Biometric, Behavioral, and FIDO Authentication
Whether you already have biometric authentication methods in place or not, you’re just at the beginning of the biometric adoption curve. Many new biometric authenticators are expected to hit the market from finger, face, eye, and voice to wearables, and they all vary from one device to another and depend on environmental conditions such as lighting and noise. False Acceptance Rate (FAR), False Rejection Rate (FRR), and many other aspects that weren’t relevant to passwords need to be carefully managed. Transmit not only provides you with state-of-the-art biometric authenticators but also provides the many layers needed to properly manage the authentication experience, which varies from one person to another.
Identity Services Hub
Identity is a highly fragmented space with many tools and capabilities from different vendors: biometric authenticators, traditional authenticators, KYC tools, risk and fraud engines, behavioral tools, directories, device security, and more. Integrating each of these services into your systems and applications requires significant ongoing work. This work involves processing input and output from each of these services, building the various user journeys around these services, and dealing with exceptions, failures, and edge cases. With Transmit, this can be avoided. The Transmit Identity Services Hub includes built-in, secure connectors to dozens of third-party identity services, dozens of built-in services, and a flexible, secure plug-in architecture that allows you to add anything and everything. It’s a complete, secure abstraction layer between your applications and the entire identity ecosystem. It’s the only platform capable of securing client-side identity services such as authenticators and KYC tools and also the only platform that doesn’t require writing third-party specific code in your applications.
Over-the-Air Journeys is the technology that sets Transmit apart from all other vendors. Using Over-the-Air Journeys, application owners can use graphical tools and an orchestration language to design simple and complex user journeys that involve authorization, authentication, KYC, fraud prevention, regulatory requirements, and more. Once done, these journeys can be pushed "over the air" and played in any application that is connected to Transmit, without making any code changes to the application and without the need to re-publish the application. Over-the-Air Journeys consist of two main technologies - a Journey Player and an Orchestration Engine. The Journey Player is incorporated into your applications as an SDK and is responsible for playing the entire journey inside the application. The Journey Player works with the Transmit Orchestration Engine which orchestrates the journey and defines the next steps on either the client or server side.
Transmit provides a full set of authentication services to manage primary login, multi-factor, and step-up authentication across various applications and channels. The platform includes a large set of built-in authenticators such as OTPs, soft tokens, biometric authenticators, and knowledge-based authenticators. In addition, the platform can be used to manage any third-party authenticator or authentication service connected to the Identity Services Hub. Transmit’s authentication services manage the enrollment process for each authenticator and also tasks such as de-enrollment, re-enrollment, and expiry periods. The platform provides flexible ways of defining authentication levels and attaching them to different authenticators and journeys. The platform allows building rules for authentication failures across different authenticators and devices and taking various actions when thresholds are reached. Transmit is FIDO certified and can be used to manage any FIDO authenticator alongside non-FIDO authenticators.
Biometrics for Mobile Devices
Transmit supports a large array of biometric authentication techniques for iOS and Android mobile apps, such as face recognition, fingerprint scanning, and voice recognition. Application owners can choose from multiple face recognition and voice recognition engines available out of the box. Third-party biometric solutions from any vendor can be plugged into the Identity Services Hub. All biometric techniques are integrated into the mobile app using a single SDK. A single API call from the application to the SDK is all that’s needed to operate the various biometric techniques. Application owners can use the Transmit administrative console to choose which biometric techniques are presented in the application and under which conditions. The Transmit SDK is also responsible for enrolling users to authenticators, managing authenticators, and securing authenticators end to end
Biometrics for Web Applications
Biometric options are not just for mobile applications. Newer desktops and laptops support various biometric techniques such as fingerprint scanning, face recognition, and voice recognition. Transmit serves as a full abstraction layer between your web applications and any biometric capability supported by the user’s device. The Transmit SDK for web applications provides a single interface and API call to operate all authentication options. Application owners can use the Transmit administrative console to choose which biometric techniques are presented in the application and under which conditions. The Transmit SDK is also responsible for enrolling users to authenticators, managing authenticators, and securing authenticators end to end
The Transmit platform includes a certified FIDO authentication server. Any FIDO authenticator from any vendor can be easily plugged into the Identity Services Hub and operated using the Transmit administrative console. FIDO authenticators appear alongside other types of authenticators in the platform. For example, for primary login, an administrator can allow end-users to choose between password (non-FIDO), Touch-ID (non-FIDO), Android FIDO Fingerprint, or a specific FIDO-compliant face recognition engine. When called by the application, Transmit SDK is responsible for running the defined journey and activating the different authenticators.
The Transmit platform includes connectors to state-of-the-art behavioral techniques for both mobile and web applications. These technologies learn how users work with their devices—the way they hold, touch, and type—and then constantly compare the user’s activity to the learned profile. Behavioral techniques produce a score per session, which can be used to take various actions such as stepping up authentication or stepping down authentication. Behavioral authentication is fully managed by the Transmit platform and doesn’t require any specific integration work into the application other than calling the Transmit SDK