Contact
QR code for the current URL

Press release Box-ID: 644031

SecurEnvoy Ltd Reading, RG7 4TY 1210 Parkview http://www.securenvoy.com
Contact Mr Steve Watts
Company logo of SecurEnvoy Ltd
SecurEnvoy Ltd

Managing your online identity

(PresseBox) (Parkview, )
Businesses are becoming increasingly concerned with the amount of personal and company data that is available to government authorities. And with good cause; unbeknown to many business leaders and employees, it is possible for government organisations to access business data not only without having to ask permission from anyone in the company, but without anyone even finding out about it.

Ironically, data can often be accessed via the very security company that a business uses to make its data secure, e.g. a provider of hardware tokens or two factor authentication. Under the current laws, government organisations can request copies of specific secret keys, which businesses use to access their corporate data. However, the government can also request them from the authentication companies that automatically store copies of their customers' codes when created.

Companies need to make sure that their information is secure. This is becoming increasingly difficult, especially when businesses have many remote workers all logging on to a company system from different locations, at different times. To ensure such security, many companies use authentication, the process of identifying a user before granting access to information, typically by a username or password. Two-factor authentication requires something that the user knows - which is the username and password - and a physical object that the user owns - which is either a hardware token (like the kind used to access online banking) or it can form part of an employee's personal device (for example in the form of an app on a smartphone).

Authentication companies offer different methods to customers. Many of these companies manufacture and send pre-programed tokens with their corresponding seed records: secret keys that are used to create a series of digits on devices to be used as a method of authentication when logging on remotely. However, the pre-programed service has a fundamental flaw within the architecture of the authentication technology. As the secret keys (seed records) are generated prior to the customer needing them, and not on demand as end users enrol their phones, the authentication company is required to store customer seed records on file, which poses a significant safety risk. As long as some authentication companies continue to hold these secret keys, governments can legally request copies of them and could delve into company data unbeknown to the business. With this method, users also have to store a seed record on their device; so what happens when the user's phone gets passed on or lost? If the seed record is still on the device, then the individual's corporate identity goes with it.

But it is the seed records stored by the authentication companies that allow other organisations to legally access company data. Different cases have brought cause for concern in recent times, from government authorities being able to access company data without the knowledge of company's customers, to millions of seed records being compromised after a successful attack on the authentication company.

This level of security breach is completely unnecessary and can be easily avoided. It is possible to create seed records without the authentication provider needing to store them at all because the seed records can be split into two sections. Half of the record can be created when enrolling and only stored on the customer's own server and user device; the other half is derived from the finger print of the user's device and passed back to server at enrol. Each time a pass code is required by the user, the device decrypts the first part and then re-fingerprints the device to derive the second part. These seed records are only ever known to the local security server that resides within the customer's own computer room and only part known to the end user's device. Therefore, the authentication provider never even knows what the secret keys are.

By operating this way, authentication companies cannot give out copies of seed records to government authorities or any other organisations, because the records simply won't be in their possession. This technology shouldn't overwhelm business leaders. Put simply, it stops data breaches which can otherwise be easily achieved, and have catastrophic effects on a business.

If you liken this situation to a security scenario that everyone is familiar with, for instance home security, you can see how safe this technology is. Nobody would ever invest in a house alarm system and keep the pre-loaded code that the alarm comes with. Everybody resets the code so that they have a combination of digits which only they know, because it offers higher home security.

The reality is that there will only ever be more devices to access information on, so the need to protect company data and corporate identity is higher than ever. Businesses are right to be concerned about what data government authorities can obtain; but invest in the right security technology and this concern can be dramatically reduced. Failure to look into how the technology works could mean that you are paying for a security solution which isn't actually secure at all.

Website Promotion

Website Promotion
The publisher indicated in each case is solely responsible for the press releases above, the event or job offer displayed, and the image and sound material used (see company info when clicking on image/message title or company info right column). As a rule, the publisher is also the author of the press releases and the attached image, sound and information material. The use of information published here is generally free of charge for personal information and editorial processing. Please clarify any copyright issues with the stated publisher before further use. In case of publication, please send a specimen copy to service@pressebox.de.
Important note:

Systematic data storage as well as the use of even parts of this database are only permitted with the written consent of unn | UNITED NEWS NETWORK GmbH.

unn | UNITED NEWS NETWORK GmbH 2002–2022, All rights reserved

The publisher indicated in each case is solely responsible for the press releases above, the event or job offer displayed, and the image and sound material used (see company info when clicking on image/message title or company info right column). As a rule, the publisher is also the author of the press releases and the attached image, sound and information material. The use of information published here is generally free of charge for personal information and editorial processing. Please clarify any copyright issues with the stated publisher before further use. In case of publication, please send a specimen copy to service@pressebox.de.