Cogneto is a young company with an ambitious plan to help us all establish the unique and secure identities we might increasingly need to pay our bills, do our banking, socialize, and play in alternate realities online. The company's first step is UNOMI Ultra Lite, which is the foundation for all its authentication and identity technologies, Glen Ogden, VP of product development and implementation, told me.<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
When a user logs on to a Web site that uses Ultra Lite, the software silently takes a "device print," collecting the IP address, time of day, geographical location, and basic health of the user's machine. The Web site can use this information along with a user ID and password to better assess whether the user is who she says she is.
The UNOMI full client adds to Ultra Lite a set of multiple-choice questions that users must answer. The questions relate to different aspects of an experience the user had in the past. Each time the user wants to access the site or some portion of the site, he must answer the questions the same way he did the first time. If his answers match up, the site displays a phrase that the user entered the first time to confirm that the site is real and not a phishing site, and the user gets access to the site. You can see a demo of how this works at http://cogneto.com/media/demos/. Companies can integrate the UNOMI full client with their Web applications to display the authenticating questions when a user first comes to the site or later when accessing a more sensitive area of the site and can tailor the UNOMI questions to fit their Web site.
Behind the scenes, UNOMI isn't just matching up questions and answers. It's also looking at biometrics and "mouse metrics" such as the user's response time to questions and mouse movements, both of which uniquely identify a user, said Ogden.
Ryan McArthur, director of marketing and business development, said that other vendors are using some of these same new technologies to identify users--he mentioned RSA Security's PassMark device printing and BioPassword's keystroke dynamics--but that Cogneto is unique in combining more than one of these technologies in one solution.
You'd expect that financial institutions would be a target customer for UNOMI, and they are, but Cogneto's aim is broader too. McArthur and Ogden see social networks such as Facebook and MySpace and virtual worlds such as Second Life as potential customers as their users become increasingly interested in protecting the identities they establish on those sites.