Rick Vanover reviews the Authentify authentification service, which offers an automated solution with an extra authentication factor and a strong audit trail.
Application Service Provider (ASP) company Authentify presents a unique extra factor of critical authentication applications. For most authentication situations, simply a username and a password are involved. Authentify provides a service that adds a step to the transaction — a telephone call is made to the (expected) person attempting to authenticate. This service is principally targeted to the financial, healthcare, and certain e-commerce situations. However, Authentify can be used also for password reset, token issuance, and as an additional factor for other authentication applications.Automated solution with audit trail
The telephone call that is made is made from Authentify's equipment. The telephone number is sent from your internal Web servers to Authentify to complete the transation, and when using the telephone call there is a strong audit trail for the transaction. Also available with the service are biometric comparisons for speech matching during the authentication call to validate the authentication request. The request from the Web transaction can be compared to an approval (password, phrase, or codeword) from the telephone number on file. The Authentify service also can capture an electronic signature that meets the e-sign requirements. Being able to match that with an audio recording is a strong confirmation of the identity being verified.Transfer through network security layers
The Authentify services receive the authentication request through an XML Web service. The basic operation for all of their services resembles the following flowchart:
This security model works well with most network environments and no additional equipment is required for the outbound dialing services. An overview architecture of the service is available from the Authentify website as well as information about all of their services and usage scenarios.