Q: What makes the Anakam Identity Suite® different?

A: Unique in the industry, the Anakam Identity Suite® provides a single, integrated platform for not only two-factor authentication, but also no touch, risk-based identity verification and knowledge-based authentication. Using seamless access to numerous, proprietary consumer demographic and credit data sources, these systems prevent fraudsters from being able to enroll for online services on the front end. Once enrolled and accurately identified, our system allows you to check the professional credentials of a user electronically, prior to allowing access to downstream business applications.

Q: What national standards will I achieve by implementing the Anakam Identity Suite®?

A: The Anakam Platform enables organizations to develop Identity Management solutions that meet the varying requirements from federal standards like the National Institute of Standards & Technology 800-63 and industry standards like the Health Information Technology Standards Panel (HITSP) and Federal Financial Institutions Examining Council (FFIEC). Anakam® actively participates in several national standards boards at both the federal and state levels.

Q: What is Two-Factor Authentication?

A: Two-factor authentication is an authentication process in which the user provides two independent means of identification, one of which is “something you know,” and the other is “something you have” or “something you are.” The “something you know” is typically the combination of a username plus a password. The Anakam Platform achieves the second factor through the use of devices that users already have such as mobile phones, landline phones or something “connected to their physical self” like their biometric voiceprint. None of these items require hardware or software distribution to end users which make it cost effective for large-scale audiences. Anakam.TFA® uses a wide variety of authentication channels to offer a variety of solutions for the strong authentication of your customers. We leverage existing devices such as cell phones, home phones, office phones, voice biometrics, and email to deliver an out-of-band (OOB) expiring one-time passcode (OTP) that confirms that the person possessing the device is the one attempting to access your systems. Our enterprise customers can also use OATH-compliant existing tokens on mobile phones or other devices as well as hard tokens as part of the authentication solution with Anakam.

Q: What about users who already have tokens in a solution that is working well?

A: Anakam's OATH-compliant server allows the use of a broad variety of open, standards-based hard tokens, as well as downloadable OATH-compliant software modules for mobile phones and other computing platforms. An enterprise can choose to retain and maintain a diverse set of token suppliers for the limited population that will adopt them while also being able to support the business needs of those who will never be issued hard token or adopt downloadable software tokens to their phones or other internet connected devices.

Q: What makes the Anakam Identity Suite® different?

A: Unique in the industry, the Anakam Identity Suite® provides a single, integrated platform for not only two-factor authentication, but also no touch, risk-based identity verification and knowledge-based authentication. Using seamless access to numerous, proprietary consumer demographic and credit data sources, these systems prevent fraudsters from being able to enroll for online services on the front end. Once enrolled and accurately identified, our system allows you to check the professional credentials of a user electronically, prior to allowing access to downstream business applications.

Q: Why not use hard tokens?

A: As digital workforces grow in popularity, managing hard tokens becomes more complex. Also, as more portals are developed for citizens, consumers, and patients, hard tokens are impractical and costly to distribute to large user groups.

Anakam.TFA® Two Factor Authentication delivers authentication through devices your customers and stakeholders already own. Anakam.TFA uses a wide variety of authentication channels to offer a variety of solutions for the strong authentication of your customers. We leverage existing devices such as cell phones, home phones, office phones, voice biometrics, and email to deliver an out-of-band (OOB) expiring one-time passcode (OTP) that confirms that the person possessing the device is the one attempting to access your systems. Our enterprise customers can also use OATH-compliant existing tokens on mobile phones or other devices as well as hard tokens as part of the authentication solution with Anakam.

Q: What is the difference between Voice Biometrics and Voice Recognition?

A: Voice Recognition is the process of comparing a voice sample with a stored, digital voice model, or voiceprint, for the purposes of establishing or verifying the user’s identity. Voice Recognition is a type of voice biometrics, but voice biometrics can also include other techniques, such as one-to-many or many-to-many voiceprint matches. Anakam Identity Suite also uses Speak Recognition which recognizes who is speaking versus Speech Recognition which recognizes what is being said. Interactive Voice Response (IVR) is not voice biometrics.

Q: Do I need to install client-side software?

A: No. The Anakam Platform does not require the installation of any client-side software, which creates a ubiquitous environment where authentication can be deployed to any type of external business partner or consumer while also reducing the cost of internal software distribution and management.

Q: Do I need to install a new username and password control system or access manager?

A: Anakam recognizes that most of our customers have existing solutions to manage the core identities of the individuals in their enterprise. Many enterprises actually have a variety of such tools on an application basis. Consequently, we designed our product to interface directly with almost all of the large-scale, standards-based provisioning, access management, and directory services applications. Examples include IBM, Sun, CA, Microsoft, Oracle, and open source solutions. Anakam complements these applications and does not require you to replace them.

Q: What is an authentication channel?

A: The Anakam.TFA® platform delivers the out-of-bounds (OOB) one-time passcode through either SMS (text messaging to pre-registered cell phones ), IVR (voice to pre-registered landline or mobile phones) or email channels. Anakm.TFA also offers an OATH-compliant server to support organizations with a need to transition off legacy token requirements or the desire to maintain some subset of users with hard or soft tokens that do not leverage OOB technology.

Q: What Directory Services does the Anakam Platform support?

A: The Anakam Platform supports standards-based LDAP providers. Examples include IBM, Sun, CA, Oracle, Microsoft, and Open LDAP. Anakam also provides interfaces for relational database (custom) directories as well as locally-configured RADIUS accounts on the Anakam.TFA® Server.

Q: What is eMail Verification Link?

A: This is one of the methods that the Anakam.TFA® system uses to prevent man-in-the-middle attacks. The Anakam.TFA® software sends an email directly to the end user which contains an image (a button) or a link (a URL). When the user clicks on the image or link, the Anakam.TFA® server performs a series of checks on the connection to validate that the computer cannot be the man-in-the-middle. If the user passes validation, a new browser session automatically opens on the user's computer and gives them access to your site or application.

Q: What is SMS?

A: SMS is a communication protocol allowing the interchange of short text messages between the Anakam® and mobile phones. The SMS capability is a communication channel within the Anakam.TFA® Platform that sends a FIPS 140-2 validated One Time Password (OTP) to the user as a log in credential during the second factor requirement. This channel is “Out-of-Band” to the use of the log-in device and is used after the first factor credentials have been established to validate that the user is still holding their pre-registered device.

Q: How does the Anakam Platform support Access Management products?

A: Many of the Access Management products provide the critical identity management hub, but often need a way to authenticate users for access to critical resources. The Anakam Identity Suite® integrates directly with the major Access Management products to provide a comprehensive Identity and Access Management Solution, and allows the flexibility to authenticate users based on the changing needs within the security policies set within these products.

Q: What is IVR?

A: IVR, Interactive Voice Response, is a telecom technology that allows a computer to detect voice inputs between the Anakam IVR Service Provider and any telephone. The IVR is a communication channel within the Anakam.TFA® Platform that sends an outbound automated voice call to deliver a FIPS 140-2 certified One-Time Password (OTP) to the user as a login credential during the second factor requirement. This channel is “Out-of-Band” to the use of the login device and is sent after the first factor credentials have been established.

Q: What is PhishAvert®?

A: PhishAvert® is a User-to-Site verification capability within the Anakam Platform and is used to protect against Phishing attacks by allowing the user to confirm that they are at the correct site before they enter their credentials. Site verification is achieved when the user confirms their identity via the use of a secret phrase.

Q: What is Device ID?

A: Anakam Device ID uses a risk-based authentication approach that takes information from the user’s device and network data and creates a risk assessment to determine if the user is valid based on the first credentials being issued. The system uses IP analytics comparison of network information collected during previous login attempts as well as location-based authentication challenges via IP geo-location technology all working to protect against a wide range of online fraud threats including man-in-the-middle attacks.

Q: Do I have to use Anakam.IDP® Identity Proofing – what if I have my own identity proofing process?

A: Even if you have your own identity proofing process in place, you should know that the Anakam.TFA® registration process was designed to be flexible to work with your existing enterprise identity proofing processes as well as those provided by Anakam. Typically, an enterprise has strong identity proofing processes (face-to-face) in place for employees and other internal stakeholders, but seeks to implement a remote alternative for their mass-scale, external stakeholders when other alternatives are not viable.

Q: How does Anakam.IDP® protect the privacy of individuals?

A: The Anakam.IDP® Platform pulls data from aggregate providers that use only “top line” public data about individuals like past residences, motor vehicle registration information, demographical information, and credit data. The Web service call you make to our software (which is hosted inside your enterprise), does not store the biographical information provided by the end user, nor does it ever have access to the correct answers. The internal systems only see the aggregate score and business rules on how to “handle” someone based upon their score.

Q: Does the Anakam.IDP® Identity Proofing work with the Anakam.TFA® Two-Factor Authentication Platform?

A: Yes. The Anakam.IDP® platform is fully integrated with the Anakam.TFA® environment giving customers a seamless platform to establish and validate users with strong, two-factor authentication techniques. This integrated platform reduces the need for multiple products and allows for a transparent online interface for end user customers doing business with you. Further, Anakam.IDP® is a Web service hosted within your enterprise that can be invoked at any point in the identity management process based upon your business rules including registration, benefits issuance, or even reset.

Q: Do I have to ask my users for their Social Security numbers?

A: No, the Anakam.IDP® system can use the combination of a name and current address together to determine the individual's profile and present the life questions to the individual for verification. This encourages a high adoption rate which reduces costs associated with establishing the initial relationship.

Q: How many questions are presented to the end user for validation?

A: The Anakam.IDP® Identity Proofing Platform can be customized to have the lowest impact on your customer base and encourage online usage without compromising security. The challenge level can be set to meet the internal security policies set by your organization. The platform can be adjusted to present a stronger challenge to the user and increase the likelihood the user is who they say they are while protecting critical information. Best practices have been established based upon risk, business needs, available data sets, and the demographic base of the target audience – Anakam’s professional services team can help provide support in deciding the best strategy to meet your business needs.

Q: How are questions selected?

A: Identity Proofing data is selected based on top-of-mind questions that are intuitive for the valid user while being presented in a way that is difficult for fraudsters to research and defeat within that session. Having more questions available does not necessarily mean the identity proofing is better – more questions about the same data element actually diminishes the value of the application. Alternatively, more data upon which to ask questions increases the variety and flexibility of the enterprise.

Q: How long does it take to complete Identity Proofing?

A: Identity Proofing with Anakam.IDP® usually takes as little as 40 seconds for a user to complete and usually will only have to be done once to establish the identity of that user. We then leverage Anakam.TFA® on an ongoing basis to provide a secure mechanism to bind the identity that was proofed during the original transaction to future enterprise transactions.

Q: What is the difference between Anakam.IDP® Identity Proofing and Anakam.IDV® Identity Verification?

A: The Anakam.IDP® Identity Proofing develops a series of Life Questions and presents them to the end user in order to assert that the individual is who he or she claims to be; this is part of building a trusted identity. Anakam.IDV® Identity Verification is a passive system in which the credentials presented are checked against a database of public information to determine the validity of the credentials presented and requires no interaction from the user unless they are invalidated. Anakam.IDP®returns a pass/fail score based upon a set of business rules you establish, whereas Anakam.IDV® returns a score that indicates the level of identity fraud risk associated with the asserted identity. Anakam.IDP® is typically invoked once in the customer lifecycle - during customer registration, but Anakam.IDV® can be invoked any time the enterprise wants to measure risk associated with the asserted identity and does not require resubmission of biographical details IF the enterprise maintains the information.

Q: What is the best application of Identity Proofing?

A: One of the best applications of Anakam.IDP® Identity Proofing is for online users who cannot be verified through face-to-face interaction, such as new employees going through the hiring process. This is a cost-effective approach to processing large user bases where establishing the initial relationship with a specific individual is critical - since you will be giving them access to their private data or other sensitive information such as: health records, tax records, beneficiary information, financial account data, or information sharing systems.

Q: What is the difference between Anakam.IDP® Identity Proofing and Anakam.IDV® Identity Verification?

A: The Anakam.IDP® Identity Proofing develops a series of Life Questions and presents them to the end user in order to assert that the individual is who he or she claims to be; this is part of building a trusted identity. Anakam.IDV® Identity Verification is a passive system in which the credentials presented are checked against a database of public information to determine the validity of the credentials presented and requires no interaction from the user unless they are invalidated. Anakam.IDP®returns a pass/fail score based upon a set of business rules you establish, whereas Anakam.IDV® returns a score that indicates the level of identity fraud risk associated with the asserted identity. Anakam.IDP® is typically invoked once in the customer lifecycle - during customer registration, but Anakam.IDV® can be invoked any time the enterprise wants to measure risk associated with the asserted identity and does not require resubmission of biographical details IF the enterprise maintains the information.

Q: How does Anakam.IDV® help me protect the privacy of individuals?

A: The Anakam.IDV® platform compares submitted biographic data to “top line” public data about individuals like past residence, motor vehicle registration, demographic, and credit data. The Web service call you make to our software (which is hosted inside your enterprise) does not store the biographic information provided by the end user, nor does it use questions and answers – the system only returns a score based upon established business practices for determining the risk associated with an asserted identity.

Q: Can Anakam.CGW™ Credentialing Gateway query internal as well as external credential repositories?

A: Anakam.CGW™ can query both internal and external repositories. Access to an internal credential repository is based on either the customer maintaining their own repository, or based on the allowance of periodic importation of such a repository from an external source.

Q: Does Anakam.CGW™ Credentialing Gateway only query at initial registration, or can it be configured to routinely query to verify non-expiration or non-revocation?

A: Anakam.CGW™ can be configured to routinely query to verify non-expiration or non-revocation.

Q: Does Anakam provide professional credential repositories?

A: Anakam does not provide professional credential repositories. Instead, Anakam provides an integrated Web service to data stores at professional organizations that manage and maintain these repositories.

Q: What happens if the professional credentials are not up-to-date and the identity does not have professional credentials associated with it?

A: This situation may occur when credentials are new, which would be more of an issue with internally-imported credentials. When such an issue occurs, the user will be referred to the Help Desk who will have the ability to make a telephonic query for such information.

Q: What is Anakam.ODI™ On-Demand Identity?

A: Anakam.ODI™ On-Demand Identity is a Web-based service that delivers identity verification, identity proofing, credential verification and two-factor authentication in an Application Service Provider (ASP) model. Instead of installing the Anakam Identity Suite® on their own servers, organizations can make a Web Services call to Anakam.ODI™ for identity-related transactions. The fact that these transactions are hosted outside the enterprise will not be visible to end users.

Q: What makes the Anakam Identity Suite® different?

A: Unique in the industry, the Anakam Identity Suite® provides a single, integrated platform for not only two-factor authentication, but also no touch, risk-based identity verification and knowledge-based authentication. Using seamless access to numerous, proprietary consumer demographic and credit data sources, these systems prevent fraudsters from being able to enroll for online services on the front end. Once enrolled and accurately identified, our system allows you to check the professional credentials of a user electronically, prior to allowing access to downstream business applications.

Q: Why would an enterprise want to use Anakam.ODI™ rather than installing the Anakam software internally?

A: Anakam.ODI™ provides enterprises with yet another dimension of flexibility. It is an ideal choice for organizations that use or wish to move to other cloud-based computing services because On-Demand Identity allows them to pay a per-transaction fee whenever they need an identity-related service without the investment in the supporting infrastructure.

Q: What if I already have a Web access management solution in place?

A: Anakam recognizes that most of our customers have existing solutions to manage the core identities of the individuals in their enterprise. Many enterprises actually have a variety of such tools on an application basis. With Anakam.ODI™, the enterprise can make a Web Services call to our identity and authentication service with any of its core identity management solutions.

Q: What is Two-Factor Authentication?

A: Two-factor authentication is an authentication process in which the user provides two independent means of identification, one of which is “something you know,” and the other is “something you have” or “something you are.” The “something you know” is typically the combination of a username plus a password. The Anakam Platform achieves the second factor through the use of devices that users already have such as mobile phones, landline phones or something “connected to their physical self” like their biometric voiceprint. None of these items require hardware or software distribution to end users which make it cost effective for large-scale audiences. Anakam.TFA® uses a wide variety of authentication channels to offer a variety of solutions for the strong authentication of your customers. We leverage existing devices such as cell phones, home phones, office phones, voice biometrics, and email to deliver an out-of-band (OOB) expiring one-time passcode (OTP) that confirms that the person possessing the device is the one attempting to access your systems. Our enterprise customers can also use OATH-compliant existing tokens on mobile phones or other devices as well as hard tokens as part of the authentication solution with Anakam.

Q: Why use Two-Factor Authentication for VPNs?

A: VPNs give you access to your internal corporate network and all the sensitive information that resides within that network. Providing Two-Factor Authentication for your VPN provides much improved security for granting network access, and safeguards access to vital information from hackers and other malevolent users.

Q: What TFA Passcode Delivery Options do you have with Anakam.VPC™?

A: Users have the option to have their one-time passcode delivered via SMS Text Message, email, or Interactive Voice Response. Organizations with a need to transition off legacy token requirements or the desire to maintain some subset of users with hard or soft tokens that do not leverage OOB technology, can have an passcodes sent to those legacy tokens through an OATH-compliant server.

Q: What kind of VPNs does Anakam’s product support?

A: Anakam provides activation support for both SSL (browser-based) and IPSec (client-based) virtual private networks (VPNs). Please see Anakam.VPC™ for additional details.

Q: Do you support SSL VPN connectivity?

A: Yes.

Q: Do you support VPN Client connectivity?

A: Yes.

Q: What applications and operating environments does Anakam.SCE™ Secure Collaboration Environment support?

A: Anakam.SCE™ can support multiple Operating Systems including Microsoft Windows, LINUX, UNIX, and Solaris. Anakam.SCE™ can also support nearly any commercial, government, or proprietary productivity application. This includes desktop applications such as Microsoft Office, OpenOffice, Adobe Acrobat; email tools such as MS Outlook and Thunderbird; web browsers such as Internet Explorer and Firefox; and Enterprise Content Management solutions such as Open Text Livelink, EMC2 Documentum, Oracle Universal Content Management (UCM) system, and open source collaboration tools such as Drupal.

Q: How does the typical Anakam.SCE™ implementation proceed?

A: Anakam typically takes the following steps in implementing Anakam.SCE™:

• Conduct a review and validation of customer security policy and requirements.
• Instantiate customer security policy in the Anakam.SCE™ Security Rules Engine.
• Establish a Test Environment that matches the basic capabilities of the customer operational environment.
• Install SCE modules into the Test Environment and make any necessary changes based on any customer's unique requirements.
• If required, develop any new SCE modules that are required, such as modules for proprietary applications.
• Conduct System Testing followed by a Pilot of Anakam.SCE™.
• Incorporate any required changes and operationally implement SCE.

Often, government customers require specialized Certification and Accreditation (C&A) as part of the implementation process. This process is conducted in parallel by Anakam.

Q: How does Anakam.SCE™ control information flow?

A: Anakam.SCE™ uses a variety of patented techniques and processes to ensure that information is only sent to or made accessible to those who are allowed access in accordance with the customer’s security policy.

For example, before information is ever sent, Anakam.SCE™ checks to determine if the designated recipient is allowed access to information contained within a document or within an instant message thread. If not, the information is never sent and the sender is notified.

In another example, Anakam.SCE™ can control data elements within a document or a wiki page. If the customer security policy so allows, a document can be sent that essentially redacts the information that cannot be sent. In the case of a wiki page, the user will only be allowed to see the information that he/she is allowed to see, allowing for the establishment of a multi-classification level wiki page.

Q: What standards and overarching policies is Anakam.SCE™ designed to support?

A: Anakam.SCE™ is designed to assist customers in meeting the standards and regulations that protect classified, restricted, Personally Identifiable Information (PII), Protected Health Information (PHI), and privacy information.

Examples include the Health Insurance Portability and Accountability Act (HIPAA), Director of Central Intelligence Directive (DCID) 6/3 Protections Level 3 and 4, Community of Interest Level 6, the Gramm-Leach-Bliley (GLB) Act, and NIST SP 800-53.

Q: Are there other companies that provide similar capabilities?

A: There are no other companies that provide such a capability. Anakam.SCE™ was specifically designed to support a broad array of Operating Systems, Desktop Applications, and Enterprise Content Management systems across both a commercial and government customer base. Our breadth of experience across government, healthcare, e-commerce, and the financial industry uniquely position Anakam to understand how information sharing requirements have an underlying common foundation, but markedly different methods of implementation.