Home  |  Abstract  |  Project Description  |  Project Goals  |  Risk
Project Description
Americans daily use Internet accounts for banking, travel reservations, communication, commerce, and many other services. Most accounts that require a login process use single-factor password authentication for access. Single-factor authentication is easily compromised. Many Americans are hiding their vital personal information, such as social security numbers, bank numbers, stock transactions, credit card accounts, merchant accounts, and educational accounts, behind the very fallible single-factor authentication method. CertAnon alleviates this single-factor authentication problem by offering a universal two-factor authentication solution that vastly improves account protection, security, and convenience. Every year, millions of Americans fall victim to online fraud. One of the primary means of fraudulent account access is phishing.
VeriSign, an Internet security provider, states, “The explosion of the Internet commerce has brought with it a significant increase in online fraud and identity theft.” There were 8.9 million victims of online fraud or identity theft just last year. In the span of a year (2005 - 2006), the total losses to identity theft and online fraud rose over $2 billion, from $54.4 billion to $56.6 billion. Also within that time frame, the mean resolution time per incident jumped to an all-time high of 40 hours per victim, compared to 28 hours in 2005.
Consumer Internet usage is constantly increasing and more people are using online accounts for financial and other personal data than ever before. Since most of these accounts only have a thin veneer of protection, single-factor password authentication, they are highly susceptible to dissemination. As individuals and organizations are choosing to conduct more business and other transactions online, password usage is on the rise. More passwords mean increased opportunity for fraud and privacy invasion. With so many accounts to keep up with, password creation and maintenance becomes a real hassle for many. Password security and complexity is often limited by what humans can remember, but computers have no such limitations when it comes to cracking passwords. When considering that the typical password is about 20 characters or less, computer programs designed to hack passwords often successfully complete the task in milliseconds. This is particularly the case when the password consists of dictionary words or just a list of numbers. Once compromised, a password is no longer effective for authentication.
Viable methods exist to overcome single-factor password limitations. CertAnon uses proven two-factor authentication technology. Using pseudo-random number generation, the authenticating password changes every 60 seconds, significantly reducing the opportunity for password hacking. CertAnon implements a two-factor authentication technology based on the RSA SecurID token device. RSA SecurID is used by many companies, including E*Trade Financial®, Rolls Royce & Bentley Motors®, and Merrill Corporation®, for their online services. CertAnon further enhances RSA SecurID token technology by making it universally available for all Internet users while maintaining user anonymity. By not recording or maintaining a customer database, the CertAnon service is anonymous. The only data collected from the customer is the RSA SecurID Token serial number when a customer first sets up an account using the CertAnon service. No personal information such as name, address, or telephone number, will ever be required from individual Internet customers.