CorpSoft24: Services of biometric information system protection (SBZ)

Main articles:

• Technologies of biometric identification
• DLP - Data Loss/Leak Prevention - Technologies of privileged information loss prevention

2020

Inclusion in the Register of domestic software

On October 12, 2020 it became known that the service of biometric protection CorpSoft24 was included into the Register of domestic software.

CorpSoft24 service was included into the register by order of the Ministry of Telecom and Mass Communications of the Russian Federation of October 06, 2020 at No. 515.

With transition to an udalenka cyber security specialists fix increase in number of the attacks on business, irrespective of the sphere. The staff of the company working in a remote format through whom criminals act becomes "A weak link" often. Our solution is designed to secure business and to reduce risks of cracking. Getting of our service into the Register of domestic software only confirms relevance of development. For us this important event, - Konstantin Renzyaev, the CEO of Corpsoft24 says.

So, according to SearchInform, 66% of the Russian companies faced date leak.

The program on the basis of biometric identification is expected by rough demand in the nearest future. And the quantity of the industries using the similar systems will extend: after the financial and banking sector - "pioneers" on implementation of such systems - interest will grow at production, logistic, construction companies, - Konstantin Renzyaev is sure.

According to him, the solution is designed to nullify a possibility of unauthorized access in an information system, due to continuous biometric identification from the moment of user authentication before the end of a session.

In Corpsoft24 explain that the service solves several problems at once: blocks attempts of an input in an information system under someone else's login, protects from reading of contents of the screen by the stranger and from substitution of the user of an information system.

Besides, service blocks access for the user to an information system under duress and fixes the malefactor: in attempt of unauthorized access the program photographs "violator" and saves in the system magazine of the program.

Protection of applied information systems against "internal" threats

It is enough only once to forget to quit to employee of the company the working information system, and it can lead to deplorable effects.

For 2018-2019 the number of cybercrimes in the Russian market significantly increased. According to the statistics most of them happened because of the underestimated danger of "a human factor" — thefts, or data modifications from within the company, in view of lack of efficient protection against similar crimes. It is impossible to deny that similar incidents led to active search of the corresponding methods of protection. One of such methods was developed by JSC Korp Soft company (CorpSoft24). Its solution is called — Services of biometric information system protection (in abbreviated form SBZ, or Services).

CorpSoft24 developed services of biometric information system protection

SBZ are implemented in the form of a set of program services — the Systems of face recognition, the Biometric server and programs agents whose functions directly are caused from the protected information system thanks to what "seamless" integration of these Services into applied information systems, speed and ease of implementation of this solution at customers is provided.

With what image of SBZ do provide protection of applied information systems? Services implement protection by working off of the predetermined actions scenarios provided for these or those threats to an information system: illegal modification or substitution of data, copying, theft or data reading and to that similar. How exactly it becomes?

Begin the work of SBZ with check of the authorized user of an information system. At an input in the IC the user enters the login/password, and if they are right, the user session of the IC is started. Right after it Services start regularly repeating check on coincidence of the human face sitting in front of the monitor (PC webcam) and the owner of an account identified by the entered login and the password and also persons of other people in a radius of several meters from the computer screen. If there are no discrepancies, then the authorized user continues work in the IC, and Services continue to monitor his presence in front of the PC screen. If the webcam does not manage to record the user's person (for example, turned away or departed) — services of biometric protection block the working screen of an information system a modal window and "wait" in front of the screen of the computer so far the user will not appear. At detection of the person of the user and carrying out the next reconciliation of persons if it is the authorized user — the modal window cleans up that the user could continue work in the IC.

But what occurs if in front of the camera not the authorized user, but the stranger? For such event Services fulfill the scenario provided on a case of substitution of the authorized user or appearance of the third party behind the back of the user. At detection of foreign SBZ check — whether it is among the registered users of an information system. If this person has the account in the IC, then:

• the active session of the current authorized user of the IC is blocked;
• the photo of "violator" remains in the SBZ system magazine;
• to the administrator of an information system the mail notification of "substitution of the user" containing the photo of the violator goes;
• to such user the screen of input of the login and password for an input in the IC and start of own user session opens.

If the detected person has no account in the IC, then:

• the active session of the authorized user of the IC is blocked;
• the photo of "violator" remains in the SBZ system magazine;
• to the administrator of an information system the mail notification of "attempt of cracking of an information system" containing the photo of the violator goes;
• if the authorized user worked with the IC in the terminal mode — its terminal session is blocked;
• the user session in the operating system is blocked and the screen of input of the login and password for an input in the operating system opens.

As an output it is possible to give several standard "spaces" in protection of any applied IC which "are closed" using the functionality described above. SBZ will not allow:

• 1) be introduced into the IC under someone else's login, thanks to reconciliation of the person of the owner of this account entering the login with the person in an information system;
• 2) to the stranger to make "substitution" of the user who is already authorized in the IC as process of repeated reconciliation of the person of the employee sitting in front of the screen of an open information system is made continuously, with the set interval;
• 3) to the stranger to spy or photograph screen contents because of a back of the authorized user during his work in the IC;
• 4) to the authorized user to work in the IC on coercion from the stranger who is in front of the computer screen in sight of the webcam.

As the result can be told that the JSC Korp Soft company, using the services of biometric information system protection developed by it, gives to the Russian companies the solution providing the guaranteed protection of their confidential data against internal threats.