attacks the malicious insider can’t pass control the another machine and pass the blame; they’ve been identified.

Most user authentication is accomplished by comparing the attributes of the presented credentials to what is known. Therein lies the fundamental problem: If it is previously known it can be discovered, deduced, copied, stolen or borrowed. Unfortunately, authentication does not provide human identification; merely account identification.

Read About How Veritrix’s Technology Protects Your Enterprise Data

It is certainly true that all individuals and organizations wish to prevent the various forms of cybercrime (identity theft, intellectual property theft, data breaches, etc.). Password-based authentication schemes are the most widely used solution for authenticating users. Password protection provides sufficient security for many use cases and the login procedure is familiar to all users. For an increasing number of use cases, password protection is not sufficient. Organizations have been forced to seek out stronger security methods.

Risk Based Authentication (RBA) was introduced many years ago in physical plant security and is now widely accepted in online authentication; higher risk access must be met with higher level authentication.  Accessing recipes online has low risk and password authentication is sufficient.  Transferring millions of dollars to offshore accounts is high risk and must be met with stronger authentication.

Attempts at Stronger Authentication have included adding factors, hardware and channels. The multifactor method often incorporates combining elements from something you know, something you have and something you are. These factors ultimately compare the attributes of the presented credentials to what is previously known. Again, if it is previously known it can be discovered, deduced, copied, stolen or loaned.

Biometrics based solutions have the potential to deliver on the need for user identification. These solutions compare a biometrics submission to templates that determines if a recording contains the attributes of the enrolled person.  Biometrics methods cannot determine when a recording was made and therefore must be augmented with a liveness test.

As noted, most authentication efforts have proven unsuccessful. A recent survey reported that the average company experiences more than one successful attack per week. False identities, Malware, Phishing, Man in the Middle, etc. attacks allow unauthorized access by falsifying credentials. Thwarting these attacks requires live identification.

To deliver high assurance human identification requires:

• Secure Communications (thwart man-in-the-middle attacks)
• Real-time Identification (thwart replay attacks)

The state of the art identification solutions provide proof of identity by requiring submissions to pass a liveness test and an human identification test.  Both tests can be satisfied in a single submission by requiring the user to speak a randomly selected phrase.  In this case, the submission can be evaluated using voice and speech recognition.

The system can be further secured from external threats by having the user speak an answer to a question only known to them.

Using a second channel, i.e. cell phone for communication prevents external hackers from determining what to say.

The resulting Multichannel, Multifactor Authentication solution provides precise, cost-effective, user-pleasing identification that facilitates wide deployment. Read more about Sovay Authentication.

So, when is it a good idea to remove your anonymity?  When is it best for you to be clearly identified as the “real”you?  We’ve identified three areas in which Sovay technology from Veritrix can protect and enhance the on-line experience by positively identifying you as a unique individual every time you log on.

Responsible behavior

It’s human nature to feel more responsible for your actions when others know it’s you who is acting that way. Removing anonymity encourages responsible people to be responsible to themselves and to one another. That can build trust between individuals and strengthen entire communities.

Those who choose to act irresponsibly, even criminally, will think twice about their behavior, since they know they can be positively, irrefutably linked to their actions –even if they try to hide behind multiple identities. With their anonymity gone, those kicked out of a social network cannot return with a new alias.  Sovay technology makes sure such offenders are locked out for good.

Important communications

All parties must be absolutely sure of the exact person who delivers a service and the exact person who receives it.  Sovay technology not only enables on-line consultations with well-paid, credentialed professionals (like attorneys or medical specialists), but also ensures the validity of business or press contact with high-profile individuals (like celebrities or politicians).

One person, one identity

Sovay’s innovative technology enables secure, accurate electronic voter identification as well as verified online input by identified individuals into all phases of government.  In the public sector, ensuring each voting citizen has a single, unique identity is critical to the electoral process.  No one can be permitted to masquerade as someone else, and no one should be able to use multiple identities or multiple venues to vote more than once.

And the same Sovay technology can stifle identity fraud and secure medical records.  On social networks, community is built where anonymity is removed.  Similarly relationships are built between consumers and businesses.  Trust is built when each party knows the other and imposters are not allowed.

Sovay technology can be applied as the sole authentication mechanism or as an enhancement to other security schemes.  In tandem with new approaches that allow users to put all their identity “eggs”in one basket, Sovay can eliminate the risks inherent with the use of a single sign-on across multiple sites and multiple accounts.

“Fool me once, shame on you.  Fool me twice, shame on me.”

Once an individual has gone through a simple, on-line registration process using Sovay technology, he or she can no longer hide behind a cloak of anonymity.  With a wide range of applications across the Internet, Sovay technology removes anonymity when it counts the most.

We will examine a few biometric technologies, but the most useful ones, by far, can be operated over the Internet, supporting self-service account creation using commodity hardware and software.  The best biometrics are ones that: (1) people will use; (2) will not accept replay; and (3) others can use to identify fraudsters.

Biometrics uniquely identify you to a computer system.  For instance, no one else has your fingerprint, palm-print, voice-print, facial characteristics, retinal vein patterns, infrared signatures, keyboard typing speeds, or penmanship.

Great care should be taken when storing biometrics.  If someone was able to copy a biometric sample it could be used in an authentication.  Biometrics can’t determine when a sample was generated.

The best biometrics are ones whose samples can be dated in some way.  In other words, biometrics samples must be rendered useless after they have been used in an authentication.  Imagine if someone got hold of your fingerprint. First, it’s hard to change your fingerprint.  Assuming you haven’t changed your fingerprint, the stolen fingerprint could be used in subsequent authentications in perpetuity.

Voice Recognition is powerful when used with real-time generated phrases that the user must speak.  In combination with Speech Recognition and unique, non-successive phrases, the user can positively identify the user.  Without Speech Recognition and unique phrases, the system might be authenticating a playback, or copy, of biometric data.

Face Recognition is powerful when used with real-time generated phrases that the user must speak.  In combination with Audio/Video Speech Recognition and unique, non-successive phrases the user can positively identify the user.  Without Speech Recognition and unique phrases, the system might be authenticating a playback, or copy, of biometric data.

Identification of the physical person has great benefits to you in two ways.  Firstly, nobody can break into your accounts, and secondly, criminals can be deterred from creating new accounts under an alias (and physical identification can aid in criminal prosecution).

1.1   Convenience

There are lots of fast and easy to use biometrics, including fingerprints and facial and voice recognition.  But a few can be eliminated from our “best”list because people don’t want to use them.  Some retinal scanners require a puff of air and expensive specialized equipment, and many people find putting their face in contact with the scanning machines a great way to spread disease.  Contact palm readers are even more likely to spread germs, bacteria and viruses.  Fingerprint readers such as those on your Personal Computer (PC) might be acceptable, presuming you would be the only one using it.

1.2   Secure

Fingerprints and facial recognition software are vulnerable to replays and reproductions. There are various ways to verify that a sample is not a replay, and the strongest authentication technology will ensure that the biometrics being presented for authentication are genuine, not replicas or replays.

1.3   Identifies the Person to Everyone

Many technologies can be ruled out of our “best”list since it takes an expert to decipher the biometrics such as fingerprints.  The average person can’t differentiate a trusted user from a criminal based on glancing at their index finger, and, since fingerprints can be easily manufactured, fingerprint recognition software simply can’t provide irrefutable authentication.

2   Usability

An important factor in the acceptance of biometric technologies is its usability.  Palm readers, for instance, have met with early replacement due to employee revolts; there are simply not enough sanitary wipes around when you need one.

Since everyone is familiar with passwords, a good measure of usability can be derived by comparing a few attributes of password usability versus biometric technologies.

Attributes of Usability

A significant problem with passwords is remembering them.  If having to change your password each month doesn’t drive you crazy, the character requirements will.  Let’s see, does this one require 8 characters including punctuation, a number, and a capital letter?  And can I use it again after 3 changes?  The very problem with passwords, though, is that the authenticating computer system can’t tell who typed in the password and therefore passwords are subject to theft.

Fingerprints can work well as an identifier, but only if used in combination with secure connections, virus protection and a small cadre of other safeguards.

On the positive side, video cameras are in use at every convenience store and bank across the continent.  All of us know how to be seen in front of a camera.  Some like it better than others.  It’s the same with Voice Recognition, everyone knows how to use a microphone. Some like to hear themselves more than others.

3 Verifying the Authentication Data

The trouble with all of the authentication technologies is that it’s difficult to determine if the sample submitted is genuine.  It is not possible to know who actually typed a password or submitted a fingerprint.  There is no advantage to using a biometric sample that cannot be distinguished from a replay.

Besides stealing passwords and replicating fingerprints, scammers can create accounts — and an identity — using fake data. In the case of a criminal using a recorded biometric, they can assume someone else’s identity, avoiding prosecution and making someone else’s life miserable.

On the other hand, audio/video data can be verified and determined to be genuine — not a replay.

4 Uniquely Identifying a Person

We need look no further than the last presidential campaign to know that our privacy, finances and relationships are potentially at risk; anyone can be impersonated with password protection.  Hackers don’t discriminate between political parties or gender; both Sarah Palin’s Yahoo mail account and Barack Obama’s Twitter account fell victim to security breach.

The demand to uniquely identify ourselves during login is the natural consequence of the failed attempts to authenticate using “things we have” that can be stolen, “things we know” that others can discover or some combination of the two.  The combination of something you know and something you have is sometimes referred to as two factor authentication.  For some limited applications, two-factor authentication can work.  At the end of the authentication, however, the system can’t verify that it’s you and not a co-worker or maybe a close relative.

Biometrics are in wide use for many proctored applications.  Clear®, the retinal scanning technology is used in some major airports.  This system works because of the constant presence of a third-party trusted person.  A user submits a reference sample during the enrollment process in the presence of a trusted individual.  Once enrolled, the user goes to the airport and submits their eye to a reader in the presence of a trusted individual.  Because all the biometric submissions are performed in the presence of a trusted individual, all of the submissions are known to be genuine.

5 Verifying the Verification Data

Is it possible to determine if a biometrics sample is genuine without a trusted person present and watching?

Biometrics have a clear advantage over other technologies. No one can impersonate you or login to one of your accounts without genuine biometrics, fraudsters could be identified and prevented from creating accounts.

But not all biometrics can be verified without the presence of a trusted individual.  As a practical matter, mass market applications such as eCommerce, social networks, and on-line banking require self service account creation.  But corporations also benefit from self-service account creation, use of commodity hardware, and software.

A helpful way to think about verifiable/useful biometrics is whether or not the data is changing a little with every sample.  For instance, we humans don’t even say our own names exactly the same every time.  There are variables — background noise, intonation, volume. That type of variable data is dynamic.

Static data, on the other hand, does not change between logins or like passwords, changes sporadically.  Because of this, static data is subject to theft.  This type of data we’ll refer to as static because it doesn’t change very much.  The static data sword cuts two ways:

1. If the static data is captured by a criminal, your account is not safe.
2. Captured data can be passed along to others which means that the person logging in is not tied to the data. This enables impersonation.

Static biometrics that will NOT work for self-service account creation applications — if used without some external verification mechanism — include fingerprints, retinal scan, and facial recognition. Each can be easily replicated by a criminal.

Dynamic technologies, on the other hand, can determine you are you, through behavioral attributes such as your handwriting, your voice, and, via video technology, your face an mannerisms.

But even dynamic technologies need some help to verify if the submitted sample is genuine.

6 The Audio/Video Challenge

Audio/Video (AV) is a win all the way around.

1. It’s easy; A user simply speaks while facing a webcam.
2. It’s fast; A person can be positively identified using AV in just a few seconds.
3. Webcams and microphones are low cost and are already built into most portable computing platforms available to consumers.
4. The AV provides the data for positive identification to everyone.  No expert is required to decipher the data.
5. The most important aspect of AV is that it is verifiable.  With a few spoken words and a little help from some technology borrowed from other disciplines, the speaker can be identified and authenticated for a singular login.

AV can be used to identify a replay.

Veritrix patent-pending Sovay technology can irrefutably identify a person in a few second, using a webcam, a microphone and a popular browser. The user simply speaks a login phrase, which changes for every login, so, no replay is ever accepted. By communicating the prompt for the words via SMS or landline, would-be hackers have a far more difficult time discovering what that phrase is. If a hacker does try, the SMS prompt serves as an instant notification that your account is under attack. If a co-worker or family member borrows your cell phone and tries to login, they are recorded and instantly recognized, and denied access.

Since biometric records can be stored and compared, co-workers, contractors and others with access to your account username can be instantly identified it they attempt to hack into your account; a great deterrent to criminal activity.

For a demonstration of how you can secure your network, please contact sales@veritrix.com and get Sovay.

Veritrix announced today it will be presenting at the CEO Showcase at the Stanford Summit 2010.  Veritrix’ product, Sovay, uniquely identifies users logging into online systems with advanced human identification technology.  Using commodity hardware and patent-pending algorithms, Sovay can’t be spoofed, copied, or stolen; there are no passwords, tokens or smartcards to be passed along.

“Presenting at the CEO Showcase permits us to demonstrate our fast, irrefutable and cost-effective approach to identifying every user, every time.” said Paul Headley, CEO of Veritrix, Inc.  ”Sovay is the first authentication method that deters insiders, and protects high-value transactions and sensitive data.  We are seeking additional partners and funding to bring Sovay into the mainstream enterprise market.”

About Veritrix
Veritrix’ patent-pending techniques uniquely identifies the person authenticating, and empowers the enterprise to control access to their online applications and data. After 50 years of users logging in, Sovay is the only solution that actually identifies the user and not the credentials.  Isn’t it about time?

About AlwaysOn
ALWAYSON ignited the open-media revolution in early 2003 by being the first media brand to launch a global blog network. In 2004, ALWAYSON continued to lead the media industry in innovation by introducing a social network where members can connect and engage. ALWAYSON is also revolutionizing the media business by applying its open-media principles to its executive event series (Summit at Stanford, OnMedia, OnHollywood, OnDC, GoingGreen East and West, Venture Summit East and West) and quarterly print “blogozine” by empowering its members to post and share their ideas and meet each other online. As our loyal readers know, ALWAYSON is committed to the free-market, merit-driven approach to reporting and event programming. No other media brand has dared to create such open interaction with its readers and event participants.

Palo Alto, CA – April 27, 2010 – Veritrix (www.veritrix.com)

Veritrix announced today it has been included in the “Cool Vendors in Identity and Access Management, 2010” report by Gartner, Inc. Veritrix’ product, Sovay, uniquely identifies users logging into online systems with advanced authentication and identification technology.

“We believe inclusion in the Cool Vendor report by Gartner confirms that our approach to identifying the physical person and not just login credentials is resonating with market needs” said Paul Headley, CEO of Veritrix, Inc. “Our product, Sovay, protects access to enterprise assets through irrefutable, human identification. And perhaps most importantly, Sovay deters insiders with a video record of their login.”

Sovay truly enables enterprises to know who is logging in, not just whose credentials are being used. Knowing who is accessing the application or data empowers enterprises to better protect their records and assets. And knowing who, irrefutably, enables the creation of entirely new businesses and markets.

Without having to remember passwords or carry specialty hardware, user’s appreciate how easy it is to login with Sovay. Just face the camera and say the secret phrase and the real-time, random, Sovay phrase.

Providing a scalable, multi-channel, multi-factor authentication method, Sovay can confirm a user’s identity using already deployed commodity systems in just seconds. More information can be found at hollister.veritrix.com. Videos are available on the Resources page.

Sovay is engineered not only to provide an unbeatable human identification solution, but also to provide an authentication framework for the enterprise. Sovay can incorporate legacy and future identification methods, and integrate into IAM solutions.

About Veritrix
Veritrix’ patent-pending techniques uniquely identifies the person authenticating, and empowers the enterprise to control access to their online applications and data. After 50 years of users logging in, Sovay is the only solution that actually identifies the user and not the credentials. Isn’t it about time?

Cool Vendor Disclaimer, Gartner
About Gartner’s Cool Vendors Selection Process
Gartner’s listing does not constitute an exhaustive list of vendors in any given technology area, but rather is designed to highlight interesting, new and innovative vendors, products and services. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness of a particular purpose.

Gartner defines a cool vendor as a company that offers technologies or solutions that are: Innovative, enable users to do things they couldn’t do before; Impactful, have, or will have, business impact (not just technology for the sake of technology); Intriguing, have caught Gartner’s interest or curiosity in approximately the past six months.