Tag Archive for: System

No secrets or stored credentials with Badge’s new authentication system

/in


Badge Inc., a digital privacy firm founded by MIT cryptographers, is celebrating the launch of its patented authentication software, which allows users to enroll once and authenticate across devices thereafter without re-registration. According to a press release, the biometric public key system is easily integrated with leading digital identity providers, and eliminates the risk of centrally stored personal identity information and biometric data being exposed to breaches, thus rendering passwords, knowledge-based authentication (KBA) and biometric credential storage obsolete.

“The problem of storing credentials has vexed the security community for decades,” says Ray Rothrock, Badge advisor, venture capitalist and former CEO of Red Seal. According to Badge, by doing away with stored credentials the system eliminates the target of 49 percent of all data breaches. “The pervasive concern of PII being in the open and unprotected is over,” says Rothrock. “Badge enables identity without secrets.”

The product does so by letting users derive private keys on the fly using their biometrics and factors of choice, without having to rely on hardware tokens or secrets. It also dodges the problem of on-device authentication that locks users to a specific device that can be lost or rendered inoperable, leading to cumbersome account recovery processes. Per the release, users enroll once then “seamlessly authenticate across any device using authentication factors that are unique and inherent to them, including biometric factors such as fingerprint or face. These biometric factors can be combined with other factors such as passive attributes, attestation signals, PINs, etc.,” for an MFA method that does not rely on a specific device or token.

“You are your token”

Tina P. Srivastava, co-founder of Badge and an MIT aerospace PhD, says Badge’s core mission is to move the trust-anchor for digital identities to the human instead of hardware. “After losing my own identity in a breach,” says Srivastava, “we went back to the fundamentals. We relied on math to solve the problem and used cryptography to build a user-centric solution that makes people their own…

Source…

Kansas court system nears ransomware recovery completion

/in


Total recovery from a Russian ransomware attack in October at Kansas’ court system was noted to be imminent by state Supreme Court Chief Justice Marla Luckert following this week’s restoration of its case management system and free public portal for electronic court records, according to The Record, a news site by cybersecurity firm Recorded Future.

While electronic filing is expected to be completely restored during the next two weeks, more advanced defenses have already been set in place to expedite recovery of systems that could be impacted by a future ransomware attack, said Luckert during a State of the Judiciary speech before the state legislature. Luckert also emphasized that ransomware recovery efforts were not accelerated to ensure the safety of its citizens after confirming claims that data had been stolen from its systems.

“As these and other details emerged, it became clear we needed to implement alternative business practices to keep courts running. Courts across the state reverted to old school methods, including paper filings. We communicated to the public about how we used the paper environment,” said Luckert.

Source…

London library officials confirm hackers behind system shutdown

/in


London Public Library officials have confirmed it was a “cyberattack” that has shut down branches and hampered services, damage they’re working to undo with the help of an outside security firm.

Until Wednesday afternoon, they’d only referred to the Dec. 13 shutdown as a “cyber incident” – declining to be more specific amid questions over whether this was akin to the attack by hackers that hit the Toronto Public Library this fall. But a fuller picture of what occurred is now coming clear.

Article content

“The investigation has confirmed that the outage that occurred on Dec. 13 was the result of a cyberattack,” library spokesperson Ellen Hobin said. “At this time, the investigation has not determined whether personal information may be implicated.

“The library has also been communicating with the London Police Service in connection with the attack. It’s anticipated that the investigation and restoration to full operations will take more time.”

The attack shut down three of the 16 library branches and has limited its services. Those three branches – Carson, Lambeth and Glanworth – were closed in the immediate fallout of the incident and will remain closed until Jan. 2.

The statement comes seven days after the incident. It remains unclear whether any data was compromised or lost.

The attack shut down library phone lines, its website, staff emails, its digital catalogue and the public WiFi used by many Londoners who have no other option for internet access.

Related Stories

Article content

One local expert called the cyberattack yet another warning that no publicly funded organization is safe.

“This should be a wake-up call,” technology consultant Carmi Levy said. “Many have not given priority to cyber security awareness. It leaves them more vulnerable.”

Agencies need to take the risks more seriously, including staff training to avoid scams, he said. “More has to be dedicated to preparedness training and deterrence.”

If it is indeed a ransomware attack – in which hackers demand payment in…

Source…

Genesis HealthCare System Builds on its Investment in BIO-key Biometric Authentication Security as it Migrates to Epic Hyperdrive

/in


BIO-key International, Inc.

BIO-key International, Inc.

ZANESVILLE, Ohio and HOLMDEL, N.J., Dec. 14, 2023 (GLOBE NEWSWIRE) — BIO-key® International, Inc. (NASDAQ: BKYI), an innovative provider of workforce and customer Identity and Access Management (IAM) featuring passwordless, phoneless and token-less Identity-Bound Biometric (IBB) authentication solutions, announced that its longstanding customer Genesis HealthCare System, the largest healthcare provider in its six-county region of Ohio, will add BIO-key’s PortalGuard IAM platform to support its existing BIO-key biometric authentication investment as it migrates to Epic Systems’ Hyperdrive end-user application interface. Genesis HealthCare has a network of more than 300 physicians and 4,000 employees across 27 locations.

PortalGuard’s standards-based integration with Hyperdrive allows Genesis HealthCare System to continue enjoying the security and streamlined biometric authentication user experience that BIO-key provides without re-enrolling employees or adopting more cumbersome and expensive multi-factor authentication solutions.

Named by Computerworld as one of the 100 Best Places to Work in IT every year since 2017, Genesis Healthcare utilizes BIO-key biometric software and hardware to secure and streamline its users’ login experience for Epic. By deploying PortalGuard IAM, it is able to maintain a consistent user experience and simplify the Hyperdrive migration. PortalGuard fully supports Hyperdrive’s modern authentication approach through its SAML Identity Provider (IdP) capabilities. PortalGuard provides seventeen authentication factor options, including WEB-key fingerprint authentication, the same core BIO-key biometric authentication platform regularly used by thousands of Genesis HealthCare employees. Additionally, users can now use PortalGuard for biometric authentication in other hospital applications through its support for standard IdP integration options like SAML, OAUTH, and OpenID Connect.

“Epic is a mission-critical application for many of BIO-key’s hospital customers, and implementing PortalGuard SAML SSO allows Genesis to maintain streamlined workflows and ensure secure access to patient information with IBB,” said Mark…

Source…