Interviews

Infosec token talk

by Mark Rowe

Those who come in through the back door often have something to hide – and this also applies to the IT scene, it is suggested. For example, data spies can use back doors in token-based authentication products to steal information about companies. The company SecurEnvoy will speak of how businesses can protect themselves from such prying eyes on stand H10 at Infosecurity Europe (29 April to 1 May, London Olympia). In a talk titled “Revolutionising 2FA to enhance the user experience”, Andrew Kemshall and Phil Underwood will look at the two-factor authentication solutions on the market. They will also discuss security aspects relating to seed records, which are specific algorithms used to create passcodes for user identification.

The talk will be given by Andy Kemshall, co-founder of SecurEnvoy, and Phil Underwood, Global Head of Pre and Post Sales, on all three days of the fair, between 11.20 am and 11.45 am in the SecurEnvoy-sponsored Technical Theatre. Firstly, the types of two-factor authentication products on the market and their login options will be described in the form of an overview. Special attention will be devoted to user experience (UX) and ease of use. When considering the issue of security, the lecture will focus on seed records in particular. These are specific algorithms that are used to create passcodes. Some vendors save copies of these seeds. The problem in this respect is that, depending on the legislation, government authorities and agencies may be able request to see these copies without requiring the authorisation of the company concerned. The authorities can then reproduce the seeds and track the respective company login procedures without being noticed.

Split seed records

To prevent this happening, the firm splits seed records into two parts. In their lecture, Kemshall and Underwood will explain the procedure and confirm that no seed records are stored at SecurEnvoy, all seed records are generated locally by the client. The patented tokenless two-factor authentication solution developed by SecurEnvoy makes use of mobile devices rather than dedicated tokens. This permits flexible delivery options regarding the passcode required for user identification purposes. Users can receive such passcodes via SMS, email or landline call, or generate them in a soft token app. The recently released Server Version 7.2 also includes the “One Swipe” option as a new feature. For this, the user needs neither an Internet connection nor mobile phone reception nor a landline connection. To enable authentication, the user generates a one-time-valid QR-code in a soft token app for smartphones, and subsequently photographs (scans) this with the webcam on a laptop or similar. This allows the user to unambiguously prove his or her identity.

More about soft tokens is available at http://www.securenvoy.com/two-factor-authentication/soft-tokens-explained.shtm.

Related News

  • Interviews

    Looking to export?

    by Mark Rowe

    Export to fast growing emerging markets is important for defence and security companies. Emerging markets offer potential. But with these opportunities for…

  • Interviews

    BBC on ‘private war’

    by Mark Rowe

    The BBC’s hour long documentary Britain’s Private War covered the UK’s armed private security industry. Repeated on BBC Two Scotland, the programme…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing