It may have just signed onto a development partnership with a key US cybersecurity consortium, but Australian multi-factor authentication (MFA) contender TokenOne is still prioritising local capital investment as part of a strategy to keep its burgeoning business grounded firmly on our shores.
It’s an unusual move for growth-minded companies like TokenOne, which recently emerged from several years of patent development and stealth-mode activity to clinch a distribution deal with insurance company Cyber Plus. But if the company were to follow its many compatriots to Silicon Valley to look for funding, founder Phil Cuff told CSO Australia, “we would have to move and become an American company.”
The decision to stay has forced the company to find alternative sources of funding – which, he said, are there for companies that know where to look. “It’s not easy raising capital here,” Cuff said, noting that the company is currently in the midst of a $5m capital-raising. “We have gotten some interest internationally. But we have had a lot of support from family investors in Australia and corporate VC” such as SingTel Innov8.
The company’s smartphone-based one-time pad (OTP) implementation prompts users to enter a passcode based on an ever-changing correspondence between letters and numbers. The technique produces a different alphabetical code every time it’s used, meaning that the host system never actually receives the user’s code.
The method offers a more-secure alternative to passwords that can sit aside other authentication methods, like biometrics.
“Passwords have been OK up until now,” he said, “but the fundamental problem is that you have to reveal it to prove you know it. OTP lets you mentally convert your PIN into different letters every time you need to authenticate yourself. It’s never stored anywhere, and not even a rogue sysadmin or company could work out the code.”
Even as it works to bolster its financial backing, TokenOne has been ramping up awareness of its technology and will, in a significant coup for an Australian company, be working with tech giants RSA, Splunk, and CA Technologies in a joint effort under the auspices of the US National Cybersecurity Center of Excellence (NCCoE).
The company’s selection came after Cuff last September presented the patent-protected technology to a military and research community forum near the Pentagon. Run under the auspices of the US National Institute of Standards and Technology (NIST), the NCCoE effort is designed to explore ways that TokenOne’s MFA tool can be incorporated into an “example standards-based implementation that retailers can actually implement”, Cuff explained.
“We spend a lot of time and money on patents,” he added, “and that’s one of the reasons we have been in stealth mode for 4 years. Our technology is clever but so simple.”
Recent user trials had revealed that few companies were interested in hosting their own implementations of the TokenOne technology – preferring instead to source it as a service from managed service provider (MSP) partners like TokenOne distributor Cloud Distribution, which in turn offers it through partners like The Missing Link.
Delivery through MSPs also facilitates integration of the OTP technology with hosted Microsoft environments, with an Active Directory connector a core component of the system.
Planned white-labelling of the solution in 2018 will support what Cuff says will be “a very big year of international expansion” as the company ramps up its profile on the back of its NIST partnership and its local successes.