Inventor of SecurID token has new authentication system

The inventor of the two-factor authentication SecurID token says the latest technology he's come up with is better because it can be used with a voiceprint biometric, plus it can be deployed for purposes of secure authentication in mobile phones, payments and cloud computing.

Apple warned of phishing attack threat to iPhone, iPad, Mac OX developers

"This is much more appropriate for emerging cloud technology and financial payments," says Kenneth Weiss, founder of Newton, Mass.-based Universal Secure Registry, says of his company's electronic wallet. The core technology hasn't been deployed in products or services yet, but Weiss says the various elements, which also entail a server component to authenticate the user's identity, is stronger than SecurID because it not only provides a one-time password but can verify identity based on the user's voice biometric for three-factor authentication.

"You enter a PIN and voice, and only then does the unique seed inside the phone produce a random number," says Weiss, who hopes to license the technology.

Part of the core technology in the Universal Secure Registry strong-authentication system relies on the SecurID token technology patents that are now in the public domain, Weiss says.

SecurID has been much in the news since RSA acknowledged earlier this year that it had suffered a stealthy attack into the RSA network in which the attacker managed to steal undisclosed sensitive information related to SecurID. That information was later used by the attackers to try and break into Lockheed Martin. Weiss says the sensitive information at stake is the seed values for the two-factor authentication system associated with SecurID customers.

"The seed is the logical equivalent to a combination to a vault," Weiss says. "Their secret seeds were compromised." Basing an attack on stealing this kind of information would not necessarily be easy because the determined attacker would be trying to emulate a SecurID token, and they'd have to steal a password as well, he said, but it could be done.

Weiss contends that his USR design is better because seed values can be updated at periodic intervals, and "it's a stronger algorithm" than the RSA SecurID, and the password-digit combination is 16 digits long rather than just eight. He believes that despite the infiltration into the RSA corporate network, SecurID remains fundamentally sound "but there are many things it cannot do."

Weiss adds he and RSA, now part of EMC, aren't on particularly congenial terms because of a dispute over certain business practices he objected to vehemently in the 1990s when he was founder of Security Dynamics, which acquired RSA Data Security. The security industry has gone through many permutations since then, and Weiss is out to prove his latest technology feat will outdo his first.

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags Applesecuritylegalendpoint securitySecurID; security; Kenneth Weisscybercrime

More about AppleEMC CorporationinventorLANLockheed MartinRSASecurity Dynamics

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ellen Messmer

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place