Creativity is the art of compromise. One gifted artist may never receive recognition during his lifetime and die penniless (Vincent Van Gogh). Another one may mass-produce a painting a day to order and bask in his glory (Boris Kustodiev). Time was the final judge as to the talent and merit of these two artists and their works, but it happened only after they died. The procedure of authenticity verification is a kind of art, too.
For a manufacturer, ideal authentication is reliable data protection at the minimum possible expense. A user is also interested in the price, but there is expected to be the maximum possible convenience and transparency of use. A compromise needs to be reached here; there is no possibility for an ideal solution. In the end, friction makes a perpetual motion machine impossible, but it is possible to increase an engine’s efficiency coefficient.
What is required to verify that a person entering a password is the one who he says he is? In a simple situation, all that is needed is to stand by this person and watch him enter the password. This would not work in most situations — it would mean that one-half of the planet’s population would have to be watching the other half. But, information can be gathered indirectly by watching where a person is located, what the person buys, what browser the person uses and at what time, whether he has a wife and kids, what sports team the person supports; also, biometrical data or behavior details (for example, the handwriting slant, typing speed, etc.) can be taken into account. From all this information collected, it is possible to create an electronic image – a kind of a ‘mirror image’ – of this user. This image can be placed in a ‘cloud’ where the data is accessible to the server performing authentication.
There is the other side to this coin. The user must agree to the collection of his information. Practical experience shows that there should be no serious problems with that. Remember what a big deal was made of Facebook introducing new rules for using its members’ information and how everyone was indignant about this blatant intrusion into their personal life, and yet the number of people that actually closed their Facebook accounts because of this was very insignificant.
Here we see the need for another compromise. A manufacturer needs to have the complete details for authentication purposes, but part of the necessary information can only be collected using expensive technologies. A user would also like to ensure the maximum protection of his information, but he is not always willing to provide all the information about himself. A manufacturer and a user would probably agree on some of the authenticity verification parameters. For people living on Planet Earth of the Solar System in the Milky Way galaxy, there are currently three compromise factors for authentication purposes: “What I Know”, “What I Own”, and “What I Am”. I know the password; I have a gadget for generating it (a token), and I have the necessary biometric data. At this point in space and time, the “ideal” authentication should take into account all of these three parameters simultaneously. But, biometric sensors are still quite expensive (a concession to please a manufacturer) and not perfectly reliable (a concession to please a user). Everybody has heard the story about a little boy in the US who pressed his sleeping Dad’s finger against his iPhone 6 and “hacked” the Touch ID system.
We can and should dream of ideal solutions because that is how new things are conceived and created. Assuming that ideally the authentication system takes into account the n-number of parameters at the same time, Protectimus offers a solution based on two regular factors and the analysis of a user’s environment based on IP addresses and time filters. All these innovations produce great results — in terms of the level of protection and the convenience of use.