Software alone is not enough!

In 2019, 9.2 billions mobile devices were used globally for internet access, voice and email exchanges. Data traffic will explode to reach 136 EB/month in 2024 and more than 26 billion connected devices will be activated this year.

Communication between billions of devices open up endless opportunities for cyber criminals.

Addressing the market for endpoint security with a user-controlled, hardware-enabled, and trusted device is essential and the one of the challenges tackled by OffPAD (Offline Personal Authentication Device).

By Mélanie Bénard-crozat

Trends, Cyber attacks, security breach & Identity Theft

More than 60% of employers will use their own device for work. Over 90% use third-party apps from untrusted sources and 50% of companies that allowed BYOD were breached via employee-owned devices. 20% of Checkpoint survey (2017) respondents stated that their company has already experienced a mobile device security breach, while just over half stated they have not. Unsurprising but troubling, 24% of the security professionals are unaware if they have been compromised and 40% of large data breaches were caused by lost or stolen devices…

Thanks to the European GDPR, end users are becoming more concerned about security, privacy and the way to control sensitive data. However only few relevant and secured solutions are available on the market. Most of users have to trust major big tech companies without any control of personal data. 87% cited identity theft as their biggest concern with data loss in the event that their phone was lost or stolen. Overall, 54% of consumers are worried about the level of security on their mobile device. Most people don’t PIN-protect their phones and 28% of consumers admitted to knowing a third-party’s login details.1

Even though the concept of privacy and security by design is starting to become a buzz word to generate trust,data breaches show that privacy and security solutions are often an after thought installed after a breach occurs.

The Biometric answer

The only trustable link between physical and digital world is biometric. Mobile biometrics industry projected to see more than $8.7 billion in revenues by 2023. Fingerprint biometrics will continue to be a dominant modality as massively adopted by end-users and coupled with large sensors strengthening quality and security of the biometric template.

The Norwegian solution, based on a scandinavian hardware in which the authentication is externalized, is based on 2 large Eurostar projects in EU. During 5 years, in the period 2011-2016, this collaborative French-Norwegian academic and industrial research project supported by the University of Oslo and Ensicaen University in Rennes was conducted to answer a need for identity management solutions. The objective was to solve the identity overload problem with a flexible, safe and ergonomic authentication and identity features. A development of the specific firmware was therefore designed with One Wave in Rennes, France, integrating a specific protocol of cryptography, communication and biometrics, creating a dialogue with the hardware of the device. The solution combines 10 security features integrated by design.

« Users of online services accumulate so many online identities and related passwords that it quickly becomes a usability challenge to manage them securely. OffPAD is a trusted device to support the different forms of authentication that are necessary for trusted interactions » Jan-Erik Skaug, OffPad’s CEO, says. The OffPAD acts as a trusted device that can support strong multifactor authentication even in situations of compromised client platforms.“OffPad enable you to use your own phone with highest security standards, no password or pin code, and seamless integration with customer IT infrastructures.” Jan-Erik Skaug, adds.

A result that required nearly 5 years of work, 2 million euros of investment in R&D, and the mobilization of 25 researchers, hardware and software engineers.

Giving power back to end-users

Gaps in protection, lack of visibility, user error, OffPAD is answering these problems through a small and discreet device that protects and secure the most critical applications,

In a digital economy it is important to protect shared information and stored data. OffPAD has developed a unique solution which is 100% independent of the phone and fully user-controlled. It provides hardware rooted trust, complying to the highest security requirements.“People can easily and immediately access to the most sensitive corporate documents.” Jan-Erik Skaug explains.

Based on proven security principles and robust components; and thanks to the highly secure internal patented architecture, the digital identity will be securely stored into the secure element and will be accessible to external services only when the user will decide to share it. The secure element is used to trust the firmware for other peripherals (display, Inputs) and is separated from the host device. The fingerprint biometrics will be the key to share the digital identity to trustable third parties. The end-user entirely controls its digital identity and customers take control of their own data.

« We wanted to deliver a scalable solution. The OffPAD experience can be used by many enterprise applications through our Open API’s: Governments, E-health, oil & gas, public affairs, diplomacy, etc. » Jan-Erik Skaug explains « it is a secure solution using a separate trusted execution environment (TEE) which runs offline to keep your data safe, coupled with a fingerprint biometric. The product is user friendly and convenient, seamless integrated to enterprise systems for device, application and user management. »

Digital Identity, the key to digital world

As for traditional paper-based identity, trust within the entire value chain is key to guaranty massive adoption by citizens and end-users. Without security and privacy protection, digital identity will not be successful. Mobiles will be the entry points to the digital ecosystem to access networks, servers, APIs and all value-added services.

We want to accompany with our solution the emergence of a digital world of trust, where the user can draw the strengths and benefit from digital opportunities while being protected and protecting his informational heritage.” Jan-Erik Skaug explains. He concludes « we are in discussions with key players within digital identity in Europe and more broadly with players in the Netherlands, Germany, France in addition to our home market the Nordic countries. We will then execute an entry strategy in the United States market, when our second scale-up phase will be well advanced. »

OffPAD will shape its tomorrow on the growing market of Mobile security solutions.

Mobile security market is expected to garner $34.8 billion by this year, registering a CAGR of 40.8 % during the forecast period 2014 – 2020. Global cybersecurity investments will explode in 2020. Gartner forecasts that by 2020, more than 60 percent of organizations will invest in multiple data security tools such as data loss prevention, encryption and data-centric audit and protections tools, up from approximately 35 percent today.

As the CEO I want to share our acquisition plan the leadership team for review and feedback so that we are aligned on responsibilities and execution.

The leadership team are in different places across the world and several are constantly travelling. It is crucial that I can make sure this information is shared and available only to the team members. And I need an audit traiI for all that have received this information. Leadership team is registered as a group with specific access policies in the DRM system.

I open up the documents already enforced with digital rights management through Microsoft Azure Rights Management. As this is ultra-confidential content, I classify each document so that only pre-approved (with Offpad) users are able to open the documents and view the contents. I am able to share these documents easily as per company policy; through email, internal public cloud document storage or sharing service.

  1. Techradar survey