informa
Products & Releases

New Standard Replacement For All Tokens, Passwords And PINs To Debut At Infosecurity Europe 2011

pin+ uses matrix-pattern authentication to generate one-time codes without hardware tokens or card readers
London, 23rd March 2011 - A system which will allow the information security industry to ditch passwords, PINs and tokens is to debut at this year’s Infosecurity Europe Show.

pin+TM utilises the power of matrix-pattern authentication (MPA) to generate one-time codes without hardware tokens or card readers, and is arguably the most exciting advance in computer security since the invention of tokens over 20 years ago.

pin+ brings standardisation and essential comfort/familiarity for users. Its highly recognisable (trademarked) shield-shaped matrix offers ease-of-use combined with high security, thanks to its unique 6X6X6X6 format (6X6 matrix, 6-digit one-time codes, using only numbers 1-6).

Powered by new patent-pending IPR from Winfrasoft, pin+ offers users a raft of powerful new features.

“In pin+ the basic concept of extracting one-time codes using patterns on a matrix of squares has been honed into a powerful tool for real-world use wherever strong authentication of individuals is required,” said Jonathan Craymer, managing director of PinPlus Limited. “With the launch of pin+ Matrix Pattern Authentication (MPA) has truly come of age.”

pin+ offers:-

consistent standardised look and feel (all applications)

vastly increased mathematical strength

true one-time codes

superior protection

improved resistance to reverse engineering

static PIN option

fast/consistent implementation.

“I challenge anyone to come up with a better system for strongly authenticating individuals in virtually any scenario imaginable than matrix pattern authentication as represented by pin+," added Craymer.

“We’ve taken a good basic concept and refined it for real-world use, in a way no-one has done before. Our aim is to do what successful brands like McDonald's and Visa/MasterCard have done respectively for roadside fast food and credit cards. By introducing a standard 6X6 pin+ shield matrix, we're going to give users a feeling of comfort and familiarity, as well as the essential ability to transfer secret patterns from one platform/system to another.

“As for mathematical strength, the Winfrasoft patent-applied-for system which powers pin+ offers no less than 2.1bn pattern combinations** - compared to only say 390,625 from 5X5/4-digit code systems. This arguably makes pin+ over five and a half thousand times (5572) times stronger than such a format.

“True one-time codes? pin+’s patent-pending system ensures “correct” codes can only be used once, while many other systems allow you to use codes again, leaving them susceptible to so-called replay attacks.”

pin+ offers superior protection as its highly-developed algorithm offers built-in protection against pattern cracking, screen scraping and replay attacks not offered by rivals, also avoiding security peaks and troughs suffered by less sophisticated systems – when occasionally sets of characters presented can be more or less secure.

And the the static PIN option? Steve Hope of pin+ partner Winfrasoft explains: “This is another patent-protected new feature which allows users to exponentially increase security by inserting an additional 4 (or more) digit number into one-time codes. This can be entered before, after, or even in the middle of a one time code, hugely increasing the entropy strength.

“We’re also offering improved resistance to reverse engineering as pin+’s restriction of its standard character-set (using only the numbers 1-6 on a 6x6 matrix) increases repetition of characters on the matrix (each one appears 6 times) meaning an attacker would have to capture and analyse 4 to 6 successful logins to reverse a pattern, compared to just 2 or 3 for some other systems.”

pin+ also offers fast and consistent implementations because every deployment will be compatible with other uses of the system, thanks to consistent implementation standards and guidelines. “This means there’s no guesswork or need to ‘reinvent the wheel’,” added Hope. “pin+ naturally forms part of a positive authentication ‘ecosystem’, made even easier by the availability of a pin+ Software Development Kit (SDK) including all the necessary source and compiled code, for rapid product delivery.”

pin+ is available for Solutions Integrators and others to build-in the new system right now, and Winfrasoft will launch the first off-the-shelf ‘boxed’ product with pin+ embedded at InfoSec. Watch this space.

“The above features add enormously to the well-known benefits of matrix pattern authentication, in particular the way it gets users effortlessly to create consistently complex and sophisticated barriers against hackers, without the need for special training, procedures or disciplines,” adds Craymer.

“In theory everyone could construct and use really strong passwords, but in reality they don’t, and if any IT department or director says otherwise, they’re not living in the real world. We believe users don’t need training – they need something like this, which is easy to use, and guarantees a secure secret is used. Why make life hard, when it can be this easy?”

Recommended Reading: