London, UK, 18th October 2007 – Masabi, the secure mobile applications company, and GrIDsure, inventors of the revolutionary grid ID authentication technology, today announced that they have co-developed a radical new secure ID system using mobile phones. By using Masabi’s EncryptME, the world's first certified Java security application for mobile phones featuring 1024bit RSA encryption, and GrIDsure's ID technology, today’s mobile phones can act as discrete secure one time password tokens or provide networked two-channel transaction authentication for the highest levels of security.
“The growth in online fraud is a major concern for consumers, retailers and above all credit card companies. Equally the need for major organizations and governments to provide top-level security access to their data systems and installations is becoming an increasingly important and costly process,” said Ben Whitaker Co-Founder and head of Security Development at Masabi. “The combination of two world-leading UK technology companies has provided an innovative solution which solves these issues in a secure and user friendly manner.”
For the GrIDsure ID technology users remember a pattern of squares on a grid instead of a PIN. The user is then shown a fresh number grid for each log-in or transaction, populated with different numbers each time. To log-in they simply key in the numbers that appear within their chosen pattern, but as numbers are repeated throughout the grid and change every time the system remains secure even if the user is observed. For the mobile
solution when a user is prompted to enter a code at an entry terminal, such as a PC, web site or ATM, the mobile application displays a GrIDsure number grid which is time-synched to the authentication server, giving the user the unique one-time code to enter into the terminal. In the case of financial transactions, the mobile application will be securely sent details of the payment confirming the transaction exactly, thereby preventing so-called ‘man in the middle’ or phishing attacks.
“With the rise in online and identity fraud, it has never been more important to provide user and transaction security,” said Jonathan Craymer, Chairman of GrIDsure. “By combining Masabi’s EncryptME and mobile application development expertise together with our GrIDsure system the result is a breakthrough in ID security for everything from day-to-day web transactions to top-level government security.”
The combined solution is set to see its first commercial deployments in late 2007 with support for the majority of mobile phones as well as Blackberry and Symbian smart devices.
To date governments and other organizations generally employ RSA secure ID key fobs to provide secure access to their systems. These are relatively costly physical devices that users must carry to continually generate new ID pass codes but which have been victim to ‘man in the middle’ attacks. Internet banking generally employs either rudimentary password systems where users only ever reveal certain characters thus protecting the entire code or, again, costly and cumbersome physical chip and pin devices which generate unique passcodes for each access request that can also be victim to ‘man in the middle’ attacks.
This new solution provides improved security without the inconvenience to the user, and the cost to the provider of solutions which employ physical devices.
GrIDsure has been assessed for security, usability and authentication strength by leading academics at Cambridge and University College London.
Masabi is a secure mobile applications developer based in the UK. Its EncryptME security system has been validated by BT and certified by NIST, the US Government's security standards body. In line with the latest web security standards EncryptME provides end-to-end 1024bit RSA and 256bit AES for all mobile communications by SMS, GPRS, NFC and local data storage on all Java-enabled handsets to protect all data sent over public networks or residing on stolen phones. The company's expertise in secure, usable mobile applications which run on even the lowest specification phone handsets was demonstrated in January when it announced the rollout of international multi-language, multi-currency, multi-branded casino software for Playtech (AIM: PTEC), the world's largest publicly traded online gaming software supplier. Masabi is owned by its directors and was selected as a finalist for the Red Herring 100 Europe.
With GrIDsure, users create a new-style ‘shared secret’ by picking squares on a grid. To aid memory recall, they can use patterns or shapes - such as an ‘L’ or a ‘tick’. Because the grid fills itself with random numbers each time it appears, new ‘PIN’ or pass codes are created (by reading the numbers in the user's chosen squares). GrIDsure works without the need for extra hardware, such as tokens - generating ‘one-time’ codes that are more secure and resilient to so-called ‘spyware’ threats.
A selection of the coverage that this release generated:
- The Inquirer - Masabi to kill off RSA keyfobs
- The Register- PIN patterns go mobile
- Computing - Secure access goes mobile
- TelecomPaper - Masabi, Gridsure develop grid authentication system
- TMCnet - Masabi and GrIDsure develop secure ID system using mobile phones
- IT Week - Secure access goes mobile