TheGRID is a user device identification and authentication solution, which typical complements any existing access control authentication measures such website login authentication or transaction authentication.
The GRID Purpose
TheGRID is used for two primary purposes:
- To stop identity theft – as a countermeasure to online identity theft and frauds (such as “phishing”), by providing two-factor authentication and optional mutual authentication.
- To stop subscription sharing – as a control measure to prevent sharing of paid online subscription services, by identifying and limiting the devices used to access the subscription account.
How TheGRID Works
Stop Identity Theft
TheGRID is a solution specially designed to stop all kinds of identity theft activities such as, Man in the Middle Attack and Phishing. It is a solution that can be easily scaled to be implemented to hundred of thousands of users at a low cost of ownership and without the need for cumbersome management.
TheGRID implements two-factor authentication using the user’s device as the additional proof of user’s identity. By registering the set of devices used by the user to access the website and associating the set of devices to the user’s login ID, two-factor authentication is achieved by uniquely identifying the user’s device and verifying it with the list of registered devices for that particular user. The device registration process can easily be incorporated seamlessly into a website’s existing login workflow.
The registration workflow is outlined below and also illustrated in the diagram below:
- User logs in at a device that has never been registered by the user.
- TheGRID detects that this device is not one of the registered devices and hence denies access. However, an email will be sent automatically by TheGRID to the user’s email address that has previously been registered with the website. The website displays a page informing the user about the login failure and requests the user to check the verification email.
- The user clicks a hyperlink on the verification email which triggers TheGRID to verify the email link and registers the user’s current device.
- TheGRID redirects the user back to the web portal. Any subsequent login from this registered device should be successful without any intervention, as described in the previous section.
The user login experience will not change with the introduction of TheGRID. The redirection to TheGRID server is automatic and happens in just a very brief moment. Once the user has entered the existing login ID and password, the next screen seen by the user is the main screen of the website. Please note that the user is not required to perform any additional steps for the two-factor authentication to take place. Device identification and verification takes place in the background without any user’s intervention.
Security With Total Convenience
TheGRID secures online businesses without compromising user convenience. Customers will continue to enjoy the same login experience while the underlying two factor authentication works in the background.
Control and Confidence
TheGRID allows customers to easily and completely control where they can access the website from.
TheGRID solution can be quickly and easily deployed over the web to the masses with virtually zero deployment cost.
TheGRID solution requires no maintenance. There is no end user security device to maintain.
Low Cost of Operation
TheGRID solution requires virtually no operating cost by utilizing your existing web infrastructure.
Account sharing protection
TheGRID enforces account sharing restrictions by imposing a limit to the number of devices allowed for each subscriber account. Unauthorized account sharing now becomes extremely inconvenient because these users typically do not share their physical computers and they might not even be within a localized geographic location. The time-sharing of the subscription account is no longer possible.
Gathering Vital Statistics on Unauthorized Account Sharing
TheGRID can be deployed in “monitoring mode” to gather information on how many different user-side devices are used to access each subscriber account. TheGRID is able to uniquely identify the user device on each incoming login connection and collect statistics on account sharing over a period of time. This “monitoring mode” implementation is totally silent and transparent to the users, and it is typically implemented to study the extent of subscription sharing abuse. With the information gathered, it is straightforward to estimate the total loss of potential revenue from the non-subscribing users.
Enforcing Device Limits To Curb Unauthorized Account Sharing
The real value of TheGRID comes when it is deployed to enforce account sharing restrictions by imposing a limit to the number of devices allowed for each subscriber account. Unauthorized account sharing now becomes extremely inconvenient because these users typically do not share their physical computers and they might not even be within a localized geographic location. The time-sharing of the subscription account is no longer possible.
How It Works
- Firstly, prior to the deployment, TheGRID system is integrated to the login access control module of the existing web application.
- Each subscriber account is assigned a limit on the maximum number of devices (computers, notebooks, mobile, etc) that can be registered to access the paid site.
a) The device limit is typically set to “1” for maximum restriction, which means each subscriber account can only be accessed from exactly one registered device only. b) However, for the convenience of genuinely paying subscribers who might wish to access the paid site from more than one devices (e.g. at home, at work, mobile), the limit could be set to a more lenient number, such as “2” or “3”.
- Each user device must be registered or enrolled as an authorized device for a particular subscriber account.
a) For maximum ease of deployment, device registration can be made automatic upon account login on first come first serve basis. For example, if the device limit is set to “2”, the first two devices used to login using the account will be automatically registered as the authorized devices for this particular subscriber account. b) Other device registration options are available, such as registration via email link. However, it is not encouraged.
- Every time when a user logs in, provided that the login ID and password are correct, the device used to log in will be automatically verified in the background without any additional user steps for maximum transparency and minimum disruption of user experience.
a) If the device is verified to be a registered device for the subscriber account, the user will be granted access to the paid content. b) However, if the device is not a registered device, the system will quickly check if the device limit has been exceeded for this account. If not yet exceeded, this new device will automatically be registered as an authorized device. c) Otherwise, if the device limit has been exceeded, access to the paid content will be disallowed. A customizable message will be prompted to user to indicate that the device limit has been exceeded. (Very much like how the user is notified when the maximum number of simultaneous sessions has been exceeded.)
Effective against unauthorized subscription account sharing
TheGRID is more effective in deterring unauthorized account sharing by limiting the device(s) that a user can use to log in to the paid site.
Gathering of vital statistics on account sharing abuse
TheGRID is able to collect vital statistics on the extent of subscription account abuse by identifying the number of user devices used to access each subscriber account.
Transparent user-end experience – no change in user login process
TheGRID works transparently behind the scene without affecting user’s experience at online web portal.
Flexible device limit settings per user account
TheGRID allows the paid site to set a default device limit for all the subscriber accounts, and yet at the same time allows flexible individualized device limit settings on a case by case basis.
Easy to implement and deploy
TheGRID can be easily integrated with many different types of web application platforms.