Offensive Security
cyber4.jpg

Latest Posts

BioEncrypt FAQ

untitled.png

User Experience

Can BioEncrypt SDK see users' personal apps and private data?

No.  It doesn’t need to.  BioEncrypt only runs to protect subscribed applications.  It can detect if there are other malicious apps or processes but it does this in a way that doesn’t require access to any personal data or apps.

How does BioEncrypt protect user privacy?

All analysis is conducted locally and using tokenized data.  That means no one — not us, not the enterprise, not the government, not an attacker — can extract the actual values of your location, device use or any other data point we use.

BioEncrypt is only interested in variance.  (i.e., Are you doing what you normally do?”)  That information is enough for BioEncrypt’s machine learning to authenticate you and provide the enterprise with insight into the risks of their mobile environment.

Do users need to use the BioEncrypt app whenever they access an application?

No.  BioEncrypt is automatically invoked by the accessed applicaiton without any user intervention required.

Is this going to drain users' batteries or slow performance?

Unlike other integrity detection products BioEncrypt runs only when you access protected applications so it won’t drain your battery or eat up precious system resources.

An average assessment using the BioEncrypt app takes less than 1 second, so you’ll barely know it’s there.

How does BioEncrypt perform 'step up' authentication?

BioEncrypt’s behavioral biometrics engine profiles user behavior to determine the probability of device theft.  BioEncrypt can be configured to employ a number of authentication mechanisms in various combinations based on the results of behavioral analysis. That way, the strength of user authentication is proportionate to the risk of granting access to the Good application. Sensitive apps in high-risk situations can employ more secure methods than non-sensitive apps under historically safe conditions.

Technical Details

What operating systems are supported?

BioEncrypt supports iOS and Android.

Does BioEncrypt work with MDMs like Good Dynamics platform?

BioEncrypt can bentegrated into the core operations of any MDM ecosystem as a Trusted Authenticator (i.e. BioEncrypt installs on a device and immediately begins operating as the authentication gateway to the ecosystem for all enterprise apps).

Can BioEncrypt integrate with 3rd party applications whose source code is not available?

Any third party application can be wrapped using various software, as part of that wrapping process BioEncrypt could be included.

Does BioEncrypt offer public APIs to integrate with 3rd party authentication providers?

BioEncrypt is designed to accept any form of authentication that a customer desires, but our core, patented, operations are not extensible for security purposes. Any new authentication method can be integrated into BioEncrypt’s security model and, using enterprise policy, assigned a TrustScore range in which it will be activated.

What industry standards does BioEncrypt adhere to?

BioEncrypt device integrity TrustFactors align with NIST’s 800-163 “Technical Considerations for vetting 3rd party mobile applications” and OWASP Mobile Project Standards. All dashboard communications occur over NIST 800-52 HTTPS/TLS standards using private certificate pinning and data-level encryption to prevent interception.

Is BioEncrypt FIPS compliant?

Yes.  BioEncrypt is FIPS140-3 compliant and all encryption modules employ AES-256.

Does BioEncrypt support two-factor authentication?

Mobile devices also house the sensors needed to build behavioral baselines for transparent authentication. While BioEncrypt’s current solution is mobile only, we do have development plans to extend hard biometrics.

What are the FAR and FRR rates?

FAR and FRR rates vary based on the authentication methods selected and specific combination hard/soft biometric modes. Transparent authentication has variable FAR/FRR rates based on how aggressive the enterprise policy is configured.

Does BioEncrypt use liveness detection for modes where biometric authentication can be faked (e.g., fingerprints, face)?

BioEncrypt’s behavioral biometrics provide a unique form of universal liveness detection.  In a ‘step up’ authentication scenario, some hard biometric modes (e.g. face, voice, etc) will also perform additional liveness detection.

Jason Miller