Venture-backed security startups are a dime a dozen nowadays, but Trusona Inc. stands out. For starters, one of its advisers is credited as the inspiration behind a blockbuster Leonardo DiCaprio film. And more notably, it’s developed a new kind of authentication service that promises to nullify the threat from the so-called session replay attacks that have been plaguing the enterprise for the last few years.

Hackers are using browser certificates and other login information stolen from legitimate users to bypass the traditional network protection software that regulates access to most corporate infrastructure. Trusona’s solution to the problem starts with a personal interview that aims to corroborate whether an employee or a customer is who they claim to be. After their identify is verified, the individual is handed a personalized magnetic card that has to be swiped through a special reader likewise supplied by the startup in order to authorize sensitive actions.

Trusona says that its scanner is practically impervious to traditional forgery methods thanks to patented sensor technology that is not only able to read the login credentials encoded into a card, but its unique electromagnetic signature too. Because no two mag-strips are the same, making a copy would be akin to duplicating a fingerprint in difficulty, except the process also requires specialized equipment that the average hacker doesn’t possess. However, the startup has nonetheless prepared for the possibility that a determined attacker might somehow find a way to fool its systems.

Every card swipe is logged and compared against the user’s login history to check whether it’s a session replay attempt. Trusona’s software looks for perfect matches on the assumption that the average person can’t repeat a hand motion way in the exact same way, and automatically blocks positive hits upon detection. The mechanism is complemented by a 6-digit PIN code and a mobile application that issues an alert when a connection is found to be compromised. Just for good measure, the client can only be installed on pre-approved devices, which cuts off yet another potential attack vector.

Trusona sees its technology coming handy for protecting important infrastructure in a variety of different segments. A bank, for instance, could issue swipe cards to high-value customers and require transactions exceeding a certain amount to be manually authorized. The startup’s value proposition should also appeal to more traditional organizations that might simply be worried about the increase in cyberattacks against the private sector.

Trusona’s pitch has already won over venture capital heavyweight Kleiner Perkins Caufield & Byers, which poured $8 million into its coffers on occasion of its launch from stealth. Ted Schlein, a general partner with the firm, is joining the startup’s board of directors as part of the investment.

Image via Pixelcreatures