Secure, contactless, biometric MFA for today’s world.
You can’t misplace or forget
On-Device Cloud-Based Matching
Configurable policies for mobility
Ensure liveliness without user friction
Easy to Use
Intuitive iOS and Android Authenticators
Third Party Support
OIDC and SAML for Easy Integration
Self-service portal for provisioning and monitoring
Passwords are the problem…
Over 80% of security breaches involve compromised passwords.
“Consider using aditional or more complex forms of multi-factor authentication for users and administrators such as biometric or behavioral authentication methods.”
How ImageWare Authenticate Works
Works seamlessly for users
Biometric Authentication is for Everyone
Add your existing environments and its self-enrollment feature to quickly get users up and running.
Integrations and Partners
Three Tiers to Meet Your Needs
Defense-Grade Biometric Authentication
Technology built to satisfy the scale of government grade projects. Now available for the Enterprise.
- Modalities Available
- Integration Capabilities
- Zero Trust
- Biometric Engine
- Simple Enrollment
- Cloud-based Authentication
Customize security by choosing which modalities authenticate your users.
For simple passwordless login, the users can choose the most convenient option from the enabled modalities. When a more secure authentication is needed, you can enforce use of two or more modalities to reach a higher level of security.
Imageware Authenticate currently offers four biometric modalities out of the box:
Facial Authentication: using a mobile phone or laptop webcam, users look at the camera similar to taking a selfie. Highest level of authentication, particularly when combined with the NIST compliant Biointellic Anti-Spoofing technology.
Voice Recognition: users speak a randomized phrase, typically using a mobile phone.
Fingerprint: use a dedicated fingerprint reader to compare in the cloud for maximum precision, or use on-device fingerprint for basic security needs.
Palm Scan: user holds their palm over their mobile phone camera to authenticate.
You can also set up Imageware Authenticate Credential Provider for passwordless workstation login. If your workstation has a webcam enabled, Credential Provider replaces the Windows password prompt with a facial authentication prompt.
One solution for your entire enterprise.
We integrate seamlessly with most major Identity and Access Management (IAM) providers. This includes integration with Identity Governance and Administration (IGA), Single Sign-On (SSO), Enterprise Mobility Management (EMM), Network Access Security (NAS), Web Access Management (WAM), Password Management (PM), Virtual Private Networks (VPN) and other solutions.
Imageware Authenticate is designed to complement your organization’s existing security process and workflow. Authenticate can easily be integrated into your use case through either our standard SAML interface, OIDC connectors or our open REST APIs; providing biometrics where and when you need it.
Out of the Box integrations include:
- IBM ISAM
- Avatier Password Station
- Aruba ClearPass
- Fujitsu RunMyProcess
Upgrade cybersecurity while providing simple access.
Need to tighten up your identity verification to adopt a zero-trust model? The way to enable this level of secure access without impeding the efficiency of work is through convenient, frictionless authentication methods.
Any time you need to verify the identity of someone accessing key business systems or data, you can replace the windows credential prompt with a biometric authentication prompt using our biometric credential provider. Alternatively, leverage the benefits of device authentication with the security of biometrics using the Imageware Authenticate out of band authentication app for mobile devices.
For maximum security, require a facial authentication prompt, which uses the Biointellic anti-spoofing system for identity assurance. Biointellic is compliant with ISO/SEC 30107-3 PAD standards.
Defense-grade security begins with a purpose-built biometric database.
The two types of biometric matching most commonly referenced are 1:1 (one to one), or 1:n (one to many).
Imageware Authenticate uses 1:1 matching for fast, secure authentication. 1:1 matching means that the user requesting access identifies themselves to the system using their assigned username, such as email address. They then provide a biometric template as their “credential” for access. Our patented Biometric Engine takes that credential, and references the originally enrolled template assigned to the username to see if the two exceed the matching threshold set by the IT team.
1:n, or 1 to many, matching takes a provided biometric template and checks it against the entire biometric database to see if any of the templates in the database are a match. ImageWare’s Biometric Engine is capable of performing this action in less than 5 seconds, and it has been integrated into other ImageWare products where this function is most useful. If you’re interested in a custom implementation leveraging this capability, please contact us for details – [email protected].
The better user experiences begins at enrollment.
The authentication flow starts with enrollment. Your implementation determines your exact method of enrollment, but the most common method is to have your users install the Imageware Authenticate mobile app on their iPhone or Android devices. Once installed, they can follow the prompts to enroll the biometric modalities they are comfortable with, and the minimum required by your security policies.
Enrolled biometrics are run through the appropriate algorithm, generating a biometric template – a unique series of ones and zeros that represent each user. This template is stored in the cloud, and is what is used to authenticate the user. No PII is stored with the template – Active Directory acts as the record keeper, the same as it would if you used a username and password.
Instead, with Imageware Authenticate, access is gated with biometric authentication. Users can’t be compromised through phishing attempts, as access can only be granted when they authenticate through Authenticate.
Users can complete the enrollment process in as little as 10 minutes, and be ready to use their machines or business systems immediately after completing enrollment.
Authenticate your users no matter where they are.
When a user attempts to access a machine, system, or software which has permissions managed by Active Directory, they identify themselves to the system with their username – most commonly, their email address.
This request is sent to Imageware Authenticate’s servers, which prompt the user to submit a new biometric scan. This can be face, palm, voice, or fingerprint, depending on the security policies in place around what the user is trying to access. The user submits the biometric data, and Authenticate sends it to the edge of the cloud. There, the Biometric Engine runs the captured biometric data through the same algorithm used at enrollment. The engine tries to match the captured data to the enrolled template in the database. If the match is within the parameters defined by the security team, user is granted access. Without a match, they’re rejected.
For situations that require high levels of security, such as large transfers of money, high level admin access, or guarding patient data, multiple biometric modalities can be used to generate a fused score. This capability for biometric fusion is unique to Imageware Authenticate – as studied by NIST, the fused score from multiple modalities is exponentially more accurate than any single modality on its own.