1 / 21

Introducing SteelPlatez

Patents Pending. Introducing SteelPlatez. The Problem. The problem with all systems is that when you authenticate your identity, you are required to interact with the system in such a way that casual or systemic observation will invite compromise . i.e. enter a password or a PIN

suchi
Download Presentation

Introducing SteelPlatez

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Patents Pending Introducing SteelPlatez (C) 2012 Platez Pty. Ltd.

  2. The Problem The problem with all systems is that when you authenticate your identity, you are required to interact with the system in such a way that casual or systemic observation will invite compromise. i.e. enter a password or a PIN Every time you are physically validating your identify by entering it, i.e. at an ATM, when you logon to your computer at work or when you perform internet banking; you are at risk of having your identity stolen or misused. (C) 2012 Platez Pty. Ltd.

  3. ATM Phishing Fraud Ever been to an ATM and wondered if the transaction you are about to perform could somehow enable someone else to take money out of your account? Not me – I’m too aware May 2012 (C) 2012 Platez Pty. Ltd.

  4. ATM Phishing Fraud Yes – that’s a camera transmitting your PIN – they even do pinhole cameras mounted in the plastic above the keypad. And that device is one of many used to skim/copyyour card. This approach defeats specialised card security methods. May 2012 (C) 2012 Platez Pty. Ltd.

  5. The Goal The challenge we undertook was to build a security method that would enable anyone, in any location, using any device to be able to prove their identity without fear of someone then being able to impersonate them and perform fraudulent actions. We also set the additional requirements of: • The user must not require any other devices (i.e. No special cards or smart tags) and • Systems should not require physical changes to implement it (i.e. ATM’s, Merchant EFTPOS etc) as we don’t necessarily have the ability to control or change these systems May 2012 (C) 2012 Platez Pty. Ltd.

  6. The Result - SteelPlatez SteelPlatez can: • Protect you at the ATM • Protect you when you use your Credit Card • Stop face to face Teller Fraud (impersonation) • Stop internal Fraud • Stop Internet Banking Fraud • Stop identity theft • Protect you whether you’re on your home PC, work PC, internet café, iPad or your mobile SteelPlatez does not detect fraud post even, it stops the fraud from happening wherever you are required to provide an identity and authentication. SteelPlatez can be introduced anywhere, regardless of industry, location or technology base. May 2012 (C) 2012 Platez Pty. Ltd.

  7. What is really at risk? Anything and everything – taking events in the recent news: • Twitter accounts compromised • Facebook accounts compromised • Internet banking scams • Fob systems compromised • Credit Card scams SteelPlatez can protect • Over 120 billionin cash withdrawals annually • Reputations andcredibility • Customers and regain lostconfidence May 2012 (C) 2012 Platez Pty. Ltd.

  8. Inside the square Existing security methods follow a similar process • Enter your credential • Secure it to the nth degree using a implausibly non-reversible crypto method (i.e. MD5) • Secure the pipe between the place where you entered your credential and the place where it is verified • Compare the non-reversible crytpo mash with the one stored in the system and if they match, then it must be you! Even the most complex systems using token/keyfobs are using an algorithm that is present in the card or device; and if that algorithm is compromised – then it can be defrauded. Here’s where the problem exists – simple observation (i.e. someone looking over your shoulder) 100% compromises you – not just once, but forever. May 2012 (C) 2012 Platez Pty. Ltd.

  9. Terminology We are introducing the term SteelCode – it refers to the authentication code that a user enters when validating their identity using a SteelPlatez integrated system. A SteelCode is a response to a system challenge, and can vary from system to system, and also from user to user. SteelPlatez implements a set of keys, responses, rules and methods which are customisable at all levels. May 2012 (C) 2012 Platez Pty. Ltd.

  10. SteelPlatez Claims - 1 There is no observable pattern to your SteelCode Using SteelPlatez, I can attend an ATM and have my Card sniffed and my SteelCode recorded – and without any modification to card technology or the ATM technology – the observed information cannot be used to perform another transaction. SteelPlatez allows for safe authentication in plain sight. May 2012 (C) 2012 Platez Pty. Ltd.

  11. SteelPlatez Claims - 2 Resilient to Raw Brute Force Attacks “3 fails in a row” or “3 tries in 5 minutes” assist against these attacks, but all systems can be attacked using brute force methods. In theory, if 10000 people accessed 10000 ATM’s at the same time – with a copy of my card – and each tried a different PIN, one would get in – and worse, they could continue to get in until “I” report it Under SteelPlatez, using the same 4 digit limitation; the odds of success are reduced to 1 in 10000 for each access attempt – and even if they fluke access, it would only be useful once, they could not do it again. May 2012 (C) 2012 Platez Pty. Ltd.

  12. SteelPlatez Claims - 3 Observable Data SteelPlatez is so novel that not only can the user be observed and recorded without compromising their SteelCode , but the entire authentication data stream between entry point and the server where it is validated can also be recorded and analysed – also without compromising their SteelCode . May 2012 (C) 2012 Platez Pty. Ltd.

  13. SteelPlatez Claims - 4 Minimal Impact Converting to SteelPlatez is a minimal impact undertaking; inasmuch that it does not change the flow of the way people interact with existing systems and it does not require changes to Human-Machine Interface devices such as ATM’s or Point of Sale devices* i.e. You would approach an ATM, put your ATM Card in and then type in your SteelCode * There may be some systems we are not aware of that we cannot identify a solution path for May 2012 (C) 2012 Platez Pty. Ltd.

  14. SteelPlatez Claims – 5 You can’t crack random SteelPlatez gives you the ability to use your brain to convert a pure random sequence into something meaningful. Because it is truly random, there is no algorithm, there is no pattern, there is nothing to compromise. Having the complete code for the SteelPlatez back end does not assist a potential hacker. May 2012 (C) 2012 Platez Pty. Ltd.

  15. How it works As a registered SteelPlatez user I specify a Key and a Method. The Key is based upon a set of symbols as defined by the SteelPlatez Server – in the case of our demonstration system – ‘A’ to ‘Z’ and ‘a’ to ‘z’- a total of 52 key symbols The Method is one or more of the following: • Straight Keyword – i.e. FRED • Offset Keyword – i.e. FRED but I add or subtract up to 5 • Crawling Keyword – i.e. FRED by I add or subtract 1, then 2, then 3 etc • Masking – i.e. FR#ED • and more! • I, as the user, define my Key and my Method --- and I NEVER again enter, expose, discuss or use them ever again – I don’t need to! May 2012 (C) 2012 Platez Pty. Ltd.

  16. How it works With each authentication, a newly-generated matrix of random numbers appears. The same matrix never appears twice. So let’s assume my Key is FRED and I have defined a Method of minus 1 When I go to authenticate I interpret the Matrix In this instance F=0, R=1, E=0 and D=1 So my SteelCode when I apply my Method and ignore any minus signs, would give me 1010 this time. May 2012 (C) 2012 Platez Pty. Ltd.

  17. How it works The next time I access my account, a totally different matrix of random numbers appears. As before, my Key is FRED and I have defined a Method of minus 1 When I go to authenticate I interpret the Matrix In this instance F=0, R=0, E=0 and D=1 Applying my Method of subtracting 1 and ignoring signs, gives me a SteelCode of 1110 this time.

  18. How it works • What about key loggers, when I change my Keyword? • When you first enter or subsequently change your Keyword, you get a different type of matrix. This time, the letters are randomised, and do not appear as text, but as images, with unrelated random names. The keylogger can still follow the button presses, but only knows to which image it relates, whose name is meaningless.

  19. Why is this useful? Since I never actual enter my real credentials, it doesn’t matter if someone watches me, or if they record what I do. With the permutations available, there can be hundreds of thousands of combinations that would need to be considered in order to reverse engineer my Key and Method, allowing someone to then steal my identity. The benefits are widespread • I don’t need to change my password every 30 days • I don’t have to be ultra-paranoid about who could be watching • I don’t need to carry a mobile or a special security device in order to prove my identity • I get to control how complex my Key and Method is – for low risk items I can have a 4 symbol Key with a basic Method, for high risk, I can use an 8 symbol Key with a symbol based offset May 2012 (C) 2012 Platez Pty. Ltd.

  20. Just think… If a web-based system I used was protected by SteelPlatez, I would be able to walk into an internet café in my birthday suit, sit down at a computer that: Was infested with Malware, Spyware and Keyloggers Had a spy camera pointed at the screen and the keyboard Had a sniffer copying all data in and out of the computer and log onto that site, perform whatever transactions I needed to, then log out knowing that even with all that information, they cannot perform subsequent authentications as me. There is no system we can think of that we couldn’t make SteelPlatez work for. May 2012 (C) 2012 Platez Pty. Ltd.

  21. Thank you For further information relating to SteelPlatez please contact • sales@steelplatez.com • To view a working online system, with online ATM and online securities trading go to • http://www.designsim.com.au May 2012 (C) 2012 Platez Pty. Ltd.

More Related