PINgrid is a revolutionary authentication technology that takes advantage of the mind’s ability to remember patterns and shapes. It uses this handy trait to provide a very robust, but simple-to-use, logon technology. PINgrid produces a one-time code (OTC) to prove who you are and all you have to remember is a simple pattern, no PINs or passwords. Your pattern is kept a secret by PINgrid as it is never revealed when you log on. Each time you authenticate yourself you enter a new code however your pattern remains the same and remains secret to you.
How it works
What if there was a password that was easy to remember, but it changed every time you used it?
Where to use it
Whilst PINgrid can be used as a traditional 2 Factor Authentication solution it also suits many other scenarios. PINgrid 1.5 Factor Authentication allows for a secure One Time Code logon without having a secondary device at all which is well suited to easy access, medium security situations. Whereas PINgrid 3 Factor Authentication includes the award winning (SC Magazine Europe 2013) transaction signing functionality for securing high risk tasks – all with a simple to use user interface.
PINgrid caters very well for risk appropriate authentication situations, e.g. Internet Banking or workflow accountability. It can be easily integrated directly into applications via Web API’s and SDK’s for both the authentication server and mobile devices. PINgrid can also replace legacy 2FA solutions for traditional scenarios, e.g. remote access, SSL VPN, or any solution using RADIUS.
2 Way-ID can be used by call centers to quickly identify a person over the phone and a customer can also verify that the call center operator is legitimate too.
PINgrid with AuthentiDoc technology provides a highly secure way to encrypt documents and files without complex DRM systems. Furthermore, the files can be opened using a standard application, no custom client software is required.
- Patented, award-winning technology
- 1.5, 2 and 3 Factor Authentication
- Native transaction signing / validation capabilities
- NO hardware tokens!
- NO PINs or passwords!
- Securely logon on Windows Desktops while in or out of the office
- Emergency Override Access
- Information protection with AuthentiDoc
- Secure access to internal & Cloud-based applications
- Free Authlogics Authenticator download from all major mobile app stores
- Real-Time or Pre-Send token delivery via SMS or e-mail
- Active Directory or LDAP database storage (no schema extensions)
- RADIUS & Web Services interface for universal integration
- Helpdesk identity validation with 2-Way ID
- Highly competitive pricing and flexible licensing options
- Simplified user provisioning (thousands in an hour)
- Web-based Operator portal for IT Helpdesk day-to-day operations
- User self-service portal and password reset
- FIPS 198 & 180-3 compliant cryptography
PINgrid Introduction Video
Frequently Asked Questions
How is PINgrid better than traditional 2FA?
Traditional 2 factor tokens can be used by anybody in possession of the token. Furthermore the PIN, the something you know, is divulged in full during each login. As such, something you have & something you know should read something somebody has & something anybody knows.
In a PINgrid 2 factor scenario, the something you have is only of use for the intended user as it doesn’t display a usable code, just a challenge grid. As the numbers in the grid are generated specifically for the intended user’s device and can only be used with their pattern, it is only usable by the person it was intended for. Therefore, the something you have cannot be used by anybody else even if they are in possession of it. The something you know is the pattern which is never divulged during a login and thus remains only something you know. As such, something you have & something you know logic holds true.
How does PINgrid provide transaction verification / transaction signing?
PINgrid can be used to securely verify transactions by simultaneously authenticating the user performing the transaction, and verifying key transaction data in a single step. This technique is fundamentally different from traditional OTP solutions which only authenticate the user at the point of the transaction but do not verify the transaction details. The result is that the transaction details could be tampered with in transit even when a valid OTP is used.
PINgrid’s secure transaction verification requires a 2 Factor soft token which allows the user to enter key transaction information, e.g. an account number, onto their offline smart device in order to display a challenge grid. PINgrid will use key transaction information within the mathematical process used to generate the numbers in the grid, and the transaction processing server is able to perform the same calculation based on the transaction data it actually received. If the transaction data were to be maliciously modified in transit, the server would calculate different numbers to what the user saw when entering their code. Thus the code will not be valid and the server will decline the transaction. This type of technology is key to defeating online banking attacks such as “Operation High Roller” and is natively available within the PINgrid SDK’s.
How do the PINgrid soft tokens work?
The PINgrid soft tokens are standalone apps which do not require any data connectivity to function. This is ideal when users are in areas of low signal or international roaming. The hardware ID of the device running the soft token is registered on the server against a user account. The hardware ID is typically an IMEI number or an equivalent unique hardware moniker. The hardware ID is partly used to calculate token seed value. The seed is then combined with the current time of the device to produce the numbers in the grid.
To add extra security to the seeding process, Mutual Device Assignment (MDA) can be used. MDA is a two way process of pairing a user account to a two factor device. The device is linked to the user account via a hardware ID. Conversely a user account is linked to a soft token via a 10 character remote seed value. The Remote Seed value is derived from the actual 256bit user seed stored by the server. Both the soft token and the server will use the hardware ID & Remote Seed values when calculating the seed used to generate the numbers in the grid. Unlike fixed seed systems, MDA allows for simple re-keying of a hardware device in case a seed is compromised. Similarly, if a hardware ID is somehow compromised the remote seed value is still unknown.
What Intellectual Property does PINgrid use?
There is a collection of IP behind PINgrid which is detailed on our dedicated patents page.