Intrinsic ID’s SRAM PUF will combine with Authentico’s secure storage approach to prevent bulk password theft
SUNNYVALE, Calif. – June 22, 2017 – Intrinsic IDTM, the world’s leading provider of digital authentication technology for Internet of Things security and embedded applications, and Authentico Technologies, a developer of cybersecurity solutions, today announced the companies are collaborating to develop a next-generation database security system. By combining the key management technology of Intrinsic ID’s BROADKEYTM with Authentico’s patented system for secure password storage, the companies will develop a solution that vastly enhances the protection of passwords.
“We will make the bulk theft of passwords essentially impossible,” said Philip Lundin, chief executive officer of Authentico Technologies. “Hashing and salting passwords – historically the best practice for password storage – is not sufficient because hackers can still recover passwords from stolen database records. Our new approach will make password databases malware and hacker proof.”
Authentico and Intrinsic ID will develop a centralized hardware unit that can be installed on an enterprise’s servers. The device works as a plug-and-play product and, once running, it enhances security without any noticeable change in the user experience or login process.
“An SRAM PUF-based password storage solution won’t leak passwords and so is safe from malware and hackers,” said Pim Tuyls, chief executive officer of Intrinsic ID. “Authentico Technologies has taken an innovative approach to the very serious problem of password security, and through our joint collaboration we have conceived a product that should put an end to bulk thefts of passwords.”
Potential threats stemming from password theft can be significant because email accounts or other cloud-based services are increasingly used to store sensitive information. In a LexisNexis Risk Solutions survey, 42 percent of respondents stored tax records and 40 percent stored bank records on email services or with cloud-based document storage services. Similarly, Verizon’s 2017 Data Breach Investigation Report asserted that weak or stolen passwords were behind 81 percent of hacking-related breaches.
“The risk from a lack of password security is alarming,” Lundin said. “If password thieves have access to a user name and password they can access not only email – which of course can be very sensitive – but important information such as banking records, mortgage statements, student loan data and medical documents.”
Combining Intrinsic ID’s SRAM Physical Unclonable Function (SRAM PUF)-based technology with Authentico Technologies’ patented system for secure passwords and user profile data storage enables authentication that does not require storing keys, ensuring data security even if the database is hacked. Authentico’s solution processes the user passwords, or the salted password hashes, and then stores the response. The validity of a user password is checked by processing the user password or its salted hash through the SRAM PUF and comparing the output with the corresponding stored value. This makes the database useless for hackers, as offline password recovery is not possible even if the database is stolen.
“We’re thrilled to be working with Intrinsic ID on the exciting technology which we see becoming an industry standard. The additional resources and competence of Intrinsic ID provide us with the necessary final ingredients to make this product a reality,” Lundin said. “I’m convinced that our collaboration with Intrinsic ID will broaden our competence further. We aim to standardize our new product so we can, once and for all, put an end to massive bulk thefts of passwords.”
The new database security system is expected to be available from Authentico during the fourth calendar quarter of 2017.
About Intrinsic ID
Intrinsic ID is the world’s leading digital authentication company for the Internet of Things (IoT) and embedded applications. It is the inventor of SRAM Physical Unclonable Function, or SRAM PUF, leveraging manufacturing variations in semiconductors to create unique IDs and keys to authenticate chips, data, devices and systems. Through its flexibility, scalability and low implementation cost, Intrinsic ID products address the security needs of the fast-growing IoT market. Its solutions are used to validate payment systems, secure connectivity, authenticate sensors, and protect sensitive government and military data and systems. Intrinsic ID’s award recognition includes the EU 2016 Innovation Radar Prize, which honors high-potential innovations and innovators in EU-funded research. Intrinsic ID’s SRAM PUF technology has been proven in millions of devices and in products that have passed certification by Common Criteria Evaluation Assurance Level (EAL6+), EMVCo, Visa and multiple governments. Visit Intrinsic ID online at www.Intrinsic-ID.com.
About Authentico Technologies
Authentico Technologies develops cutting-edge innovative solutions focusing primarily on major threats within cybersecurity in relation to secure authentication, data management and storage solutions. The research behind the patented solutions is a result of collaboration with some of the most prominent minds within the scientific community. Authentico offers both software and hardware products that are robust and user friendly without compromising security. The company was founded in 2011 and based in Gothenburg, Sweden. Visit Authentico online at authentico.net.