Security experts refer to three factors that can be used to authenticate a person: what you have (for example, a token or card), what you know (a PIN) and who you are (a physical characteristic such as fingerprints). The Cleared Security Platform supports the use of two to three of these factors for strong authentication, and last year Priva claimed to be adding a fourth factor: an “adaptive morphing technology” that protects the token and is constantly changing. This technology prevents a hacker from breaking through the authentication layer--although it does not prevent the token from being lost or stolen.
To gain access, a user inserts the ClearedKey token, which has an integrated fingerprint reader, into the USB port of a computer with Cleared software on it, or into a POS terminal. (Thus the user’s true location is known.) The system first validates the entire platform from ClearedKey to the ClearedHost authentication server, which can be a network appliance or a managed service. Next, a secure communication session is established between the token and the host. Finally, the user is authenticated.
The system supports user verification with a PIN and/or multiple fingerprint biometrics as well as the new image feature. A specific combination of fingerprints in a particular order can be required. The system is configurable to support a variety of security policies.
Priva said that another variation of the security token with embedded RFID “wanding” technology is also in the works “to make physical access even simpler.”
An API allows customers to implement Cleared authentication within existing systems. Pluggable authentication modules also are available.
The Cleared Security Platform with ClearedPic image support is available now. Pricing varies with the levels of security and authentication required, the number of units, and other factors, but it ranges from approximately $30 to $150 per user.
