Blogger: Mark Diodati
I spoke to Jon Fisher (CEO of Bharosa) last week, and he was appropriately abstract about the possibility of an acquisition by anyone.
Bharosa provides several consumer authentication products, including a risk analytic system (Tracker) and a pseudo one-time password (OTP) product (Authenticator). If you don’t know about the Authenticator product – a picture is worth a thousand words. At the beginning of each session, the user is presented with a newly-scrambled graphical keypad. The user clicks on the letters of her password in sequence. The result is a pseudo OTP because the user’s response changes for each session, though the actual characters of the password do not. I don’t want to oversell the Authenticator product. To date, most of Bharosa’s customers have deployed the Tracker product, and like other OTP solutions, the Authenticator product is subject to man-in-the-middle attack.
Oracle and Bharosa have integrated some of their products over the past year, but why did Oracle acquire Bharosa? The first reason is that the acquisition gives them an entry point into the exploding consumer authentication market. Many of the world’s largest corporations are implementing consumer authentication solutions to mitigate identity theft, consumer fraud, and meet compliance initiatives (e.g., the Federal Financial Institutions Examination Council [FFIEC] guidance on the insufficiency of password-based authentication). The acquisition also will provide some “pull-through” of Oracle’s other IdM products (particularly Access Manager). The acquisition also complements Oracle’s Mantas and Reveleus financial services products.