Calibrand the currency for talent®

Preserving the Integrity of the Currency for

Talent®: Using Double Factor Authentication to Prevent Counterfeiting

Thursday 12th November 2009

Calibrand, the currency for talent®

• Established in 1991.

• Calibrand, the currency for talent, specialises in providing software tools that assess, monitor, measure, benchmark, track and test people during periods of employment and training.

• ISO 9001 2000 TickIT.

• U.K. leaders in compliance & competence assessment solutions.

• Proven solutions- Calibrand e-Portfolio, Calibrand test, Calibrand Marker.

The different types of Double factor

authentication to be explored will be

Username/password/authentication key

– Yubikey, RSA

Data Forensics

- Timelines

Biometrics

– PIM, fingerprint

Double Factor Authentication

Something you have and something

you know

• Yubikey

• RSA VIP Access

• Photographic Invigilator Module

• Fingerprint Technology

• Data Forensics

• Benchmarking Security Credentials

Double Factor Authentication

• Invigilator/educator collusion with

candidates.

• Impersonation.

• Content security leak or theft.

The issues

Collusion by educators

Breach of trust – test paper theft

Not just paper exams

Going legal – Microsoft vs. TestKing

• Deterrent against

collusion, impersonation,

provides proof.

• Something you have and

accept – legally – combined

with password you know!

Yubikey

Yubikey

One Time Password (OTP)

combined with fixed access code.

Assigns responsibility to the

Yubikey holder (invigilator).

• Deterrent against

collusion, impersonation, provid

es proof and time dependent.

• Something you have and

accept – legally – combined

with password you know!

RSA – Verisign Access

How RSA works

Already being used by

Ebay, Hotmail, Paypal, T-Mobile etc.

Verisign – VIP Access for mobile devices

• Deterrent against

collusion, impersonation, provid

es proof and automatic.

• Requires agreement for review

and referral.

• Exception Reporting.

• Allows for remote invigilation

Photographic Invigilator Module - PIM

• Deterrent against

impersonation, provides proof

and automatic.

• But...they can be inaccurate

and easily circumvented.

Fingerprint Technology

• Identifies ‘outliers’. i.e. collusion

or security leak

• Suspicion - proof is difficult to

obtain and also be legally

defensible.

Data Forensics

0.0

10.0

20.0

30.0

40.0

50.0

60.0

70.0

80.0

90.0

1 2 3 4 5 6 7 8 9 10111213141516171819202122232425262728293031323334353637383940414243444546

Average time

Shortest time

Average time per item

Item Response Times

Benchmarking Security Credentials

• Many options - preventive not a cure

• Protect exams, students and educators

• Security that is appropriate

• Convenience vs. Efficiency

• Respected exams are about confidence

Conclusions

Calibrand the currency for talent®

Preserving the Integrity of the Currency for

Talent®: Using Double Factor Authentication to Prevent Counterfeiting

Questions?

Contact

www.calibrand.com