Type: Service, Product
Category: Privacy, Security
Sub-categories: Authentication, Data Protection, Identity & Access Management
Sedicii Authentication: Authenticating users without the need to transmit or share private information
There were two primary motivations for the research performed in developing Sedicii by the Insight Centre in N.U.I.G. The first is the growing demand for secure technologies for e-commerce that do not put customers at risk of identity theft. The second is Web 2.0 and the social semantic web. It has led to new business models and has changed the way that user's interact with the web. This has enabled new ways of capturing trust. For example, they allow us to use web technologies to explicitly define and rank the people we trust and take advantage of the specified preferences during e-commerce transactions. In electronically mediated transactions it is far easier for eavesdroppers to access, copy, redirect and subvert legitimate transactions. Another problem is identity theft. This was a cumbersome and manual process for many years, but the advent of electronic records, communications, and commerce has made identity theft far easier and far more regular. Consequently, an emerging science and industry has grown up around the security and authentication issues associated with e-commerce. New methods of encrypting transactions, of authenticating participants, and of protecting the identities of participants have been developed and used in practical e-commerce applications. The current explosion of commerce onto the web could not have happened without trustworthy, verifiable, and simple security processes built into the workflow of e-commerce.
Solution (Value Proposition)
Sedicii is a new and innovative method of authenticating users without the need for the user to transmit or share private information or for the business owner to store a copy of that information. The service uses complex algorithms based on the Zero Knowledge Proof protocol which is the means to prove that someone knows something without the need for that person to share what it is they know. The key feature of the service is that the User's Password (or any other private information, such as Credit Card, Date of Birth, etc) is never stored on any server anywhere, nor is it transmitted from the client to the server. No browser plug-in is needed as the Sedicii authentication technology uses new features available in the HTML 5 standard allowing for easy embedding in a standard website. The user's personal information is stored using isomorphic graphs. This unique Identity Authentication capability entirely removes the need to transmit or store passwords (or any other piece of personal information). Sedicii technology has removed the vulnerability that all websites are exposed to where private user data can be accessed or stolen from phishing or hacking attacks. This “game changing” technology will remove the security issues for online service providers by eliminating the need for them to store a user's personal data while still maintaining the ability to easily authenticate them.
Sedicii is first and foremost novel and is protected with its granted US patent and EU patent application. The authentication technology is ubiquitous and can be applied to any vertical and any geography where an authentication or authorisation needs to happen that confirms that person or device really is who or what they claim to be without ever exposing the private credential. There are two business models - enterprise licensing or via a cloud based "authentication as a service". Pricing can start from €0.50 per client per year for an enterprise installation or from €0.02 per authentication transaction via the cloud service
Supporting Technology (the 'magic')
The authentication process delivers robust and intuitive anti-phishing and single sign-on capability by providing mutual authentication and by not requesting users to reveal their passwords at visited websites. With Sedicii, users are not redirected to other web-pages after typing usernames as they are in other authentication programs. Users provide only their usernames, eliminating the possibility of exposing their password to malicious parties providing users with mutual authentication.
Sedicii provides a method and apparatus for authenticating a user, in particular authenticating a user to a server across a network. This method; the generation of a private key (required to implement the ZKP protocol from a user's password) in the browser can then generate challenge graphs and challenge responses or indeed for use in any private-public key authentication protocol. This authentication protocol comprises, at a client: receiving a user specific identifier; converting the identifier through a one-way function to a string of a pre-determined length; and mapping said string to a permutation of a pre-determined order. Zero Knowledge Proof (ZKP) challenge-response authentication protocols, in which a prover proves their identity to a verifier, but the verifier is unable to compute the prover's secret using any received data. The prerequisite for the protocol is that a user, for instance the user has to register their name and a public key and only those credentials are accessible to the verifier. Typically, ZKP challenge-response protocols will use different verifiable methods, including the elliptical curve cryptography method, where a public-private key-pair on an elliptic curve is defined using complex algorithms, relying on an accurate point multiplication over such a curve.
Rob Leslie (Sedicii Co-Founder & CEO)
Rob’s previous ventures include setting up PTS Japan, which was acquired by Datacraft Japan for $33M in 2000 and part of the launch team for Dell Japan, which grew from zero to annual sales of $350M and 300 staff during his 4 years. Rob has a B.Eng in electronic engineering from Dublin City University. With a strong track record in starting and developing successful businesses, Rob is a co-founder of Global Business Register (GBR), which links real world corporate identity to businesses transacted in the digital economies.
Richard Coady (Sedicii Co-Founder & Commercial Director)
With 20 years experiences in global technology sales and implementations, Richard has a proven track record and strong expertise in strategic market development, relationship building, and project and commercial planning for large implementations of new technology & services with industry leading companies such as BT, Prometric, Certiport (Pearson) and WBT Systems. Richard is also the lead contact for European Union efforts such as H2020, Cyber Privacy and Data Protection initiatives.
Arturo Calvo (Sedicii CTO)
With previous start-up experiences with companies such as Dialective, iFlikeU and others, Arturo is leading the design and development efforts of Sedicii’s solutions and architecture and managing a team of developers for project specific deliverables. Arturo has a high level of expertise and track record in new technologies such as PHP, Phonegap and others.
Contacts for clients, press and partners:
Sedicii Innovations Limited
ArcLabs Research & Innovation Center,
W.I.T. West Campus,
Phone: +353 87 2356952