Biometric Two-Factor Security (aaS): AllWebID Identity Manager

The Apple celeb photo hack has brought renewed attention to the subject of “two-factor authentication.” An interesting development in this area is the recent launch of Identity Manager by AllWebID, a NJ company, seeking to popularize two-factor security – aaS (as a Service.) Identity Manager incorporates the use of biometric factors, initially fingerprint recognition.

We spoke with Adnan Qadeer, CEO and co-founder of AllWeb. He stated that the company has been developing “an ecosystem for biometrics” starting with fingerprint recognition.

The new cloud-based service was launched two months ago and is now in trials with early potential customers. Identity Manager is aimed at enterprise (including SME) accounts, with AllWeb’s focus initially on regulated industries including financial services and healthcare. They also foresee early interest in the ecommerce area and in some government segments.

The service enables two-factor authentication, which may combine a password with a fingerprint scan or, alternatively, a one-time PIN code sent to the user’s device via SMS.

The company is highly focused on biometric factors for adding security. Today that centers on fingerprint recognition. In the future it could be extended to iris scanning or other biometric indicators. Qadeer states that their criterion for deciding which biometrics to employ relies on what is “convenient for the user.” With respect to iris scanning, for example, he notes that the devices are not ready for widespread use.

The user can use wireless input, such as an iPhone or Samsung mobile device with the fingerprint scanning feature, or a PC. The Identity Manager platform has a cross matching capability, so that it can recognize the user even if he later inputs from a different device. Thus the user doesn’t have to register their prints from different devices (even though the devices use different templates for fingerprint recognition.) Currently the system supports seven different fingerprint recognition sensors.

The company maintains its cloud on its own infrastructure, which emphasizes security. They use AES 256 encryption for data storage and 256-bit SSL for data transmission. Qadeer states that they have enough processing power to enable functions such as cross matching in real time.

The company emphasizes a number of claimed features of its platform, which include: ease of integration with the enterprise login workflow; ability of administrators to provision large numbers of accounts quickly; and scalability – as well as its security and reliability.

Pricing is currently $3 per month, per user. This price includes not only the cloud-based service but also an administrative console with features for monitoring and managing usage. AllWeb foresees the potential for usage of Identity Manager not only among the employees, but also the customers and business partners of its enterprise accounts.

AllWeb has also offered a consumer solution, call Password Manager. However, its emphasis going forward is on bringing Identity Manager to the business market. To this end it is in the process of developing distribution channels, including VARs, solution integrators and developers and others. The company currently has 10 employees.

AllWeb appears to have taken a significant step towards making biometrics accessible and easy for the enterprise to incorporate into its security measures. This can be helpful throughout an enterprise, particularly valuable in situations such as personnel changes.

Visit Company Website:

IPhone PSD White 3G” by Justin14Own work. Licensed under CC BY-SA 3.0 via Wikimedia Commons.