Verid’s service is used to authenticate an individual’s identity, primarily when they sign up for a web site service, using a series of questions that only they should know the answer to. The company calls the process knowledge-based authentication.
KBA is an authentication process of questions being posed to individuals – what are called out-of-wallet questions, questions people would not know the answer to if they stole your wallet, said RSA’s director of marketing Marc Gaffan.
The difference between this and the age-old What was your mother’s maiden name? challenge is that the user does not need to need to have told Verid’s service the answer previously.
All of Verid’s questions and answers are gleaned from regulated public sources, such as property and automobile records, Gaffan said. Once the service knows who the new sign-up claims to be, it can ask them questions about their history.
Verid’s services will be integrated into RSA’s Adaptive Authentication for Web suite of services, which has been around since RSA acquired Cyota in late 2005.
These services are designed to provide several layers of user authentication, based on a pick-n-mix of things users have, things they know, things they recognize and properties of their computer. They are primarily designed for e-commerce sites and banks.
Our View
Mass-market web authentication is the area where RSA’s traditional cash cow – hardware tokens – is least practical and less cost-effective.
The company recognized this years ago and has been building up its portfolio of server-side authentication software, largely through acquisition. After Cyota, the firm acquired PassMark, which offers image-based authentication.
But RSA is still weakest in web biometrics, and it’s not difficult to imagine it eventually swooping for a fringe biometric software firm such as BioPassword or Cogneto, which analyze typing and clicking patterns respectively.
