User:HaleyJMich/sandbox

Direct Autonomous Authentication (DAA) is a cybersecurity platform developed by San Francisco-based technology company Averon.^[1] The DAA platform enables secure authentication of a mobile user whilst simultaneously preserving privacy of the user.^[2] The technology was developed in stealth from 2015, first publicly introduced by Averon in 2017, and featured at the 2018 Consumer Electronics Show as a new technology that combats the increasing threats of cybercrime and consumer account hacking.^[3]

Historical background

Traditional methods of cybersecurity have led to the unintentional consequence of user privacy loss, due to techniques requiring the disclosure of personal details such as something the user is (name, birthdate, biometerics), something the users knows (password, username, secret question/answer) or something the user has (keycard, device, ID document). These legacy forms of user credentials can be, and increasingly are, stolen or spoofed. Once such credentials have been compromised, such as due to a hacking event, those credentials can never again be securely used.^[4]

Other traditional methods of mobile security, such as one-time passcodes (OTP), public key infrastructure and the implementation of two-factor authentication via SMS codes, require additional user efforts, which leads to a measurable drop off in adoption and thus less secure interfaces, thereby undermining the purpose of the methods altogether.^[5]

Many phone-based, multi-factor authentication offerings require end users to enter a username and password, then generate codes that are sent to them via SMS, which the end user must then type into a data field, or push a button to log in to an account or authorize a transaction.^[6] However, as the SWIFT heist of 2017 illustrated, SMS is not a secure messaging network and there are multiple initiatives under way urging the abandonment of SMS.^[7] The National Institute of Standards and Technology (NIST) in 2016 and again in 2017 also warned that SMS-based two-factor authentication should be abandoned due to security risks, as breaches of SMS technology continually increase.^[8]

These various legacy methods of cybersecurity, including SMS, arose in response to the lack of a native identity layer on the internet.^[9] While some originally viewed internet anonymity as a convenience, to access any person and any server from any location, such convenience without identity authentication has led to increasing amounts of fraudulent online activity, as it has allowed anyone anywhere to appear to be someone else somewhere else. Thus, enterprise, governments and individuals alike have suffered increasing levels of cybercrime year over year.^[10] Although the internet protocol HTTPS was considered helpful in terms of securing internet data packets, it does not and cannot verify that senders of data packets are truly who they represent themselves to be.^[11]

General overview

In contrast to legacy methods of cybersecurity, the DAA platform bypasses end user actions, and rather than focusing on the authentication of a user's device, DAA instead provides autonomous authentication of a user's mobile phone number, since the mobile phone number continues to be associated with the user even when they lose, destroy or upgrade their mobile phone. The DAA method uses a proprietary mix of technology developed by Averon that works inside the secure mobile network data pipelines together with encrypted technology already within every smartphone. The combination of these autonomous authentication methods has been described by research analysts as a faster, more secure, and stronger method of cybersecurity than traditional methods.^[12]

Blockchain and privacy properties

Blockchain technology incorporated into the DAA platform ensures the privacy of end users. No identifiable personal data is maintained on the platform, therefore public disclosure of one's authentic identity (such as for the purpose of verified social media interactions) is voluntary. DAA technology affords the end user full control over identity disclosure in any given online interaction, which can can be controlled by the end user in varying degrees from fully anonymous to fully identified publicly. In cases involving the need for anonymity with regard to an end user's safety, such as in cases of whistleblowers or political activists, the DAA platform's blockchain technology provides a method for both complete anonymity with the option of voluntary verification of limited but often needed data (such as verifying an anonymous user's general location). Thus DAA technology alleviates the heretofore insurmountable challenge of protecting user privacy with the need for authentication.^[13]

Use cases

The DAA technology platform was designed to be seamlessly adopted for utilization in a wide variety of industries and use cases in which mobile authentication of users is required.^[14]^[15]

References

^ Marinova, Polina (2017-10-30). "Term Sheet Monday". Fortune.com. Retrieved 2018-03-08.
^ Bekker, Garrett (2018-01-30). "451 Research Analyst Report". 451 Research. Retrieved 2018-03-08.
^ Alspach, Kyle (2018-01-11). "10 Coolest Products at CES 2018". CRN. Retrieved 2018-03-08.
^ Schneider, Fred (2005-01-26). "Something You Know, Have or Are". Cornell University. Retrieved 2018-03-10.
^ Brandom, Russell (2017-07-10). "Two-Factor Authentication is a Mess". The Verge. Retrieved 2018-03-10.
^ Bekker, Garrett (2018-01-28). "Averon offers frictionless mobile authentication". 451 Research. Retrieved 2018-03-16.
^ Finkle, Jim (2017-11-28). "Cyber Heist Warning". Reuters. Retrieved 2018-03-16.
^ Townsend, Kevin (2016-08-17). "NIST Denounces SMS 2FA". Security Week. Retrieved 2018-03-10.
^ Grossman, Wendy (2016-04-01). "Trust Who You Are Online With". Infosecurity. Retrieved 2018-03-16.
^ Isaacson, Walter (2016-03-04). "The Two Original Sins of the Internet". Aspen Institute. Retrieved 2018-03-16.
^ Nagle, Dan (2015-07-08). "Packet Sender Documentation". Packet Sender. Retrieved 2018-03-16.
^ Bekker, Garrett (2018-01-28). "Averon offers frictionless mobile authentication". 451 Research. Retrieved 2018-03-16.
^ Bekker, Garrett (2018-01-28). "Averon offers frictionless mobile authentication". 451 Research. Retrieved 2018-03-16.
^ Elitzer, Dan (2017-04-11). "Digital Identity Is Broken, But We Can Fix It". Medium. Retrieved 2018-03-16.
^ Bekker, Garrett (2018-01-28). "Averon offers frictionless mobile authentication". 451 Research. Retrieved 2018-03-16.

[1] Marinova, Polina (2017-10-30). "Term Sheet Monday". Fortune.com. Retrieved 2018-03-08.

[2] Bekker, Garrett (2018-01-30). "451 Research Analyst Report". 451 Research. Retrieved 2018-03-08.

[3] Alspach, Kyle (2018-01-11). "10 Coolest Products at CES 2018". CRN. Retrieved 2018-03-08.

[4] Schneider, Fred (2005-01-26). "Something You Know, Have or Are". Cornell University. Retrieved 2018-03-10.

[5] Brandom, Russell (2017-07-10). "Two-Factor Authentication is a Mess". The Verge. Retrieved 2018-03-10.

[6] Bekker, Garrett (2018-01-28). "Averon offers frictionless mobile authentication". 451 Research. Retrieved 2018-03-16.

[7] Finkle, Jim (2017-11-28). "Cyber Heist Warning". Reuters. Retrieved 2018-03-16.

[8] Townsend, Kevin (2016-08-17). "NIST Denounces SMS 2FA". Security Week. Retrieved 2018-03-10.

[9] Grossman, Wendy (2016-04-01). "Trust Who You Are Online With". Infosecurity. Retrieved 2018-03-16.

[10] Isaacson, Walter (2016-03-04). "The Two Original Sins of the Internet". Aspen Institute. Retrieved 2018-03-16.

[11] Nagle, Dan (2015-07-08). "Packet Sender Documentation". Packet Sender. Retrieved 2018-03-16.

[12] Bekker, Garrett (2018-01-28). "Averon offers frictionless mobile authentication". 451 Research. Retrieved 2018-03-16.

[13] Bekker, Garrett (2018-01-28). "Averon offers frictionless mobile authentication". 451 Research. Retrieved 2018-03-16.

[14] Elitzer, Dan (2017-04-11). "Digital Identity Is Broken, But We Can Fix It". Medium. Retrieved 2018-03-16.

[15] Bekker, Garrett (2018-01-28). "Averon offers frictionless mobile authentication". 451 Research. Retrieved 2018-03-16.

[1]