Me4Sure

How do I know my Me4Sure Device is secure?

The Me4Sure device is a multi-facet authentication solution. Biometrics are used to protect the device and to activate the on board processor of the device. Each device is protected with unique identifiers and 256 AES encryption
What protects my fingerprint data?

There are several levels of protection for the fingerprint data. First, high-level encryption protects all the data on the device including the fingerprint data. Secondly, the authentication between the device and the AG does not use or require the fingerprint data. This means that the fingerprint data never leaves the device. Finally, the device and AG (Authentication Gateway server) do not contain any user information.
Is there a back-door onto my Me4Sure device?

No. Me4Sure believes that our products should provide the ultimate in protecting the security and privacy of our users, while maintaining simplicity and ease of use. We have taken great pains to ensure that there are no "back-doors" to the device. In addition, no user information is contained on the device or within the AG server.
How does Me4Sure protect against brute-force or physical attacks?

The Me4Sure solution does not transmit any credentials in the clear and all transactions are protected with the unique challenge response process along with AES 256 bit encryption.
When I run my Me4Sure on my computer, is the data traveling between my computer and the AG Secure?

The Me4Sure solution does not transmit any credentials in the clear and all transactions are protected with the unique challenge response process along with AES 256 bit encryption.
Does it require require end user to load software?

No, the user does not need to load any software. The firmware on the device contains all the required software necessary to operate the device and authentication process making Me4Sure a plug and play application.
Do I need to use a Username, Password, or PIN?

Me4Sure does not use or require the use of Username, Passwords and/or PINS for the authentication process.
How would Eliminating Username, Password, or PINs make me more secure and save me time and money?

For organization using this device as a single sign on to applications, etc. this helps secure and track who, what, when, where, and how people are accessing vital company information. This helps in eliminating the "Password Pain".

The typical employee is required to remember multiple passwords but can usually recall only three or four. Me4Sure helps to eliminate the frustration employees and system administrators experience when users forget their username and/or passwords (as well as the security loophole they create by using simple passwords or by writing passwords down.) The typical user spends 44 hours a year logging in to four applications, according to industry research. Up to 70% of help-desk calls are password-related. The average company spends US$300-$500 per user, per year on resetting passwords - What does that add-up for your company?

Bottom line, eliminating the need for user name and passwords, increase down time for employees, which increase productivity, plus allows IT to be more productive what on new innovations/projects to make the company more profitable, while we cutting down on expense and saving you money.
How does the Me4Sure work?

To use Me4Sure for a secured transaction, the user simply inserts the Me4Sure device into a PC USB port. The user then places an enrolled finger on the biometric sensor panel. Once the Me4sure device validates the users fingerprint the device requests authentication with the AG server. The AG server, via a secure link, issues a random one time use encrypted challenge to the Me4Sure device. The device then replies with time sensitive encrypted response to the AG, and the entire process takes less than 2 seconds.

It is this secure, encrypted ‘dialogue’ that provides Me4Sure with a large competitive advantage over any other security authentication and transaction solution.
What if my Me4Sure is lost or stolen?

Each device comes equipped with a unique serial number. If a device is lost or stolen, the system administrator simply deletes the device serial from the AG data thus rendering the device inoperable. In addition, the biometrics protecting the device coupled with the fact that no user information is contained in the device makes the device useless to any other than the enrolled user.
What if USB Ports have been blocked?

There are number of secure ways to allow USB devices such as Me4Sure to work with USB ports while still blocking those same ports from unsecured devices. Me4Sure works with the client's security organizations to ensure that we follow and adhere to all security policies and requirements.
Can the Me4Sure device be used as a Single Sign On Device?

Yes, this can replace the need for Username, Passwords and PINs to gain access to company's internal applications from internal connections or external access . Me4Sure confidently enables organizations to identify who is gaining access to their environments and systems. With the correct configuration and implementation, Me4Sure has the ability to provide Single Sign-On capabilities.
Does the Me4Sure address Compliance regulations, such as HIPAA, Sarbanes-Oxley, FFIEC, etc...?

Yes, it meets and or exceeds compliance regulations such FFIEC, Sarbanes-Oxley,HIPPA and is is FIPS 140-2 compliant.
How is the AG (Authentication Gateway) Secure and Protected?

The AG server software is 256 bit encrypted. The database has unique identifiers, a login transaction database for tracking/auditing.
Is the Deployment/Implementation difficult and costly?

Deployment of the Me4Sure Solution requires no changes to existing IT security schemas. This enables rollouts to occur in a matter of hours/days, unlike other platforms that usually take weeks or months.