"Beyond Biometric Authentication to AI Agent Approval"… OCTATCO Upgrades 'EzFinger'

| Phishing-Resistant MFA Solution Upgrade… "Preemptively Blocking Dangerous AI Actions"

OCTATCO, a company specializing in Identity and Access Management (IAM), plans to upgrade its biometric authentication solution into an action approval device for artificial intelligence (AI). The plan is to expand its function beyond biometric authentication to act as a 'safeguard' that prevents AI from arbitrarily executing important or potentially dangerous tasks.

IAM (Identity and Access Management) refers to a system that manages user identities and access privileges, while SSO (Single Sign-On) is a technology that allows users to access multiple systems with a single login.

Lee Jae-hyung, CEO of OCTATCO, met with ZDNet Korea on the 24th and stated, "We plan to upgrade OCTATCO's 'EzFinger' solution into a control device where humans must approve the execution of autonomous AI actions."

OCTATCO's EzFinger product connected to a PC.

EzFinger is a solution that enables passwordless login using only fingerprint authentication, not only for PC logins but also for login processes such as Google and Microsoft. It is a solution certified under 'FIDO2', the strongest existing international security standard, and is known as a phishing-resistant based MFA (Multi-Factor Authentication) product.

Overview of the plan to upgrade OCTATCO's MFA solution 'EzFinger' into an AI permission approval device. (Photo=OCTATCO)

OCTATCO plans to upgrade the EzFinger solution so that when an AI requests a dangerous task, a human personally authenticates it, and only approved tasks can be executed. Because EzFinger requires the user to directly input their fingerprint, it is difficult to duplicate, and it has the characteristic that a remote attacker cannot press it on their behalf. It serves as the final key preventing the AI from making decisions alone, while simultaneously becoming a personalized key that no one can duplicate.

OCTATCO additionally verifies whether the individual is the actual user through a server that verifies the approval results created by the EzFinger security key. It goes through a procedure that accurately binds and confirms the person who approved it, the exact time, and the target action through OCTATCO's 'Phishing-Resistant MFA', which is designed to prevent users from being deceived by fake login screens or phishing sites. It is a system that determines whether the person genuinely approved the task themselves.

The core role of EzFinger and OCTATCO's Phishing-Resistant MFA. (Photo=OCTATCO)

Recently, the IT environment has changed rapidly due to AI. AI agents are moving beyond simply responding to user requests; they are now making independent judgments and acting autonomously. Because attackers can issue malicious commands, such as prompt injections, during this behavioral process, there is a need to monitor the actions of AI agents in real-time and place constraints on their permissions.

If AI operates in an environment where humans cannot exercise direct control, it will be difficult to respond immediately even if the AI sends customer data externally. In addition, there are concerns that attackers could induce a change in administrator privileges, or that AI could arbitrarily delete or execute critical data. Once such an incident occurs, a situation may arise where it becomes difficult to trace accountability to determine who approved the action.

Reporter Kim Ki-chan | 71chan@zdnet.co.kr
[View Original Article]