Calibrand the currency for talent®
Preserving the Integrity of the Currency for
Talent®: Using Double Factor Authentication to Prevent Counterfeiting
Thursday 12th November 2009
Calibrand, the currency for talent®
• Established in 1991.
• Calibrand, the currency for talent, specialises in providing software tools that assess, monitor, measure, benchmark, track and test people during periods of employment and training.
• ISO 9001 2000 TickIT.
• U.K. leaders in compliance & competence assessment solutions.
• Proven solutions- Calibrand e-Portfolio, Calibrand test, Calibrand Marker.
The different types of Double factor
authentication to be explored will be
Username/password/authentication key
– Yubikey, RSA
Data Forensics
- Timelines
Biometrics
– PIM, fingerprint
Double Factor Authentication
Something you have and something
you know
• Yubikey
• RSA VIP Access
• Photographic Invigilator Module
• Fingerprint Technology
• Data Forensics
• Benchmarking Security Credentials
Double Factor Authentication
• Invigilator/educator collusion with
candidates.
• Impersonation.
• Content security leak or theft.
The issues
Collusion by educators
Breach of trust – test paper theft
Not just paper exams
Going legal – Microsoft vs. TestKing
• Deterrent against
collusion, impersonation,
provides proof.
• Something you have and
accept – legally – combined
with password you know!
Yubikey
Yubikey
One Time Password (OTP)
combined with fixed access code.
Assigns responsibility to the
Yubikey holder (invigilator).
• Deterrent against
collusion, impersonation, provid
es proof and time dependent.
• Something you have and
accept – legally – combined
with password you know!
RSA – Verisign Access
How RSA works
Already being used by
Ebay, Hotmail, Paypal, T-Mobile etc.
Verisign – VIP Access for mobile devices
• Deterrent against
collusion, impersonation, provid
es proof and automatic.
• Requires agreement for review
and referral.
• Exception Reporting.
• Allows for remote invigilation
Photographic Invigilator Module - PIM
• Deterrent against
impersonation, provides proof
and automatic.
• But...they can be inaccurate
and easily circumvented.
Fingerprint Technology
• Identifies ‘outliers’. i.e. collusion
or security leak
• Suspicion - proof is difficult to
obtain and also be legally
defensible.
Data Forensics
0.0
10.0
20.0
30.0
40.0
50.0
60.0
70.0
80.0
90.0
1 2 3 4 5 6 7 8 9 10111213141516171819202122232425262728293031323334353637383940414243444546
Average time
Shortest time
Average time per item
Item Response Times
Benchmarking Security Credentials
• Many options - preventive not a cure
• Protect exams, students and educators
• Security that is appropriate
• Convenience vs. Efficiency
• Respected exams are about confidence
Conclusions
Calibrand the currency for talent®
Preserving the Integrity of the Currency for
Talent®: Using Double Factor Authentication to Prevent Counterfeiting
Questions?
Contact
www.calibrand.com