Top
BioSignID FAQs

Does BioSignID web service free?

BioSignID web service is currently in beta stage. In the future, ANB indented to offer BioSignID service under annual EULA terms.

BioSignID Web Service

Free, price, BioSignID, web service, EULA

Does BioSignID is a biometric identity?

BioSignID utilizes biometric signature identities with compliance with the ISO IEC SC37 biometric standards (19794-7 19794-11). BioSignID identities are behavioral identities that are dynamic and can be reset unlike physical biometrics (Iris, Fingerprint, Veins and Face recognition). For more info, please visit: http://www.biometrics.gov/Documents/DynamicSig.pdf or at:www.ostp.gov/nstc

Biometric Identity

BioSignID, Biometric, standard, Behavioral

Does BioSignID identity replace text-passwords?

BioSignID challenge is to replace text-passwords authentication which proved to be unsecured. BioSignID offers a user-friendly graphic human-machine interface which is based on touch-screen. BioSignID offers highly secured identities compared to any remember-able text-password. BioSignID is based on signature that is more human-oriented identity than text-passwords.

BioSignID Identity

BioSignID, Text-passwords, Touch-screen

What vulnerabilities BioSignID challenges?

BioSignID challenges users’ authentication over the web which is currently based on unsecured text-passwords. BioSignID challenges the latest cybercrime MITM (Man-In-The-Middle) attacks such as: SSL-Strip, SSL-Sniff and Chain-Certificates attacks. These latest hacking attacks proved to be the most efficient and common methods to steal identities and any other sensitive information such as: credit cards and personal details. For more information please visit: http://www.itpro.co.uk/609932/website-danger-as-hacker-breaks-ssl-encryption

BioSignID Web Service

Text-passwords, MITM (Man-In-The-Middle) attack, SSL-Strip, SSL-Sniff, Chain-Certificates attack

How do I register to BioSignID web service?

Please visit BioSignID web site home page and click on the “Join BioSignID Now” button or click on the following URL: https://www.biosignid.com/Register.aspx

Register to BioSignID Web Service

Register, Join

What are the key advantages of BioSignID?

The main key advantages of ANB’s BioSignID solution are:

• It is a hardware-free, pure-software solution that can be immigrated from desktop PCs to mobiles. Please visit the following URL, BioSign for Mobiles Demo: http://poc.anbsys.com/mobiles/

• ANB BioSignID was designed and optimized for the new emerging interface technology, the touch-screen technology. Please visit the following URL, BioSign for Touch-screen desktop PCs, running on HP TouchSmart: http://poc.anbsys.com/hp.html

• ANB BioSignID identities are dynamic and are based on behavioral biometrics. As long as you use it, the system knows you better (based on your transactions profile). Unlike other static biometrics solutions, it keeps learning and reducing FRR rates for every user. This way, it can support minimum entry point and evolve into higher security level profiles and users’ creditability.

• BioSignID provide three factors authentication: something you are, something you know and something you have (the device where you signed).

• BioSignID is an OTS technology (One-Time-Signature). User can never sign the same signature again and therefore, unlike text-password, signatures cannot be re-played.

• BioSignID is user friendly without leaving traces of your identity; unlike fingerprints where people leave their fingerprints everywhere; BioSignID is optimized for the virtual world of Internet and IT systems because it can be reset.

• With today's cybercrime threats (like MITM SSL-Strip, SLL-Sniff and Chain-Certificates attack), its volume, the text-passwords and the SSL, SSH and IPSEC cannot provide protection to

BioSignID Web Service

BioSignID, Key advantages, hardware-free, Mobiles, Touch-screen, Dynamic Identities, Behavioral biometrics, FRR rates, User creditability, Three factors authentication, One-Time-Signature, Virtual, Cyber crime, Open-ID

How can I create my identity with high-level security?

At your enrollment stage, you will be asked to provide your first 5 (five) signature samples, one after another in a successive order.

Please use any pointing device on your convenience. The use of any touch-screen device is optimal in order to provide a consistent and very secure biometric identity.

Please follow these recommendations in creating your biometric BioSignID:

• Make sure your PC mouse or stylus enables you to sign smoothly and easily

• The longer your signature is, the more biometric features it contains, increasing your BioSignID security level

• Remember to be consistent in the manner in which you sign

• Your consistency will gradually improve with use/practice

Upon completing your enrollment process successfully, you will be asked to verify your enrolled signature. From this point BioSignID self-adaptive feature will keep learning every single signature you signed in order to reduce FRR (False Reject Rate) and improve your user creditability.

Secured Identity

Enrollment, Register, Touch-screen, Consistent, FRR

Can I sign-in with my PC mouse?

BioSignID was designed for the emerging touch-screen technology. Nevertheless, BioSign support signing-in by using any pointing device and in particular, standard PC mouse. F.Y.I. users indicated that signing-in while the mouse accelerated mode is disabled reduces FRR (False Reject Rate).

Sign-In

Touch-screen, PC mouse, FRR

How can I reset my identity in BioSignID?

In order to reset your BioSignID identity, please click on the Sign-in button, follow the instruction and provide your username/e-mail address. While the BioSignID virtual-pad is opened, please click on the reset signature text. Then please follow the BioSignID Reset instructions provided to you by e-mail.

Reset My Identity

BioSignID identity, Reset

What can I do if I forgot my BioSignID username?

Please use your e-mail address to sign-in and then access your account to review your BioSignID username. Your username in BioSignID is unique. Your username is used for creating your unique username in Open-ID (username.biosignid.com)

Forgot My Username

BioSignID, Forgot username, Open-ID

Can I use my BioSignID identity to sign-in into third party web site?

BioSignID is an Open-ID provider which supports any other third party Open-ID web site. Only Open-ID web sites can be accessed using your BioSign-ID. For more information about Open-ID authentication standard please visit: http://openid.net/get-an-openid/ F.Y.I. the following web sites support Open-ID: Google, Yahoo, LiveJournal, Hyves, Blogger, Flicker, Orange, Myspace, WordPress, AOL and more.

Sign-In

BioSignID, Sign-In, Third party web site, Open-ID, Single-Sign-In

Does my BioSignID identity nor my user’s account information secured?

Your BioSignID identity is a set of 14 millions calculations encapsulated in binary object – your biometric identity template. BioSignID identities templates are uni-directional and cannot reversed to its origin. This object is highly secured similar to advanced encryption method. Unlike encryption methods that encrypt the whole piece of information, BioSignID template represents only the significant portion of your signature image and the way you sign your signature. Biometric identities such as fingerprint, veins and iris, the biometric template represents a set of personal features (minutiae) rather than image copy of your face/fingerprint/veins map.

BioSignID Identity

BioSign identity, Encrypted, Binary, Minutiae

What my user’s account in BioSignID includes?

Your user’s account in BioSignID includes the following information:

• User’s details such as full name, nick name, e-mail address, gender, security question, country, language, time zone and zip code.

• User’s unique BioSignID identity template

• User’s history of transactions (login transactions and user’s account activities)

• Trusted web sites

This information is stored securely in the system database on a remote and tunneled server.

BioSignID Identity

BioSignID account, Full name, Nick name, E-mail address, Transactions history, Trusted web sites

How do I sign-in securely?

The most secured way to sign-in is by using invisible mode. Invisible mode protects against shoulder surfing attack. To toggle between invisible and visible modes, please click on the invisible icon or use spacebar while the virtual=pad is open. The most secured way to sign-in is by signing-in on your iPhone rather than on your browser. The BioSignID on iPhone implements three factors authentication:

• Something you are (biometrics)

• Something you know (your signature image)

• Something you have (your iPhone device and SIM card)

Sign-In

Sign-In, Invisible mode, Visible mode, iPhone, Three factors authentication

How can I use my iPhone to sign-in?

In the near future, ANB is going to offer BioSignID on iPhone and other smart phones (Microsoft Mobile 5.xx and 6.xx). User that would like to redirect his signing transactions to his touch-screen iPhone should:

• Install BioSignID agent on his iPhone

• Then update his user’s account – redirect my signing to my iPhone.

Each user’s account can be linked to only unique phone number, SIM card of the mobile device (iPhone or any other Smartphone).

iPhone

BioSignID, iPhone, Mobile 5.xx, Mobile 6.xx, Touch-screen, SIM, Smartphone, Three factors authentication

Who is ANB company?

Adaptive Neural Biometrics (ANB) company is privately-owned, headquartered in London, with R&D in Israel. ANB is: a Microsoft Certified Partner – ISV, IBM PartnerWorld – ISV and Intel IPI – Intel product Integrator. For more information, please visit ANB’s web site at: www.anbsys.com or contact us at: marketing@anbsys.com

About ANB

ANB, ISV, Microsoft, IBM, HP, Intel

How can I contact BioSignID technical support?

You can contact BioSignID technical support team by clicking on the contact us link at: http://www.biosignid.com/HelpPages/ContactUs.aspx or by sending e-mail to: support@anbsys.com

BioSignID Technical Support

Technical support

Can I sign-in on touch-screen?

BioSignID was designed and optimized for the emerging technology of touch-screen. Signing-in with your fingertip on touch-screen is the most natural and user friendly human-machine interface compared to any other biometrics such as: facial and IRIS by camera, fingerprint and veins by special readers/sensors. BioSignID is pure software, hardware-free solution. You don’t need to attach any special hardware in order to sign-in.

Sign-In

Sign-In, Touch-screen, Fingertip, Hardware-free, Natural

Can I sign-in from my mobile device?

BioSignID offers the most secured authentication mechanism based on the third factor authentication – something you have (in addition to the first two factors). Users can choose to redirect their signing transactions from their PC browser to their personal mobile phone (mobiles with touch screens like iPhone). This option provides the three factors authentication that eliminates any phishing attack.

Sign-In

Sign-In, Mobile, Three factors authentication, iPhone, Phishing attack, Anti-phishing

Does BioSignID identity compatible with biometric standards?

ANB team represented the Israel institute of standards (IIS) in the ISO IEC/SC37 biometric committees and work groups. ANB’s BioSignID solution was designed based on the new ISO biometric standards:

• ISO 19794-7

• ISO 19794-11

Biometric Standards

Biometrics, Standards, ISO

Do I need to sign consistently?

BioSignID offers a dynamic self-adaptive biometric solution that keeps learning every signed signature that was approved to be valid. BioSignID is the only biometric solution that builds the user biometric identities (templates) dynamically and not just based on the first enrollment samples. This mechanism ensures that users can develop and improve their security level and creditability over time and use. As long as you sign-in, your become more consistent is your way of signing-in. The key is always, keep using the system. Text-passwords are static and must be always identical which makes them vulnerable to hackers’ attacks.

Sign-In

Sign-In, Consistently, Self-adaptive, Text-passwords vulnerability

Does the BioSignID system learn every signed signature?

BioSignID offers a dynamic self-adaptive biometric solution that keeps learning every signed signature that was approved to be valid. BioSignID is the only biometric solution that builds the user biometric identities (templates) dynamically and not just based on the first enrollment samples. This mechanism ensures that users can develop and improve their security level and creditability over time and use. As long as you sign-in, you become more consistent is your way of signing-in. “As much as you pedal your bike drive improves”.

BioSignID Web Service

Self-adaptive, Dynamic Identities, Creditability, Consistently

How long my BioSignID identity should be?

BioSignID solution was optimized to support low entry level identities starting with your initials signature. The initials signatures model supports the Internet authentication requirements. The optimized signature should be based on 5 to 7 characters/symbols and not longer than 12 characters. ANB policy motivates users to sign abstract signatures over the web and not their personal signature that is used for signing on financial transactions. F.Y.I. the BioSignID virtual-pad samples up-to 10 seconds long signatures.

BioSignID Identity

BioSignID identity, Initials signature, Signature length, Virtual-pad

Do I need to provide my personal signature or any simple hand gesture?

BioSignID solution was designed to authenticate users over the Internet and for private cloud computing environments. The authentication should be short starting with signing your initials. ANB policy motivates users to sign abstract signatures over the web and not their personal signature that is used for signing on financial transactions.

BioSignID Identity

BioSignID identity, Initials signature, Cloud computing, Abstract signature

Does BioSignID identity behavioral?

Biometric signatures are considered to be behavioral and dynamic rather than static biometric (face recognition, veins map, fingerprint, IRIS, palm). Unlike static biometrics, behavioral biometric are based on two factors authentication - something you know and something you know. Behavioral biometrics can be reset (you can sign a different signature in every enrollment). This flexibility make the BioSignID optimally suited to the virtual world of IT and Internet arena.

BioSignID Identity

BioSignID identity, Behavioral, Dynamic identity, Two-factors authentication, Reset, Virtual

Does BioSignID identity behavioral?

Biometric signatures are considered to be behavioral and dynamic rather than static biometric (face recognition, veins map, fingerprint, IRIS, palm). Unlike static biometrics, behavioral biometric are based on two factors authentication - something you know and something you know. Behavioral biometrics can be reset (you can sign a different signature in every enrollment). This flexibility make the BioSignID optimally suited to the virtual world of IT and Internet arena.

BioSignID Identity

BioSignID identity, Behavioral, Dynamic identity, Two-factors authentication, Reset, Virtual

Can I repeat signing the same signature?

Users can never sign the same signature again. The sampling rate starts with 100 Hz (100 times per second) and happens randomly. This way every sampled signature is different and can be identified against any re-play attack. Nevertheless, all your signatures represent the same biometric (the way you sign) and the same signature image (under reasonable limits). In order to support that, ANB implements self-adaptive engine that keeps learning every user’s single signature (that proved to be valid) using advanced artificial neural networks and other adaptive techniques.

Sign-In

Sign-In, Sampling rate, Re-play attack, Self-adaptive, Artificial neural networks

Does BioSignID protect against phishing?

Phishing attacks try to imitate the authentic web service such as e-banking in order to steal the user identity and then use it in cybercrime activities. BioSignID solution was developed in order to eliminate phishing attacks by tunneling the user identities/signatures that are sent for verification to the authentic and authorized server using secured direct connection. By using the mobile redirection where the user signs on his mobile device such as iPhone, the identity is sent from the mobile device to the authorized authentication server. The phishing can happen between the web browser and the fake site only. This way BioSignID uses second and parallel connection to eliminate any phishing exposure and risks.

Anti-Phishing

BioSignID identity, Phishing, Anti-phishing, Cyber crime, iPhone, Mobile

Do I need to install any client software?

For signing-in from your PC web browser you don’t need to install any client software. The secured virtual-pad is just-on-time application that runs only at each signing-in process. BioSignID runs on the following web browsers: Microsoft IE 7.xx/8.xx, Firefox, Google Chrome and Safari. In some cases, you may need to install Microsoft Silverlight 3.xx framework. BioSignID support signing-in from your iPhone device. In order to redirect your signing transactions to your iPhone, please follow the instructions on BioSignID web site and install the BioSignID client software prior to join this service.

BioSignID Web Service

BioSignID, Client software, Install, virtual-pad, IE 7.xx, IE 8.xx, Firefox, Google Chrome, Safari, Web browser, Silverlight, iPhone

What are the pre-requirements before using the BioSignID web service?

BioSignID runs on the following web browsers: Microsoft IE 7.xx/8.xx, Firefox, Google Chrome and Safari. In some cases, you may need to install Microsoft Silverlight 3.xx framework.

Pre-requirements

Pre-requirements, BioSignID web service, Silverlight

Does BioSignID support Microsoft IE browser?

BioSignID runs on the Microsoft IE 7.xx/8.xx. In some cases, you may need to install Microsoft Silverlight 3.xx framework.

BioSignID Web Service

Web browser, Microsoft IE, Silverlight

Does BioSignID support Google Chrome browser?

BioSignID runs on Firefox 2.xx and higher. In some cases, you may need to install Microsoft Silverlight 3.xx framework.

BioSignID Web Service

Web browser, Google Chrome, Silverlight

Does BioSignID support Apple Safari browser?

BioSignID runs on Google Chrome. In some cases, you may need to install Microsoft Silverlight 3.xx framework.

BioSignID Web Service

Web browser, Safari, Silverlight

Does BioSignID support Firefox/Mozila browser?

BioSignID runs on Apple Safari. In some cases, you may need to install Microsoft Silverlight 3.xx framework.

BioSignID Web Service

Web browser, Firefox, Mozila, Silverlight

Does BioSignID support Opera browser?

BioSignID is an Open-ID solution which is supported by Opera. Currently Opera doesn’t fully support the Microsoft Silverlight 3.xx and therefore you may encounter difficulties in signing-in from Opera web browser.

BioSignID Web Service

Web browser, Opera, Silverlight

How can I track my login history in BioSignID account?

In order to track your login activities using BioSignID, please login to your account in BioSignID at:

https://www.biosignid.com/login.aspx and then click on the My Account link. Then four tabs should be displayed as following:

• Personal Details

• Your Account Activities

• Your Trusted Web Sites

• Login History

Your account activities tab lists all your signing transactions failed and successful attempts.
Login history tab list your login activities to BioSignID web site and other trusted web sites that support the Open-ID standard. Each login activity can represent several tries or login to third party web site that used your credentials (first login). Each successful login activity is valid to predefined time period (varied between 5 minutes to 30 minutes).

BioSignID Web Service

BioSignID web service, Login transactions, History, BioSignID account, Security token

How can I add more trusted web sites to my account security profile?

After a successful user’s registration process, a universal username (Open-ID username identity) is generated for each user. This universal username can be used to sign-in into any Open-ID supported web site such as Facebook.com, LiveJournal.com, Kmart.com and more. The user universal username is a URL in the following pattern: username.biosignid.com For example: if your username in BioSignID is: Johnsmith, your universal username should be: johnsmith.biosignid.com The first time you signed-in into Open-ID supported web site, in this example LiveJournal.com please choose the option of login with Open-ID and then use your universal username to sign-in in the Livejournal.com web site, for example, type johnsmith.biosignid.com in the username textbox and then press enter. You will be redirected to BioSignID virtual-pad to sign. Upon a successful authentication using BioSignID, a dialog box should be displayed requesting you to confirm the authentication to the third party web site. Upon confirmation, in this example, to livejournal.com web site, the livejournal.com web site will be classified as trusted site. In case of confirming all third party web sites login, all your future third party logged web sites will be automatically classified as trusted web sites.

BioSignID Web Service

BioSignID web service, User account, Trusted web sites, universal username, Open-ID

How can I log-off from my BioSignID account?

BioSignID is automatically valid to predefined time period of 30 minutes. In case of logging-off earlier please visit BioSignID web site at: www.biosignid.com and then click on the Logoff button on the upper-right area.

BioSignID Web Service

BioSignID web service, Logoff, Security token

Can I use electronic tablet or electronic pen to sign-in?

BioSignID solution was designed for the emerging touch-screen technology. Nevertheless, you can sign-in using any pointing device stating with standard PC mouse. F.I.Y. BioSignID support signing-in from your touch-screen mobile phone and in particular iPhone.

BioSignID Web Service

BioSignID web service, Electronic tablet, Electronic pen, Pointing device, PC mouse, iPhone, Touch-screen

Do my signed signature images kept in memory/storage/cache?

BioSignID is a Just-In-Time software agent that doesn’t being installed on your PC. It runs for a specific signing-in transaction process without leaving any trace of the sampled signature. The sample signatures don’t persist in any storage, memory or cache. The verification process occurs at the remote authentication server against your stored, encrypted BioSignID identity template (14 million calculations object).

BioSignID Identity

BioSignID identity, Just-in-time, Signature, Image, Identity template

How does BioSignID protect against cyber attacks such as: SSL-Strip, SSL-Sniff and Chain-Certificates attacks?

BioSignID solution works as an internal VPN connection within the web browser in order to secure the connection between the endpoint users’s PC and the authorized authentication server. This is any attempt to attack the BioSignID session using MITM (Man-In-The-Middle) are recognized and blocked. BioSignID cannot work under fake certificate. The data must be sent securely directly to the BioSignID authentication server. The data cannot be translated from Https to http plain text as it is being implemented in the SSL-Strip attacks. BioSignID solution challenges the phishing attacks by redirecting the signing-in transaction to mobiles such as iPhone.

BioSignID Web Service

BioSignID web service, Cyber crime, SSL-Strip, SSL-Sniff, Chain-Certificates attack, MITM (Man-In-The-Middle) attack, Fake certificate, Http, Https, iPhone, Phishing

Can I use BioSignID identity to sign-in into my e-bank account?

BioSignID authentication service works with any third party web site that supports the Open-ID authentication standard. In case your e-banking web site supports the Open-ID standard you can easily use your universal Open-ID identity to sign-in or please contact us at:support@anbsys.com

Sign-In

Sign-In, e-banking, BioSignID identity, Open-ID

Does BioSignID part of Amazon AWS?

ANB’s BioSignID is installed in Amazon EC2 cloud. The ANB’s BioSignID is part of Amazon recommended web services under the category of authentication web services.

BioSignID Web Service

BioSignID web service, Amazon AWS

Where BioSignID web service installed?

ANB’s BioSignID is installed in Amazon EC2 cloud.

BioSignID Web Service

BioSignID web service, Amazon AWS

Can I open two accounts in BioSignID?

Each user’s account and personal BioSignID identity is related to a unique e-mail address. It is not recommended to use two different BioSignID identities that are related to two different e-mail addresses. In general, the answer is yes.

BioSignID Web Service

BioSignID web service, User account

Should I use my personal e-mail with BioSignID account?

Your e-mail address is used in order to send you your personal unique license number and other alerts regarding any request to reset your BioSignID identity. Please use your personal and confidential e-mail account to communicate with the BioSignID authentication web service.

BioSignID Web Service

BioSignID web service, User account, Personal e-mail

What can I do when I forgot my username?

You can use your unique username in BioSignID nor in your personal e-mail address which was used in your registration process to BioSignID. In case, you forgot both, please register using different e-mail address.

Sign-In

Sign-In, E-mail address, User account, BioSignID username

What is the key shortcut to submit my signature for verification?

While your BioSignID virtual-pad is open, you can click on the Submit button to send your signature for verification or press enter (Carriage Return key).

Sign-In

Key shortcuts, Sign-In, Virtual-pad

What is the key shortcut to switch between visible/invisible modes?

While your BioSignID virtual-pad is open, you can switch between invisible/visible modes by clicking on the invisible button (bottom toolbar) or by pressing the spacebar key.

Sign-In

Key shortcuts, Sign-In, Virtual-pad

What can I do against shoulder-surfer attack?

BioSignID provides invisible mode, where your signed signature is transparent and cannot be seen. To increase your privacy, please sign-in invisibly using spacebar or clicking on the invisible button on the virtual-pad toolbar (at the bottom).

Sign-In

Sign-In, Invisible mode, Visible mode, Shoulder-surfer attack, Virtual-pad

Does BioSignID technology patented and/or trademarked?

BioSignID is a patented technology and BioSign is trademarked sign to ANB company.

About ANB

BioSignID web service, patent, Trademarked

What was the technology used for developing ANB BioSignID?

BioSignID solution was developed using Microsoft .NET 3.5 framework and Microsoft Silverlight 3.0

BioSignID Web Service

BioSignID web service, Infrastructure, Microsoft .NET 3.5

What information is stored in my BioSignID identity template?

BioSignID identity templates represent each user signature image and its way of signing-in by using 14 million calculations. It only represents the most significant features rather than the whole signature. This way the signature template is highly secured and highly encrypted (by any encryption standard). The possibility to recover the signature form its template tends to zero.

BioSignID Identity

BioSignID identity, Signature template

Does BioSignID support single-sign-in?

BioSignID is an Open-ID vendor which supports single-sign-in features. You can sign-in to any third party web site that supports the Open-ID authentication standard. Please review the updated list of Open-ID supported web sites. Among the leading web sites are:

www.facebook.com
www.livejournal.com
www.wordpress.com
www.politicalmarket.cnn.com
www.mykmart.com
www.mysears.com
www.stackoverflow.com
www.mapquest.com
www.interscoperecords.com

BioSignID Web Service

BioSignID web service, Single-Sign-In, Open-ID

What is Open-ID standard?

Open-ID is an authentication standard which enables Internet users to use an existing account in Open-ID provider and sign in to multiple third party websites, without needing to create new passwords. ANB’s BioSignID is the first Open-ID provider that supports biometric identities. OpenID is rapidly gaining adoption on the web, with over one billion OpenID enabled user accounts and over 50,000 websites accepting OpenID for logins. Several large organizations either issue or accept OpenID identities, including Google, Facebook, Yahoo!, Microsoft, AOL, MySpace, Sears, Universal Music Group, France Telecom, Novell, Sun, Telecom Italia, and many more. For more information about the Open-ID authentication standard please visit at: http://openid.net/

Open-ID Standard

Open-ID standard, BioSignID web service

How can BioSignID be interfaced with third party applications?

BioSignID solution was designed based on the Open-ID standard. The Open-ID standard defines the interfacing model which is based on redirecting the authentication request to BioSignID authentication center using universal username username.biosignid.com (unique URL for each user). In general, BioSignID was designed for the cloud computing environment and therefore, it can be implemented as a standalone authentication center in private clouds. For installing ANB BioSignID server solution as a standalone solution for your internal IT infrastructure and cloud, please contact ANB marketing team at: support@anbsys.com

BioSignID Web Service

BioSignID web service, Single-Sign-In, Open-ID, BioSignID username, Universal username

What is BioSignID virtual-pad?

BioSignID virtual pad is a software based solution which samples user signature in real-time. BioSignID virtual-pad provides a virtual tablet, signing surface with a simple control bar at the bottom as following:

• Reset signature button: re-signs your signature before sending it for verification)

• Submit (enter key) signature button: sends the sampled signature for verification at the BioSignID authentication center in Amazon cloud.

• Invisible/Visible modes button: switches between visible/invisible modes in order to hide your signed signature from shoulder surfer attacks.

On the upper level the following information is being displayed:

• Virtual-pad status indicator: indicates the user while he is signing in his enrollment process – enrollment mode where he needs to provide 5 samples

• Virtual-pad status indicator: indicates the user while he is signing-in in verification mode; while the user signature is being sampled a red light is blinking.

Sign-In

Sign-In, BioSignID web service, Virtual-pad, tablet, Reset signature, Submit signature, Invisible mode, visible mode, Virtual-pad status, Enrollment mode, Verification mode

Where the BioSignID signature validation process executed?

BioSignID authentication web service is a central authentication service where all the users’ signature templates are stored and being verified upon authentication requests, compared to on-going sampled signature at the user PC or the user mobile device. The verification results are sent to the web sites that generated the authentication requests (where the user signs-in to gain access).

BioSignID Web Service

BioSignID web service, Single-Sign-In, Open-ID, BioSignID username, Universal username

How can I edit my account details in BioSignID?

Please successfully sign-in into BioSignID web site at: www.biosignid.com and then click on my Account button to access your account. The Personal details tab should be opened displaying your personal details. Please edit and save the changes. Please notice that your unique BioSignID username and personal e-mail address cannot be changed.

BioSignID Web Service

BioSignID web service, User account, Edit, Personal details

Does the communication between my PC and the BioSignID authentication web service secured?

BioSignID virtual-pad opens SSL secured direct connection with the BioSignID authentication server based on pre-defined known certificates. This model imitates VPN connection within the web browser from the user endpoint PC to the authentication server. BioSignID connection is highly secured in order to protect against any attempt to steal the user identity over the web. This way cyber attacks such as MITM (Man-In-The-Middle) attacks, SSL-Sniff are eliminated. MITM attacks are used widely by hackers in order to hijack users’ identity (usernames and passwords) in Wi-Fi public and private networks. Other cyber attacks are eliminated as well; any attempt to translate the connection from HTTPS protocol to plain text, unsecured HTTP protocol will close the connection immediately. This way BioSignID challenges the most severe cyber attack is known as SSL-Strip attack. To protect against phishing attacks, BioSignID implements parallel connection between the user’s mobile device (iPhone device) and the BioSignID authentication server. This way, users can send their identity directly to the authorized server. BioSignID provide the required solution to e-commerce and financial services over the web.

BioSignID Web Service

BioSignID web service, SSL, VPN connection, MITM (Man-In-The-Middle), SSL-Strip, SSL-Sniff, Chain-Certificates attack, Http, Https, e-commerce, e-banking

How can I keep my BioSignID identity confidential?

In order to keep your BioSignID secure and safe, please use invisible mode in order to hide your signed signature from any shoulder surfing attack. Please remember that you don’t have to write your signature in order to remember it. Please avoid signing-in using your typical signature that is used for signing on letters, legal papers and on financial transactions. You can use an abstract signature for the virtual world of IT and Internet using your initials or any other abstract signature. Abstract signatures provide secured identities that are easy to remember, much secured than any remember-able text-passwords. Please keep reviewing your login activities in order to detect any suspicious activities like failed logins, suspicious IP addresses and such. It the future, ANB is going to implement a profiling service that will generate security alerts based on identifying irregularities from the averaged user login behavior.

BioSignID Identity

BioSignID identity, Invisible mode, Shoulder-surfer attack, Abstract signature, Initial signature, Text-passwords, Behavioral profiling, login behavior

Do I need to reset my BioSignID identity occasionally?

BioSignID identities are based on the user biometric features, i.e. the way each user signs his personal signature. In general, the first signed signatures are more different than the followed signatures, that were signed after 50, 70, 100 signatures. Users improve their consistency and accuracy over time. BioSignID is a dynamic system that learns every signed valid signature. In case, you decide to re-enroll from his best choice and good will, the user can reset his signature and re-enroll. Each new enrollment involves a new license number. Please follow the reset instructions and check your mail-box for BioSignID new license number which is essential for starting your new enrollment process.

BioSignID Identity

BioSignID identity, Reset, Biometrics, Self-adaptive, Enrollment, License number, BioSignID web service

What is the meaning of open security policy?

BioSignID open security policy means that unlike working in central organization that dictates and enforces one defined security policy for all users, BioSignID enables each user to define his personal rule-base for gaining access to trusted web sites, signing-in from specific PCs and signing time.

BioSignID Web Service

BioSignID web service, Security policy, Personal policy, Rule-base, Trusted web sites

Can I use my BioSignID at my office?

BioSignID can be access from anywhere using standard Internet access point. If you can access the Internet, you will probably access the BioSignID authentication web service which is located at Amazon’s EC2 cloud.

BioSignID Web Service

BioSignID web service, Internet access, Amazon, Cloud, Office

Can BioSignID interfaced with Microsoft Active Directory?

In general, with customization, the ANB BioSignID server can be linked with Microsoft Active Directory objects and in particular Active Directory user’s accounts.

BioSignID Web Service

BioSignID web service, Microsoft Active Directory, User account

Why BioSignID identities are more secured than text-passwords?

Nowadays, text-passwords are proved to be unsecured. Text-passwords can be sniffed, copied, guessed and cracked. For more information about text-password vulnerabilities please visit the following URLs:

http://www.facebook.com/group.php?gid=9874388706

http://news.sky.com/skynews/Home/Technology/Facebook-Scam-Ive-Been-Mugged-In-London/Article/200908315363182?f=rss

http://stupidcelebrities.net/2008/09/17/palins-email-hacked-by-anonymous-pics/

http://cyberinsecure.com/list-of-20000-more-email-accounts-from-gmail-hotmail-yahoo-aol-and-others-posted-online/

• This is only the tip of the iceberg. For more, please use your Internet search engine on “Identity theft” and “Passwords”

In order to achieve high-security policy based on text-passwords, user should create text-passwords that are longer than 8 characters, passwords that combine special letters and numbers. Each text-password should be changed periodically in web sites which require you to login. These types of passwords quickly become difficult to track down and to remember, forcing you to write them on notes and sometime share them with people. Eventually text-passwords are proven to cyber attacks and high risk vulnerabilities. Instead of using unsecured text-passwords, you have the choice to use ANB’s BioSignID biometric identities that are much secured, easy to remember and almost impossible to be hacked or cracked. Each user’s BioSignID identity reflects 14,000,000 calculations that were generated form dozen to hundreds of ordered points ([x , y] coordinates ,time), synchronized by the human natural way of signing. Every BioSignID is much more secured than any typical text-passwords. Never the less, BioSignID can be used in several web sites as a single-sign-in identity instead of using many text-passwords.

BioSignID Web Service

BioSignID web service, Microsoft Active Directory, User account

Can my BioSignID identities be replayed?

BioSignID identities can never be signed the same by any user and therefore to avoid any replay attacks, for each approved signature, its hash (short-id) is stored for replay attack inspection. If an on-going calculated hash key matches a stored signature hash in the BioSignID database, a replay attack is automatically generated to the security team in ANB BioSignID, indicating for immediate response like locking the user account and/or informing the user for such replay attack.

BioSignID Identity

BioSignID identity, Re-played, Signature hash, Replay attack

Does BioSignID protect against key-loggers?

BioSignID solution is based on signing on touch-screens with the user’s fingertip or by using any pointing device that support high sampling rates starting with 100 Hz. Unlike with keyboard key-loggers record key strokes, any attempt to record the touch-screen moves or any other pointing devices generates 3 mega bytes per second and quickly (after few minutes) will use full storage of the key-logger. Any attempt to search for patterns in the recorded storage is not practical. Therefore, practically BioSignID protects against key-loggers attacks.

BioSignID Web Service

BioSignID web service, Touch-screen, Key-loggers, Replay attack, Copied, Identity theft

Can I use long signature to sign-in?

The optimized signature should be based on 5 to 7 characters/symbols and not longer than 12 characters. This model supports the Internet authentication requirements where users should be authenticated quickly and remotely over the web. Longer signatures require more computing time and communication resources and therefore BioSignID virtual-pad samples up-to 10 seconds long signatures.

Sign-In

Sign-In, BioSignID web service, BioSignID identity, Long signature, Virtual pad

Does BioSignID support any language hand writing?

BioSignID is a multi-language system that supports any signature, in any language, signed left-to-right, right-to-left, bottom-up and top-to-bottom. BioSignID supports abstract symbols as well. The key is consistency in the way and order the user signs his BioSignID identity.

BioSignID Web Service

BioSignID web service, Multi-language, Abstract signature, Consistency

How can I re-sign?

While the BioSignID is open, ready to sample your signature; if you would like to reset your current signing and re-sign, please click on the Reset button on the virtual-pad toolbar at the bottom-left area (Left Arrow button). After re-signing please click on the Submit button or simply press the enter key to securely submit your sampled signature to the BioSignID authentication center.

Sign-In

Sign-In, BioSignID web service, Virtual-pad, Reset

What is my username identity for Open-ID third party web sites?

The Open-ID standard defines universal users’ identity for each Open-ID vendor (authentication service provider). For BioSignID, please use your username in BioSignID based on the following Open-ID pattern: username.biosignid.com (“username in BioSignID” + “.biosignid.com”). This way any login attempt in any third party web site that support the Open-ID, redirects the authentication request to BioSignID authentication center.

Open-ID

BioSignID identity, Open-ID, Username, Login, Third party web site

Can I enlarge my virtual-pad to full screen mode?

BioSign supports signing-in in full screen mode by clicking on the full screen button. To return to normal size, please use the Escape key or re-click on the full screen mode button.

Sign-In

Sign-In, Virtual-pad, Full screen mode, Normal size, Escape key

© 2009 BioSign