Enterprise Europe Network

A new authentication method that is both more secure and more user-friendly

Country of origin:
Country: 
UNITED KINGDOM
Opportunity:
External Id: 
TOUK20201104001
Published
04/11/2020
Last update
19/11/2020
Expiration date
20/11/2021

Keywords

Partner keyword: 
Smart cards and access systems
Data Protection, Storage, Cryptography, Security
Electronic Commerce, Electronic Payment & Signature
Electronic Signature
Other retailing
Insurance related
Banking
EXPRESS YOUR INTEREST

Summary

Summary: 
A UK company has developed an authentication method that is easy for users to memorise whilst generating one-time codes and being extremely secure. It is also hardware-free and easy to roll out for authentication solutions developers and users regardless of their size in sectors such as e-commerce or anywhere where customers need to identify themselves. Both end-users and developers/resellers are sought for license agreements.

Description

Description: 

We all know the problems with passwords. Users dislike being forced to keep creating new ones, and unfortunately, hackers manage to get hold of passwords – which allows them to impersonate the user. The service providers sometimes get hacked.

On the other hand, biometric identification has not taken off properly due to civil liberties and reliability issues.

The key-fobs that generate one-time codes are good but they are dependent on additional pieces of hardware being carried, introducing additional cost and inconvenience. Also their “keys” have to be stored in a global database such as RSA’s that was hacked in 2011 leading US defence contractor Lockheed Martin to blame RSA for a subsequent break-in.

A young East of England company has developed an entirely hardware-less system having the convenience of a mentally-held secret (users’ create a pattern or shape when enrolling), that is able to provide different codes every time they need to log in, be authenticated or provide their authorisation to perform an action.

The pictures show a matrix (which would be displayed on any device with a screen or even hard copy) filled with random numbers. Using their mental pattern, the user is able to read off a new code. The system is secure against shoulder-surfing or other threats.
The next time, the numbers in the matrix will be different, but using the same pattern, the user is able to create or extract a different code. A user may use a single pattern for all the different sites or accounts he/she needs to access – or he/she may choose to have different ones. The pattern and the software have the potential to replace all fixed passwords, PINs, credit/debit card PINs and other authorisation codes.

The technology’s entropy is mathematically superior to 6-character key-fob tokens, making it more secure.

The “secret ingredient” is how the mental pattern that is shared with the service provider is scrambled. It is stored in fragments in different places so that two of them only remain with the user. It is therefore significantly more difficult to break into than the standards for password encryption and storage in systems like MS Active Directory.

For service providers this solution is very convenient and cost-saving as the matrix can be reproduced on any device with a display or even in hard copy. The software integrates with all IAM (identity access management) software on the market. A simple API (application programming interface) plugs into the current systems to enable its use.

The UK company will implement the software for partners which means they don’t need any inhouse tech resource to do so.
In theory at least this solution alleviates all frequent troublesome situations where passwords and hardware are lost or stolen. All the user needs is to remember the pattern.
The UK company is seeking partners amongst both end users but also developers and resellers offering secure authentication. Finance, insurance, e-commerce are a few sectors to name. The software APIs will be shared under license agreements.

Advantages & innovations

Cooperation plus value: 
The innovation lies in the combination of the high security of one-time codes with a mental pattern that is easy to remember and that is not stored in a place that can be breached. The secret scrambling and splitting of the pattern is a significantly more secure way than passwords are currently held by banks and other providers. The solution is hardware-free and is cheap and easy for service providers to roll out.

Stage of development

Cooperation stage dev stage: 
Already on the market

Partner sought

Cooperation area: 
Type of partner sought: industry Specific area of activity: 1) finance, insurance, e-commerce, 2) companies of any size and business type who have websites with log-in areas or any other cases where they need the customers to identify themselves. Role of partner sought: to implement the APIs under license. This is simple and can be done by the UK company if there is no in-house technical team.

Type and size

Cooperation task: 
SME 11-50,SME <10,>500 MNE,251-500,SME 51-250,>500

capture2.png

Picture 2

capture1.png

Picture 1