People focus on the outcome of common and often repetitive tasks such as locking and unlocking doors or proving to the cashier that it is really you standing at the checkout with your credit card to make a purchase. But these activities share a common underlying need: unimpeachable validation of individual identity. In fact, other than cash, the primary contents of anyone’s wallet or key ring are different forms of identification.
At USR’s core is patented multi-factor identification authentication technology. USR’s proprietary technology allows individuals to conveniently, securely and remotely authenticate their identity from their smartphone or portable device as their personal identity proxy, enabling a wide range of services under the sole control of the individual, including access to computing and physical resources. The USR software providing these services can reside at USR or at a third party site.
You can provide and store your information one time and recall it instantly and securely as often as needed. By tapping a smartphone or computer key, you can confidently make a purchase because your mobile phone, communicating with USR software, is authenticating and validating your identity without ever storing on your phone or transmitting any valuable or exploitable personal information whatsoever. Unlocking your personal computer or the door to your office can be even easier, and as simple as merely carrying your smartphone within Bluetooth range of the USR-enabled computer or door lock.
For millennia individuals have used passwords to prove their identity. Passwords were the first security system implemented on computers and still represent the most common security technology used today. Though inadequate, they are nonetheless used with ATM cards, credit and debit cards, for funds transfer, for access to personal and financial information, access to physical facilities and in other situations where basic personal identification must be verified.
But a password is only one of the three means of authenticating an individual’s identity¹. Effective identity authentication requires a combination of at least two – and preferably all three – of the available identification methods:²
- Something you know: a memorized secret word, phrase, number, code, or fact known only to an individual.
- Something you have: a discrete token which is tangible and strongly resists counterfeiting, such as a key, a badge, a wax seal, signet ring or a credit card with a chip.
- Something you are: a characteristic biometric such as a fingerprint, signature, voiceprint, photograph, retinal pattern or DNA.
Degree of security
Each factor’s strength is determined by how difficult it is to compromise. A one-digit numeric PIN, for example, offers relative security of 1 in 10 because there is a one in 10 chance the number can be guessed or attacked by brute force. A two-digit PIN has relative security of 1 in 100 (10 * 10). A three-digit PIN’s relative security is 1 in 1,000, and so on.
The relative security of employing multiple factors, properly implemented, is the product of the relative security, or strength, of each factor.
Example of 1 Factor Security
A four-digit numeric, secret PIN³ provides relative security of 1 in 10,000, meaning there is one chance in 10,000 that the PIN can be compromised.
Example of 2 Factor Security
A mobile phone token running USR software provides relative security of far more than 1 in 1,000,000. Combining this with a four-digit secret PIN creates relative security greater than one in 10,000 X 1,000,000, or 1 in 10,000,000,000 (10 billion).
Example of 3 Factor Security
A typical uncompromised biometric, such as a fingerprint, when analyzed automatically, provides relative security of about one in 10,000, meaning that one person in 10,000 will have a fingerprint that will be read as yours, yielding a false positive.
When the biometric is combined with a secret and a token, then the relative security of the combined 3 Factors is one in: 10,000 X 10,000,000,000, or 1 in 100,000,000,000,000 (100 trillion).
Example of 3+ Factor Security ™
The optional addition of another biometric — for example a photograph of the user sent by USR to the Point of Sale — strengthens reliability of the authentication. If that photograph’s relative security is 1 in 10,000, then the 3+ Factor authentication provides relative security of 10,000 times 100 trillion.
¹ There are only three valid means of identifying an individual: a secret, a token and a biometric, according to the National Institute of Standards.
² USR founder Kenneth Weiss coined the term 2 Factor Security for the SecurID token more than 30 years ago. (SecurID is a registered trademark of Dell Inc.’s RSA division.)
³ To be valid a Personal Identification Number, it must be random and uncompromised.
Realizing more than a decade ago the profound transformational potential of combining then-emerging smart mobile phone technology and credit/debit cards, Universal Secure Registry™ Founder Kenneth Weiss developed and patented the preferred process for putting the two together as a “mobile wallet.” USR’s primary focus is this integration.
At the Point of Sale (POS) the user’s mobile wallet (smartphone) radiates a one-time use Pseudo Random Code (PRC), which remotely, by USR software, is matched to the PRC expected from a particular user. Then the user’s account information combined with details of the transaction can be sent to the traditional transaction processor or issuing bank. As an additional option, a digital image of the authorized user may be sent by USR software to the POS to signal transaction acceptance. Initiating the mobile phone transaction employs three-factor identity authentication, and the return of the customer’s digital image at the POS is a second biometric. USR therefore employs 3+factor security™.
The basic form of the credit card has not changed since the last century — a 2” x 3” piece of metal or plastic with an account number on it. The issuing banks and credit companies have never grasped that what they are really doing with each transaction is identifying the individual, and no exploitable account number is required for this purpose. In fact the account number, which may be an important and necessary back office tool of the issuer, is actually unnecessary and dangerous to communicate or expose, because it can lead to unauthorized use, identity theft and fraud. Magnetic stripes, encryption, holograms, and near field communication (NFC) do not solve this potential for abuse. USR eliminates the potential for these crimes to occur.
USR patented technology validates the identity of the authorized user with three factors and then uses a one-time-use constantly changing Pseudo Random Code to wirelessly communicate the identity of the user at the POS. The secure USR software authenticates the identity of the authorized person and instantly and securely forwards the chosen credit or debit card’s account number and purchase-related information to the appropriate transaction-processing center or issuer. A digital photograph may also be sent by USR to a display on the POS terminal, providing 3+ factor security™. Private information — especially account numbers — is never exposed or stored in or on the mobile phone. Indeed no sensitive or exploitable information is ever stored in the smart phone or transmitted.