Because more gates doesn’t necessarily mean better security of the fort, so
Based on self-sovereign cryptographic digital identity, I-AM Crypto-ID, the Pi-Control Cryptographic Authentication puts forth a holistic perspective to Multi-Factor Authentication. Cryptography improves the “What you know”, and subsequently improves the other pillars of MFA scheme.
"With the help of Fortytwo Labs Pi-Control and I-AM Cryptographic Authentication technology we’ve successfully upgraded our internal and external user authentication levels"
IT Head at Reputed Bank
MFA Design Definition
Multi-factor authentication (MFA) is one of the most critical aspects of Identity and Access Management. It is often reduced to only means of adding more layers of authentication, by some point solutions.
At the heart of Multi-factor Authentication is the underlying governing information security policy for each digital asset be it applications, service, device or an IoT.
MFA is supposed to reinforce the confidence in the digital system, by increasing the cost of cyber attack on digital identities at the same time simplifying the ability to authenticate and access the digital resources for the right party.
Challenges with MFA Design
Key Pillars of Multi-factors Authentication are,
What you know: A shared secret knowledge
What you have: Another device or thing that you have access to, which is relatable to the current situation
Who you are: Your biometrics, device fingerprint
What you know
What you have
Who you are
While these 3 are supposed to impart incremental authentication security there is a fundamental flaw in the design of the pillars.
The problem with the 3 pillars of MFA in digital is that, as soon as someone gains the access to underlying data of “what you have” (e.g. OTP sent on SMS) and “who you are” (E.g. biometric data), it is reduced to the level of authentication security offered by the first pillar of “What you know”
Cryptographic MFA Differentiator
Key differentiator is a cryptographic wrapper around the "What you Know" level of authentication, in 3 steps
Strengthen “What you know” to “What you never need to know”
With its cryptographic backend, Pi-Control ensures that the shared knowledge in terms of I-AM Crypto-ID handshake need not be humanly understandable for identity verification to happen.
Further this shared knowledge in the form of Crypto-ID handshake changes dynamically as per the context of each instance of authentication.
This way Crypto MFA secures the first pillar of MFA “What you know”.
Fraudsters can’t activate I-AM on other devices without having the knowledge of the cryptography running on the backend.
Pi-Control adds the second level of authentication on top of this improved “what you know” authentication design.
This is a simple Cryptographic consent requested from the user on the I-AM activated device.
It could be a one time token sent on the I-AM activated device to the user.
On device biometric verification can be done using an I-AM activated device by the end user for a third leg of MFA
You can choose the authentication matrix to suit application’s identity security needs. One platform multiple options to extend with simple integration. The Pi-Control Cryptographic MFA has plugins for no-code integration with AD and ADFS
Pi-Control Cryptographic Authentication
Pi-Control is a distributed cryptographic services platform that delivers cryptographic services out of the box. Pi-Control uses I-AM , a self-sovereign cryptographic digital identity technology.
Pi-Control Crypto-Auth is the Cryptographic authenticator suite of solutions delivered from Pi-Control platform. Strong Cryptography with sophisticated digital identity technology platform, allows secure passwordless Cryptographic authentication to any digital enabled application and device. Pi-Control facilitates cryptographic identity onboarding and subsequently enables passwordless, multifactor Cryptographic authentication.