Aussie authentication pioneer TokenOne is off to the US – but not for capital

Fresh out of stealth mode, authentication innovator is ramping up to a big 2018

It may have just signed onto a development partnership with a key US cybersecurity consortium, but Australian multi-factor authentication (MFA) contender TokenOne is still prioritising local capital investment as part of a strategy to keep its burgeoning business grounded firmly on our shores.

It’s an unusual move for growth-minded companies like TokenOne, which recently emerged from several years of patent development and stealth-mode activity to clinch a distribution deal with insurance company Cyber Plus. But if the company were to follow its many compatriots to Silicon Valley to look for funding, founder Phil Cuff told CSO Australia, “we would have to move and become an American company.”

The decision to stay has forced the company to find alternative sources of funding – which, he said, are there for companies that know where to look. “It’s not easy raising capital here,” Cuff said, noting that the company is currently in the midst of a $5m capital-raising. “We have gotten some interest internationally. But we have had a lot of support from family investors in Australia and corporate VC” such as SingTel Innov8.

The company’s smartphone-based one-time pad (OTP) implementation prompts users to enter a passcode based on an ever-changing correspondence between letters and numbers. The technique produces a different alphabetical code every time it’s used, meaning that the host system never actually receives the user’s code.

The method offers a more-secure alternative to passwords that can sit aside other authentication methods, like biometrics.

“Passwords have been OK up until now,” he said, “but the fundamental problem is that you have to reveal it to prove you know it. OTP lets you mentally convert your PIN into different letters every time you need to authenticate yourself. It’s never stored anywhere, and not even a rogue sysadmin or company could work out the code.”

Even as it works to bolster its financial backing, TokenOne has been ramping up awareness of its technology and will, in a significant coup for an Australian company, be working with tech giants RSA, Splunk, and CA Technologies in a joint effort under the auspices of the US National Cybersecurity Center of Excellence (NCCoE).

The company’s selection came after Cuff last September presented the patent-protected technology to a military and research community forum near the Pentagon. Run under the auspices of the US National Institute of Standards and Technology (NIST), the NCCoE effort is designed to explore ways that TokenOne’s MFA tool can be incorporated into an “example standards-based implementation that retailers can actually implement”, Cuff explained.

“We spend a lot of time and money on patents,” he added, “and that’s one of the reasons we have been in stealth mode for 4 years. Our technology is clever but so simple.”

Recent user trials had revealed that few companies were interested in hosting their own implementations of the TokenOne technology – preferring instead to source it as a service from managed service provider (MSP) partners like TokenOne distributor Cloud Distribution, which in turn offers it through partners like The Missing Link.

Delivery through MSPs also facilitates integration of the OTP technology with hosted Microsoft environments, with an Active Directory connector a core component of the system.

Planned white-labelling of the solution in 2018 will support what Cuff says will be “a very big year of international expansion” as the company ramps up its profile on the back of its NIST partnership and its local successes.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags CSO AustraliaSingTel Innov8Phil Cuff|smartphone-based one-time pad (OTP) implementationAustralian multi-factor authentication (MFA)TokenOne

More about AustraliaCA TechnologiesCloud DistributionCSOMicrosoftRSASplunkTechnologyThe Missing Link

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by David Braue

Latest Videos

More videos

Blog Posts