Switzerland

Back to Search

International Partner Search

Innovation & Technology Offer

A new authentication method for Horizon Europe CL3 -2021 FCT-01-12 Online identity theft or similar calls.

Country of Origin: United Kingdom
Reference Number: TOUK20201104001
Publication Date: 12 July 2021

Summary

A UK company has developed an authentication method that is easy for users to memorise, whilst generating one-time codes and being extremely secure. It is also hardware-free and easy to roll out. Consortia applying to Online identity theft or similar calls are sought for research cooperation agreements.

Description

We all know the problems with passwords. Users dislike being forced to keep creating new ones, and unfortunately, hackers manage to get hold of passwords – which allows them to impersonate the user. The service providers sometimes get hacked.

On the other hand, biometric identification has not taken off properly due to civil liberties and reliability issues.

The key-fobs that generate one-time codes are good, but they are dependent on additional pieces of hardware being carried, introducing additional cost and inconvenience. Also, their “keys” have to be stored in a global database such as RSA’s that was hacked in 2011 leading US defence contractor Lockheed Martin to blame RSA for a subsequent break-in.

A young East of England company has developed an entirely hardware-less system having the convenience of a mentally-held secret (users create a pattern or shape when enrolling), that is able to provide different codes every time they need to log in, be authenticated or provide their authorisation to perform an action.

The pictures show a matrix (which would be displayed on any device with a screen or even hard copy) filled with random numbers. Using their mental pattern, the user is able to read off a new code. The system is secure against shoulder-surfing or other threats.

The next time, the numbers in the matrix will be different, but using the same pattern, the user is able to create or extract a different code. A user may use a single pattern for all the different sites or accounts he/she needs to access – or he/she may choose to have different ones. The pattern and the software have the potential to replace all fixed passwords, PINs, credit/debit card PINs and other authorisation codes.

The technology’s entropy is mathematically superior to 6-character key-fob tokens, making it more secure.

The “secret ingredient” is how the mental pattern that is shared with the service provider is “stored” in fragments of which only certain parts are required – meaning that if a hacker were to break into the database, he/she would not find anything usable. This system is therefore significantly more difficult to break into than former industry standard systems like MS Active Directory.

The UK company is seeking consortia applying to Horizon Europe CL3 -2021 FCT-01-12 Online identity theft or similar calls. These could be other developers and existing authentication databases, including those operating in the fields of big data or financial services, as well as governmental and law-enforcement. The company has started making contact with the U.K.’s Police Digital Service.
Image

Image

Advantages and Innovations

The innovation lies in the combination of the high security of one-time codes with a mental pattern that is easy to remember and that is not stored in a way that can be breached. The use of secret sharing and splitting of the pattern information means this system is significantly more secure than passwords currently held by banks, websites and many other providers. It is also far more secure than sending one-time passcodes (OTPs) by SMS/text, which is vulnerable to mobile account takeover by hackers.

The solution is hardware-free and is cheap and easy for service providers to roll out.

Stage Of Development

Already on the market

Requested partner

Type of partner sought: industry, law enforcement and academia
Specific area of activity: 1) finance, insurance, e-commerce, big data, law enforcement; 2) complementary businesses.
Role of partner sought: to build a consortium towards relevant Horizon calls.

Contact Profile Owner