Products & Solutions

GridGuard Overview

SyferLock’s patented, software-based two-factor / multi-factor authentication solutions provide next generation One-Time Passwords/PINs (OTPs) for secure access to computers, networks and the Internet.  SyferLock has engineered an enhanced authentication methodology and system using device-less OTPs that provide users with a simple, more secure way to access information leveraging their existing passwords.

SyferLock delivers unparalleled flexibility through a range of solutions to address diverse and evolving authentication needs.  Our zero footprint aspect provides device-less, One-Time Password/PIN generation without any additional client-side hardware or software, and without any dependency on a cell phone like SMS text-based solutions.  SyferLock’s methodology also allows the creation of a layered approach to current authentication processes: stand alone, or used in conjunction with other factors.

SyferLock's two-factor and multi-factor authentication solutions enable enterprises and organizations to comply with authentication mandates imposed by HIPAA, CJIS, FedRAMP, FERC, PCI, SOX, FFIEC, BASEL, and GDPR, among others.

Utilizing SyferLock’s Software-Based Authentication Solutions to Cover the Authentication Spectrum

At one end of the authentication spectrum you have commonly used static reusable passwords. At the other end of the spectrum you have two-factor authentication. No single authentication solution seems to be flexible enough, adaptable enough and secure enough to help with ever changing business cases and user needs until now. SyferLock has created one of the most flexible, adaptable and secure authentication solutions to enable enterprises to cost-effectively address two-factor authentication / multi-factor authentication across a range of uses cases.


SyferLock’s two-factor and multi-factor authentication solutions eliminate or mitigate a range of attacks, including:
  • Key-Logging
  • Replay
  • Shoulder Surfing
  • Automated Attacks
  • Brute Force & Dictionary
  • Sniffing
  • Interception
  • Stored Browser Passwords
  • Cross Site Scripting
  • Man-in-the-Middle

Our Methodology to Deliver Two-Factor & Multi-Factor Authentication

Utilize and Leverage the Existing Password

SyferLock starts with the first factor. Leverage the pervasive use of passwords.  It is estimated that 99% of all authentications use static passwords or PINs. Another estimate shows that 95% of all authentications use only the first factor of static passwords/PINs. Take the familiarity of a static password, allow the user to continue its use, but now use SyferLock’s innovative system to convert the static password into a dynamic One-Time Password consisting of a randomly changing string of numbers with every log-in to achieve two-factor and multi-factor authentication.

SyferLock accomplishes this One-Time Password by the power and process of simple substitution. At log-in, substitute the static password with randomly changing numbers.  A substitution cipher with the strength of one-to-many.

  • At log-in, a grid (as shown below) of cells is shown, each cell containing:
    • A static number or symbol in the center, and
    • Random numbers in the corners that change with each authentication.
  • User inputs the numbers corresponding to their pre-selected corner position in place of associated static password/PIN characters as their one-time password/PIN (OTP).
  • For example, with a static PIN of “2490” and a pre-selected corner of “top left”, the user would input a GridPIN of “3347” for this log-in attempt.
  • Upon every refresh and/or new log-in, the corner numbers randomly change, creating a new OTP.

Grid2Form™

Add the power of SyferLock’s patented technology by supplementing the user’s enterprise user registry (typically Active Directory) password with a secure one-time PIN, the GridPIN™, and the result is the strongest browser-based multi-factor authentication solution on the market. This is our simplest and most popular implementation model, providing secure multi-factor authentication.

Using a pre-selected PIN and target corner, the user determines their GridPIN™, and enters that in addition to the user registry password to securely log-in without any additional hardware or devices, and without any dependency on cell phones like SMS text-based solutions.

Click here to view a demonstration video that explains the Grid2Form™ log-in process.

GridAdvanced™

With this methodology, the user's enterprise user registry (usually Active Directory) password is strengthened by converting it into a one-time-password using SyferLock's patented methodology. Since user passwords tend to be alpha-numeric and may contain special characters, a full keyboard is required to support this implementation method.

Click here to view a demonstration video that explains the GridAdvanced™ multi-factor authentication solution log-in process.

Keyboard layouts are available in English, French, Spanish, Portuguese, Hebrew, Greek, Cyrillic, Arabic and Japanese, among other languages. Custom layouts, designs, languages and character sets are also supported. Shown below are some of the layouts.

GridLite™ (GridJS™)

GridLite™ (GridJS™) is a multi-factor authentication deployment model that supports embedding the SyferLock authentication grid into an HTML page. The embedded component is built using Javascript and CSS, so as to be friendly to all commonly used browsers and mobile platforms.

GridLite™ (GridJS™) can be used to secure access to applications or for transactional level authentication; such as requiring the user to enter their GridPIN™ before performing sensitive functions within an application, such as money transfers in a banking application.

GridLite™ (GridJS™) makes it easy to integrate SyferLock’s patented technology into custom built web applications. GridLite™ (GridJS™) provides a REST based API that can be used to easily display the grid and validate GridPINs™.

GridSoftToken™

GridSoftToken™ two-factor authentication solution enables users to leverage their existing computer, laptop or smartphone as the 2nd factor for authentication. Users already “have” their device, why not leverage that instead of using a separate hard-token or smartcard?

GridSoftToken™ leverages either the underlying hardware or a user specified passphrase to generate a unique serial number specific to the device. This serial number, in combination with the device’s current time, is used as the unique “seed” to generate the security grid’s UI cryptograms used to log-in.

Using the displayed grid, the user determines their GridPIN™ and uses it to securely log-in with superior two-factor authentication.

GridSoftToken™ is available as a native app on iOS, Android & BlackBerry phones and tablets. It is also available as a Java Web Start application on Windows, Linux and Mac OS X laptops and desktops.

Link to download the iOS App: https://itunes.apple.com/us/app/gridsofttoken/id453020652?mt=8
Link to download Android App: https://play.google.com/store/apps/details?id=com.syferlock.gst&hl=en
Link to download BlackBerry App: http://appworld.blackberry.com/webstore/content/38030891/

GridKey™

GridKey™ is a two-factor out-of-band authentication solution that provides the user the option to strengthen their authentication with an additional layer of security -- by sending a one-time password (OTP) to either an e-mail account or phone via SMS text message.

Unique to SyferLock is that the GridKey™ will only be generated and delivered after the user enters a valid GridPIN™ or GridCode™, creating unparalleled secure access.

As a result, GridKey™ is superior to traditional e-mail or SMS-based authentication solutions.

GridPic™

The GridPic™ feature allows a user to upload a custom image of their choice which will be displayed during the log-in process. This image offers protection against phishing and other attacks of a similar nature.

Where GridGuard™ differs from other authentication solutions is in its ability to allow users to upload their own image instead of just choosing one from a stock set of images. In addition to being more recognizable and easier to remember, it also makes it harder for a phishing site to replicate the look of your customized log-in page.


Add-Ons

The Add-On feature allows the user to specify an 'add on' number that will be used to enter their GridCodes™. The user will add the value of the 'Add-On' to the numbers displayed in the corners to determine the actual GridCode™ numbers. This offers an additional layer of security and for those situations where an observation based attack is likely.

For example, if the underlying password is 'Gr1d', and the user had selected the top left corner, then for the cells shown on the right, normally their GridCode™ would be '5339'. But if an 'Add-On' of 3 were set for the user, then they would add 3 to the value of each GridCode™; so for the 'G', instead of entering 5, they would enter 5 + 3 = 8, for 'r', 3 + 3 =6, and so on. This would result in a grid code of '8662' instead of '5339'. And as you can see, the number 8 does not even exist in any corner of the cell 'G'!

Self-Service Management of All Grid Credentials

The GridGuard™ Server (deploys as a virtual appliance) provides users access to the Security Center where users can manage their log-in credentials, without the need for intervention by an Administrator or the Help Desk.

Self-service Features

  • User account activity logs
  • Manage user PIN or password
  • Manage user Corner
  • Manage GridPic™

    • When Administrators log into the Security Center, in addition to all the features given above, they also have the ability to perform basic user management functions.

      Administrator / Help Desk Features

      • Monitor User account activity
      • Reset User's Corner
      • Reset / Deactivate User Accounts