Trusona granted U.S. patent for anti-replay technology for passwordless authentication
Titled “Anti-replay systems and methods,” the patent describes technology that leverages users’ actions to secure their identity during digital interactions. It uses non-PII unique values of time, latitude, longitude, acceleration and more, as opposed to behavioral biometrics, to create a cryptographic nonce that should never be repeated. Each authentication is unique, so if it is reused, the system will block it and issue an alert.
Anti-replay technology has been integrated with its three-factor passwordless authentication solution called Trusona Executive. In this case, a government-issued ID or an employee badge are the third factor, with metadata such as camera focus time and document distance providing material for the cryptographic nonce. According to the patent, authentication data including biometrics could be used with transaction-related data stored by the system.
“Session replay attacks have grown exponentially and pose a great threat to organizations globally,” said Ori Eisen, Trusona founder and CEO, in a prepared statement. “Trusona is very passionate about removing this attack vector and we’re proud to pioneer this patented technology that serves as another weapon in our security arsenal to fight cybercrime. Providing modern passwordless authentication with anti-replay capabilities helps us continue to secure enterprises and consumers everywhere.”
The first replay attack was detected in 2010 and it involved users’ static credentials and SSL browser certificates, as well as the successful theft of millions of dollars in just one day. By removing password reliance, the anti-replay technology delivers enhanced authentication for enterprises and consumers alike, Trusona says.