User Experience

Can Sentegrity see users' personal apps and private data?

No.  It doesn’t need to.  Sentegrity only runs to protect subscribed enterprise applications.  It can detect if there are other malicious apps or processes but it does this in a way that doesn’t require access to any personal data or apps.

How does Sentegrity protect user privacy?

All analysis is conducted locally and using tokenized data.  That means no one — not us, not the enterprise,  not the government, not an attacker — can extract the actual values of your location, device use or any other data point we use.

Sentegrity is only interested in variance.  (i.e., Are you doing what you normally do?”)  That information is enough for Sentegrity’s machine learning to authenticate you and provide the enterprise with insight into the risks of their mobile environment.

Do users need to use the Sentegrity app whenever they access an application?

No.  Sentegrity is automatically invoked by the accessed applicaiton without any user intervention required.

Is this going to drain users' batteries or slow performance?

Unlike other integrity detection products Sentegrity runs only when you access protected enterprise applications so it won’t drain your battery or eat up precious system resources.

An average assessment using the Sentegrity app takes less than 1 second, so you’ll barely know it’s there.

How does Sentegrity perform 'step up' authentication?

Sentegrity’s behavioral biometrics engine profiles user behavior to determine the probability of device theft.  Sentegrity can be configured to employ a number of authentication mechanisms in various combinations based on the results of behavioral analysis. That way, the strength of user authentication is proportionate to the risk of granting access to the Good application. Sensitve apps in high-risk situations can employ more secure methods than non-sensitive apps under historically safe conditions.

Technical Details

What operating systems are supported?

Sentegrity supports iOS and Android.

Does Sentegrity work with the Good Dynamics platform?

Sentegrity for Good is integrated into the core operations of the Good Dynamics ecosystem as a Trusted Authenticator (i.e. Sentegrity installs on a Good Dynamics device and immediately begins operating as the authentication gateway to the Good Ecosystem for all Good apps).

Is Sentegrity safe to incorporate into the Good Dynamics ecosystem?

As a Trusted Authenticator, Sentegrity has been granted special privileges by BlackBerry to replace Good’s existing authentication mechanism. To obtain these privileges, Blackberry/Good Technology have rigorously vetted Sentegrity’s security, usability, and authentication capabilities and require a new evaluation with release of Sentegrity for Good.

Can Sentegrity integrate with 3rd party applications whose source code is not available?

Any third party application can be wrapped using the Good Dynamics application wrapper functionality. Once an application is wrapped, it can be deployed onto the user’s device and it will be protected by Sentegrity like all other ecosystem applications.

Does Sentegrity offer public APIs to integrate with 3rd party authentication providers?

Sentegrity is designed to accept any form of authentication that a customer desires, but our core, patented, operations are not extensible for security purposes. Any new authentication method can be integrated into Sentegrity’s security model and, using enterprise policy, assigned a TrustScore range in which it will be activated.

What industry standards does Sentegrity adhere to?

Sentegrity’s device integrity TrustFactors align with NIST’s 800-163 “Technical Considerations for vetting 3rd party mobile applications” and OWASP Mobile Project Standards. All dashboard communications occur over NIST 800-52 HTTPS/TLS standards using private certificate pinning and data-level encryption to prevent interception.

Is Sentegrity FIPS compliant?

Yes.  Sentegrity is FIPS140-3 compliant and all encryption modules employ AES-256.

Does Sentegrity support two-factor authentication?

Sentegrity for Good currently requires a secure container for full functionality and operates on iOS and Android platforms.  Mobile devices also house the sensors needed to build behavioral baselines for transparent authentication.  While Sentegrity’s current solution is mobile only, we do have development plans to extend hard biometrics authentication to Good’s desktop product.

What are the FAR and FRR rates?

FAR and FRR rates vary based on the authentication methods selected and specific combination hard/soft biometric modes. Transparent authentication has variable FAR/FRR rates based on how aggressive the enterprise policy is configured.

Does Sentegrity use liveness detection for modes where biometric authentication can be faked (e.g., fingerprints, face)?

Sentegrity’s behavioral biometrics provide a unique form of universal liveness detection.  In a ‘step up’ authentication scenario, some hard biometric modes (e.g. face, voice, etc) will also perform additional liveness detection.