SEAcurIT-e® can enhance any authentication scheme by managing and protecting the authentication keys on which the process relies. A simple example of this can be seen in the Web Services Security section.
The SEAcurIT-e® user authentication system may be employed for purposes such as accessing online accounts or network resources. It supports multiple different authentication scenarios, some of which utilise the advantages of smartphones. The solution is perfectly suited to software environments, with a hardware implementation also supported.
A distinctive feature of the SEAcurIT-e® system is that it offers protection against man-in-the-middle, or masquerade, attacks such as both conventional phishing and, significantly, real time phishing. This is in contrast to some token or SMS or based authentication mechanisms. Furthermore, the protection is also effective where a browser's standard SSL or TLS site authentication mechanisms fail, such as may be the case if a Certification Authority is compromised, or where a DNS cache has been poisoned.
SEAcurIT-e® also allows users to use one device such as a laptop to access a service or resource, but for the authentication process to be performed entirely using a physically separate device such as a smartphone. That is, no information is passed between devices. One advantage to this feature is that for spyware to properly compromise the authentication process, both devices must be infected. Furthermore, a user may utilise more than one authentication device without any significant overhead. Additional devices can be added or blocked as required, and the loss of any one device has no consequence for other devices. A user may therefore employ the most appropriate device in any instance.
The authentication system inherits all the security and management features of the SEAcurIT-e® key management scheme. For example, there is no information stored on a user device that either depends upon or can be used to derive information about authentication keys or user passwords, thus rendering a device immune to analysis by an attacker. Furthermore, the SEAcurIT-e® parameters stored on a device can be updated without any impact on either the user or authenticating party, thereby ensuring that any such compromised information quickly becomes redundant.
SEAcurIT-e® also offers a form of out-of-band transaction verification that mitigates against so called man-in-the-browser attacks.
Note that the authentication process may also be employed in conjunction with alternative authentication mechanisms including biometrics.