Meet up at TRUSTECH

To showcase the Keypasco Solution we will once again attend one of the worlds largest annual events dedicated to trust-based technologies – TRUSTECH. The event attracting visitors from all over the world takes place at the Palais des Festivals in Cannes on the French Riviera, November 28-30.

Welcome to stop by our booth to talk about secure authentication, and to get a live demonstration of the Keypasco Solution. And do not miss the opportunity to listen to our COO, Per Skygebjerg, when he talks about the Keypasco Mobile PKI solution at the Innovation Stage. Pre-book a meeting with Keypascos representatives on site, or just stop by our booth to say hello. Keypasco can be found at booth LERINS B029.

We look forward to seeing you!
The Keypasco team

For more information, contact us today;
info@keypasco.com | +46 31 10 23 60

Learn more about TRUSTECH at the event website >

PSD2 – Strong Customer Authentication

In February 2017, the European Banking Authority (EBA) published the final draft of the Regulatory Technical Standards on Strong Customer Authentication and Common and Secure Communication under the revised Payment Services Directive (PSD2).

Maybe not the most selling title, but it is nevertheless important that your services use a security solution that meets the requirements. Let us tell you how the Keypasco Solution complies, and exceeds these new requirements for Strong Customer Authentication.

Why is Strong Customer Authentication needed?
PSD2 regulates how financial institutes and third-party services receive customer data information. The revised directive will allow new players access to consumers’ payment accounts, to make payments on their behalf, and to provide them an overview of their various payment accounts. The institutions holding the payment account of the consumer will have to provide these new players access to the account. As a natural consequence, the customer authentication requirements are strengthened.

”The implications will be severe for those companies that will not comply with the new EU- regulations in terms of PSD2. The direct implications will be sanctions and fines against those companies.”
Ria Vadpa / EU-commission in Brussels

Strong Customer Authentication requirements
If you are a Payment Service Provider you are, according to PSD2, required to authenticate a user when he or she; accesses an online payment account, initiates an electronic payment transaction or carries out an action through a remote channel that may imply a risk of payment fraud.


Transaction protection

It is unfortunately not uncommon with attacks where the amount, and payee have been altered, and then unwittingly confirmed by the user. For example, on mobile devices, this type of malicious attacks often use overlay windows. To prevent this kind of attacks, it is stated that the payment transaction data needs to be protected throughout all the phases of authentication.

"...payment service providers shall adopt security measures which ensure the confidentiality, authenticity and integrity…through all phases of authentication…”
PSD2, article 2

The Keypasco Solution:

Keypasco's mobile SDK can be used either as a specific authentication app, using a two-app interface for communicating with the payment app, or be included directly in the payment application. In any case, out-of-band communication through a secure and double encrypted channel is used for displaying the payment information.


Authentication elements
The basic definition of Strong Customer Authentication in PSD2 states that authentication has to be based on the use of two or more possible authentication elements. These elements are knowledge, possession and inherence often explained as something only the user knows, has and is. These elements must be independent from each other, and their usage must generate a one-time authentication code.

In the case of a payment transaction, the authentication code must be dynamically linked to the amount and the payee. If the payment amount or payee changes, the authentication code should change too.

The Keypasco Solution:

The Keypasco Solution utilizes all of these three elements. The basic factors include the PIN code, device ID, PIN code and / or the user’s fingerprint.

In addition to this, the Keypasco Solution has the opportunity to further enhance security by adding the user’s geolocation, history, and a proximity device as additional authentication factors.


The possession element requirements
Requirements related to the possession element are particularly relevant for mobile devices, such as smartphones and tablets. It is stated that possession elements "shall be subject to measures to prevent replication of the elements".

Mobile applications are easy to clone; in fact, entire mobile devices can be cloned without even having physical access to the device. A countermeasure can be to take device properties into account when generating an OTP or encrypting data used by the app.

The Keypasco Solution:

The foundation of the Keypasco solution, the patented six-level device ID uses besides device properties, five other layers to create a robust device ID. Every clone will be detected by us.

What about encrypting data then? Keypasco takes this security level one step further. The private key of the asymmetric key pair used for authentication code creation and digital signatures isn't stored on the mobile device. Where competitors store the entire private key somewhere on the device, Keypasco splits the private key into two parts; one part is stored on the server, and the other part on the mobile device. This second part is encrypted with the user's PIN code or some biometric property.


Independence of authentication elements
The PSD2 requirements regarding the independence of various authentication elements are especially important in the context of mobile devices.

If any elements of strong customer authentication or the authentication code is used through a multi-purpose device, like a mobile phone or tablet, the payment service providers shall adopt security measures to mitigate the risk resulting from the device being compromised.

For this purposes, the mitigating measures shall include, but not be limited to;

  • the use of separated secure execution environments through the software installed inside the multi-purpose device
    • This states that secure execution environments can be used. Mobile operating systems like Android and iOS meet this requirement via their sandboxing techniques. However, these mechanisms are only functioning correctly as long as the device is not jailbroken or rooted.
  • you must have mechanisms to ensure that the software or device has not been altered by the payer or by a third-party or have mechanisms to mitigate the consequences of such alteration where this has taken place.
    • This means that you as a Payment Service Providers must use security controls to detect, prevent and respond to the alteration of mobile apps and devices.

The so called "runtime application protection techniques" can accomplish this level of control, and also aid in detecting whether the device is run simulated and used through an emulator.

The Keypasco Solution:

The execution environment protection of Keypasco's mobile SDK not only detects whether or not a device has been rooted or jailbroken, it also provides continuous runtime monitoring that detects whether a debugger has been attached to the application - i.e. the possibility that sensitive data is retrieved from the memory as the application runs.

Moreover, Keypasco's SDK has for many years been able to detect every single mobile device emulator software in the world. This is a vital part to the security of any authentication software executing on mobile devices. Through internal and external testing facilities, we continuously update our simulator detection and execution environment protection.


Transaction risk analysis
PSD2 mandate the usage of transaction risk analysis based on such as, known fraud scenarios, signs of malware infection, and payment amount. Exemptions from risk analysis and Strong Customer Authentication are mentioned for payments that are rated as low-risk purchases by the payment service provider.

The transaction risk assessment should take payment patterns, location and time into account. Even though the maximum payment amount that can be exempted from Strong Customer Authentication is 500 euros, there is a lot of uncertainty and ambiguity regarding what a low-risk amount is. For instance, one factor that weighs heavily on which amount is considered to be a low-risk amount is the fraud rate of the payment service provider.

The Keypasco Solution:

The cost of the Keypasco Solution is by default based on the number of end-users, not the number of transactions. Therefore, a payment service provider using the Keypasco Solution can provide Strong Customer Authentication to every single transaction, regardless of the payment amount, for the same cost.

A core feature of the Keypasco solution is the device based risk engine. Traditional risk engines use probabilistic algorithms that calculate and estimate decisions based on times, transaction type etc. This leads to a certain percentage of false positives that cause inconvenience for all parties involved. The Keypasco's risk engine makes decisions directly based on device data containing device ID, location, time and behavioural history.

In this way, a device that has been used for fraudulent activities for one payment service provider becomes immediately blacklisted and denied access when it appears elsewhere as well. This can provide a single service provider, using the Keypasco Solution, protection and information that greatly exceed what can be obtained by collecting data exclusively from their own users' devices.


What about SMS OTP and other authentication solutions?

There are several other authentication solutions, which could meet the PSD2 requirements of Strong Customer Authentication. Here are some of them, along with the reason why the Keypasco solution does not utilize these:

  • OTP – very insecure, vulnerable to attacks and brings additional cost for the payment service provider.
  • Hardware tokens (one-button OTP generator, PIN challenge-response token, smart card reader etc.) – brings large additional costs for the payment service provider; purchase, distribution, maintenance. Also, they are inconvenient for the end-user.

Get a step closer to secure authentication for your online services, contact us today!

info@keypasco.com | +46 31-10 23 60

 

Are your services PSD2 compliant?

Maybe you already have full control of PSD2, and what it means for you, and your business? If not, no need to worry. Our security solution is PSD2 compliant!

We put together a short summary of the new regulation to give you an overview of what it’s all about.

What is PSD2?
The EU Payment Services Directive, PSD2, has been submitted by the European Banking Authority (EBA) and regulates how financial institutes and third-party services receive customer data information.

PSD2 will allow new players access to the consumers’ payment account to make payments on their behalf and to provide them an overview of their various payment accounts. The institutions holding the payment account of the consumer will have to provide these new players access to the account, for example via an API.

Why PSD2?
The purpose of PSD2 is to make payments safer, increase consumer protection, and create an environment for innovation and competition on equal terms for all players, both established and new ones.

With PSD2 the aim is to reduce the risk of fraud for electronic transactions using Strong Customer Authentication, and enhancing the protection of the consumers’ data.

Strong Customer Authentication
One of the most important things in PSD2 is the need to perform strong authentication of users of electronic payment services.

For all electronic transactions this means that two, or more of the following independent elements must be used:

  • Knowledge – Something only the user knows like password or PIN
  • Possession – Something only the user possesses, the key material
  • Inherence – Something the user is like fingerprint or voice recognition

Strong Customer Authentication will have to be applied each time the user makes a payment, unless:

  • The payment amount is less than, at the moment € 30
  • The beneficiary is already identified

And the first time, and at least every 90 days a user consult their payment account, or an aggregated view of their payment accounts, using an additional service.

Dynamic linking
For secure remote Internet or mobile transactions, you will also need a unique authentication code that dynamically links the transaction to a specific amount and a specific payee.

Fraud protection
PSD2 also implies that you have to detect signs of malware infection in any sessions of the authentication procedure.

When does PSD2 apply?
PSD2 applies to all transactions made, where at least one party is located within the EU, and to all official currencies.

Are you concerned?
This is just the short version. Contact us today for more information. The Keypasco Solution meets all PSD2 requirements and can ensure that your services are PSD2 compliant.

Innovative solution provides Alektum Group protection against digital threats

Photo: TheDigitalWay/Pixbay

To further strengthen the security of Alektum’s services, Alektum Group, and IT security company Keypasco have signed an agreement for cooperation. By using Keypasco’s security solution for their client web, Backstage, and the credit reporting service, Decidas, Alektum Group becomes the first company in Europe to strengthen their user authentication with Keypascos unique innovative solution..

For all companies offering digital services, IT security is an ever-present issue. For Alektum Group, an active security is a matter of certainty, and a necessity. You have to constantly prevent the problems, before they occur. “Both us, and our customers, must feel confident that no unauthorized users can access the information in our systems.” says Anders Svensson, Senior Vice President of Alektum Group.

However, high security requirements often collide with the demands for user-friendliness. A problem, that can arise, when introducing new security solutions, is that they often require a change in user behaviour. Something that could be easier said than done.

A desire to challenge the traditions
Gothenburg-based, IT security company Keypasco, has found a way to solve the problem and deliver both a user-friendly, and safe security solution, where the customers don´t have to change their behaviour. By challenging the traditions and making security solutions easier and more adapted to human behaviour, Keypasco wants to make all types of online services more secure in the future..

“A security solution should not be complicated. On the other hand, it is important that you don’t put user-friendliness over security. With the Keypasco’s solution, we get both user-friendliness and security!” – Camilla Hennemann, CIO, Alektum Group

To simplify things are important. A good security solution should be neither seen nor noticed – as long as no unauthorized attempts to access your information, or carry out transactions in your name, are made.

The user in focus brings better solutions
By choosing a solution adapted to the user, you don’t have to spend time, and resources, on having the users change their behaviour. They can continue to log in using, username, and password – but with much higher security. If someone’s user data is compromised, it doesn´t matter – no-one else can use them anyway.

The Keypasco Solution ensures, that your username, and password, only work on your own computer, mobile or tablet!

Innovative world-class security
To continue to provide a good user experience, Keypasco’s cutting edge technology works in the background to maintain the security behind Alektum Group’s regular application interface. The core of the Keypasco Solution is the collecting of device-related data, from the device (desktop / laptop computer, mobile etc.) from which the login attempt is made. This allows Keypasco to offer something no-one else does – a risk-based authentication solution that is easy to integrate, and can be rolled out in the background to all end users at once.

“Alektum Group will be the first company in Europe to secure their authentication, using the Keypasco solution. It is particularly gratifying that it is a Swedish company, when we now establish ourselves on our home market.” – Maw-Tsong Lin, CEO, Keypasco

In addition, the Keypasco solution provides a unique risk engine, analysing the device behind every authentication attempt to detect fraudulent behaviour, to further increase the security. Several other features also add to the security.

A modern security solution for a modern company
One of the services that will implement the Keypasco Security Solution is the credit information service, Decidas. Decidas Info AB, is a part of Alektum Group, with the task of helping customers to keep their customer records alive and to choose the right customers to do business with.

As one of Sweden’s youngest credit reporting companies, built with the latest technology, it is a matter of certainty to use the best, state-of-the-art technology to control who has access to the service, and to the data available there. It is important, not just to be at the forefront of ones service offerings, but also with the tools and systems you use, and here security plays a very important part.

Anyone should not be able to access your collection cases
The second service, which will gradually implement Keypasco solution, is the online service Backstage, Alektum Group’s client web service for debt collection. Through the service, debt collector customers can monitor all their collection cases at Alektum Group. Of course, no one other than the person authorized shall have access to another person’s debt collection matters. Sensitive information must be well protected, so that no unauthorized persons can access it.

First in Europe, but not in the world
Alektum Group is the first company in Europe to implement Keypasco’s security solution. However, it is not an untested product. Keypasco is already established in the tough Asian market, where the solution is used for everything from banks to smart home systems. Keypasco is based in Gothenburg where all development takes place, but is represented, through local partners, in markets around the world.


About Alektum Group
Alektum Group is a family-owned company offering debt collection and associated services. We support our customers through the entire financial process with a unique combination of innovative services and products, reliable information and legal expertise, helping them find the right customers, improve liquidity, streamline invoicing administration and reduce credit risks. We believe in long-term partnership through close cooperation, tailored solutions and a tactful dialogue with the customer’s customers. Cooperation with us is always simple and effective – the right solutions at the right time for the right results.

Alektum Group has operated since 1992, initially as a debt collection company. Today, we operate in 15 European markets, with around 400 employees and a turnover exceeding SEK 550 million.

Yet another bank chooses a secure future

Photo: youncoco/Pixbay

Together with our partner company Lydsec, Keypasco are pleased to welcome our new customer – Agricultural Bank of Taiwan. They are the 17th customer to use the Keypasco Solution to provide state-of-the-art authentication to enhance the online security for their end-users.

The Agricultural Bank of Taiwan (ABT) is the only officially authorized banking institution in Taiwan that simultaneously functions as a professional agricultural bank and a commercial bank. They provide a full range of commercial banking services for retail customers. The bank assists farmers and fisherman throughout Taiwan in obtaining funds needed for agricultural production. Among their many services ABT offers consumer loans, commercial loans, mortgage loans, and deposit products.

Adaptation to modern authentication requirements

Like most banks and companies today, the Agricultural Bank of Taiwan have set ambitious goals to digitize their services. The rapid development and transition to online banking and mobile solutions however, places new demands on banks to find solutions that don’t compromise on the security for their customers.

“Lydsec will help ABT implement the Keypasco Solution to drastically increase the security of their eBanking customers” – Chengi Lin, CEO, Lydsec Digital Technology

By being open to new innovations and solutions, ABT can be at the forefront of the development and provide their customers with divergent electronic platform services and excellent eBanking services. By providing user-friendly solutions with secure authentication they can keep up a great customer satisfaction.

Keypasco’s partner company in Taiwan

Since 2012 Keypasco´s partner, Lydsec Digital Technology, have been promoting and distributing the Keypasco Solutions in Taiwan. Lydsec introduced the Keypasco Solution to the Taiwanese market to provide a convenient, high-security, and cost-efficient answer to the innumerable security threats that are out there. Thanks to their strong drive solve the problem and to provide reliable security solutions to their customers; their efforts have proven to be very successful.

“It is a great recognition of our joint hard work now that yet another bank in Taiwan have chosen to increase their digital security with the Keypasco Solution.” – Maw-Tsong Lin, CEO, Keypasco

The Keypasco Solution

To ensure a convenient user experience, Keypascos’ cutting-edge technology is working in the background to maintain the security behind the provider’s ordinary application interface. The core technology of the Keypasco solution, the collecting of device-related data – makes it possible to offer something no one else does – a risk-based authentication solution that is easy to integrate and can be rolled-out in the background to ALL end-users at once, regardless of the number of users.

In addition, the Keypasco solution provides a unique risk engine, analysing the device behind every authentication attempt to detect fraudulent behaviour, to further increase the security. Several other features also add to the security.

Money Guard Technologies and Keypasco creates cyber security in the GCC region

Photo: Roman Logov / Unsplash

Keypasco has now teamed up with the Dubai based company Money Guard Technology to cover the GCC region. Together we can implement the Keypasco technology and enhance Internet security in the region.

Internet security is not a national, but a global problem that needs to be solved. All over the world people are becoming more and more dependent on instant online services and can’t imagine going back to a life without a smartphone. But security solutions are struggling to keep up with developments and the old solutions have often proved to be unreliable. In order to continue the development we have to strengthen the security in a new way, with new authentication methods.

Innovative solution

However, there is a glimmer of light in the otherwise gloomy security sky. The Swedish company Keypasco has come up with a new, simple but clever solution to provide secure authentication. By using the unique device ID on the end-user’s own device, like a smartphone, tablet or a desktop/laptop computer, you can make sure that a username and password only works on the right device and in the right location. Simply, Security By Your Own Device!

Money Guard Technologies

Money Guard Technologies is an IT Company providing cash automation for the financial, retail and public sectors. In today’s high speed, competitive market, establishments with in and out cash processing want to increase profits and save time for their customers.

To be able to provide state of the art security solutions for their customers in the GCC region, Money Guard Technologies have signed a partnership agreement with Keypasco. Keypasco´s new-thinking technology complements Money Guard Technologies offer to their customers and together we can provide great solutions with great security.

“Partnering with Keypasco will result in eliminating the daily worries regarding security of transaction and services through users devices. Banks, Governments, Telecommunication, eCommerce etc. will now be able to secure all online transactions with Keypasco ”the most advanced security software”.” Omar AlOmar, CEO, Money Guard Technologies

To ensure a convenient user experience, Keypascos’ cutting-edge technology is working in the background to maintain the security behind the provider’s ordinary application interface. The core technology of the Keypasco solution, the collecting of device-related data – makes it possible to offer something no one else does – a risk-based authentication solution that is easy to integrate and can be rolled-out in the background to ALL end-users at once, regardless of the number of users.

“Together with Money Guard Technologies we can spread Keypasco’s ground breaking innovative technology to new parts of the world” – Per Skygebjerg, COO, Keypasco

In addition, the Keypasco solution provides a unique risk engine, analysing the device behind every authentication attempt to detect fraudulent behaviour, to further increase the security. Several other features also add to the security. To provide customers with the best security solution for their needs, Keypasco have two service models; the Generic Service Model and the Premium Service Model.

“The Keypascos solution offers you a way to secure ALL of your customers without them even knowing it! With our two service models we can help all types of Internet content providers to enhance their security” – Maw-Tsong Lin, CEO, Keypasco

Service Models for any Internet content provider

The Generic Service Model is an embedded solution, without any end-user interaction that instantly secures 100% of the customers. With the Premium Service Model additional features can be added to maximize the security. This is useful for services that demand an extra high level of security like: Finance, eGovern­ment, Credit card protection, Cardless ATM withdrawal and Mobile payment.

Meet up at RSA® Conference 2017

Keypasco will attend RSA® Conference 2017, February 13-17 at Moscone Center, San Francisco. RSA® Conference is one of worlds largest annual expos dedicated to cyber security and attracts visitors from all over the world. Keypasco can be found at South Expo, Booth #S1944. Don’t hesitate to stop by to talk about secure authentication, secure mobility, and try our demo.

The new road to Internet security

photo-rikkichanunsplash700x410

Over the years, reports have been pouring in about leaked account information, stolen passwords, credit card fraud and other troublesome and costly incidents, all due to poor security solutions. Now, the Swedish company Keypasco has come up with a solution that could revolutionize how we address the security problem.

Internet security is an on-going problem for any company that uses a login for their services. Often we are stuck with inadequate existing solutions, and it is easy to be discouraged by all the work involved with implementing a new one. But, by challenging the traditions and making things easier and more adapted to human behaviour Keypasco has come up with a new way to make the Internet a safer place.

“I changed all my passwords to “incorrect” so whenever I forget, it will tell me “your password is incorrect”” – With the Keypasco solution you can stop hassle with passwords

Why does it continue to happen when we all know how important good security is?

There are of course many reasons that contribute; for example username and password is still the most common authentication solution. But as we all know, it is hard to keep track of all the different passwords we need in our daily life, so we tend to use the same or similar password for all services. Some providers, such as in the banking sector, has chosen to add to the security with different hardware tokens, but this solution is not for everyone since they are expensive, difficult to roll-out and to update, and very inconvenient for the end-users.

Another problem with these two solutions, and all other traditional authentication solutions is that they use distributed credentials. But, credentials can, and will be stolen.

Why continue on a dead end street?

We are all dependent on the new smart online services so it is just not an option to continue on this dead end road with the old authentication methods – we need to strengthen the security in a new way.

The solution is already here

To solve this problem the Swedish company Keypasco has come up with a simple but clever solution.

By using the unique device ID on the end-user’s own device, like a smartphone, tablet or a desktop/laptop computer, you can make sure that a username and password only works on the right device and in the right location. Simply, Security By Your Own Device!

The core technology of the Keypasco solution, the collecting of device-related data – makes it possible to offer something no one else does – a risk-based authentication solution that is easy to integrate and can be rolled-out in the background to ALL end-users at once, regardless of the number of users.

“With its ground breaking innovative technology, the Keypascos solution offers you a way to secure ALL of your customers without them even knowing it! With our two new service models we can help all types of Internet content providers to secure their customers” – Maw-Tsong Lin, CEO, Keypasco

In addition, the Keypasco solution provides you with a unique risk engine, analysing the device behind every authentication attempt to detect fraudulent behaviour, to further increase the security. Several other features also add to the security.

To provide customers with the best security solution for their needs, Keypasco have now launched two new service models; the Generic Service Model and the Premium Service Model.

The Generic Service Model is an embedded solution, without any end-user interaction that instantly secures 100% of the customers. With the Premium Service Model additional features can be added to maximize the security. This is useful for services that demand an extra high level of security like: Finance, eGovern­ment, Credit card protection, Cardless ATM withdrawal and Mobile payment.

The Keypasco solution in short

  • Automatic enrolment in background – no end-user interaction
  • Risk-engine – a unique risk engine powered by device data mining
  • Easy to integrate with a current solution
  • Instantly protects all customers after implementation
  • The provider still own the information about the customers, Keypasco can’t access it
  • Scalable solution – suitable regardless of the number of end-users
  • No distributed credentials

Meet up at TRUSTECH

To showcase the solution Keypasco will attend TRUSTECH in Cannes on the French Riviera, November 28 to December 1 at the Palais des Festivals.

TRUSTECH is one of worlds the largest annual events dedicated to trust-based technologies and attracts visitors from all over the world.

Keypasco can be found at stand LERINS E001. Don’t forget to stop by to talk about secure authentication, secure mobility and to see a live demonstration of the Keypasco solution.

Singapore grants Keypasco patent for PKI Sign

Photo: Mike Enerio/Unsplash

To secure the core technology, the foundation of the Keypasco authentication solution, Keypasco has filed patent applications in all major countries. Keypasco are now happy to announce that the patent application for PKI Sign has been granted in Singapore.

Keypasco´s aim is to make the Internet a safer place and to constantly provide cutting-edge security to clients and customers. By challenging the traditions and making things easier and more human we create the Keypasco products and services.

Singapore is an important market for Keypasco. To have the PKI Sign patent been granted is an important step towards further expansion in the country.

“Singapore’s granting of the PKI Sign patent is testament to the innovation and uniqueness of Keypasco. Applying Keypasco technology refreshes a decades old standard (PKI) to address modern day concerns on mobile security; and is a big step forward for Singapore towards an internet safe and digitally enabled Smart Nation”
Tseng Wun Hsiung, CEO at Secur Solutions Group, Keypascos partner in Singapore

Keypasco PKI Sign

PKI (Public Key Infrastructure) has many different uses, but it is primarily used for encrypting and / or signing data. With the trend showing that more and more services, such as eBanking, are moving to mobile platforms, there is a need to transfer the security and PKI standard as well.

PKI is widely adopted as a trusted security standard, even enforced by law in many countries. But traditional PKI solutions often requires a secure carrier for the storage of the distributed PKI-credentials (certificate and private key), like an IC card, USB key, SIM card or SD card. With the Keypasco PKI Sign, you don’t need any additional hardware tokens.

The Keypasco PKI technology, invented by Mr Magnus Lundström, Security Architect and Head of Support at Keypasco, has solved the problem in a smart way. In the Keypasco solution only a part of the private keys are stored encrypted in the mobile. The other parts are stored in the server, by doing it this way there is no need for secure element in the mobile to make an extremely secure solution. The mobile app itself is protected by Keypascos patented core technology; the device authentication.

Singapore is the fourth country to grant Keypasco patent for the Central stored PKI Solution. The PKI Sign patent is now approved in USA, Taiwan, Japan and Singapore.

In total Keypasco holds four different patents that are granted in at least one country, including some of the world’s leading IT-nations such as Korea, Japan, China, Taiwan, European Union and the United States.

Japan grants Keypasco new patents for PKI Sign and Dynamic URL

tokyo-skyline-in-b-w-1446751-1278x520

To secure our core security technology, the foundation for Keypasco’s authentication solution, Keypasco has filed patent applications in all major countries. We are now happy to announce that the patent applications for PKI Sign and Dynamic URL has been granted in Japan.

In total Keypasco holds four different patents that are granted in at least one country, including some of the world’s leading IT-nations such as Korea, Japan, China, Taiwan, European Union and the United States.

Keypasco offers a unique and innovative new generation of software-based solution for secure online transactions. The trend is to use the many new innovative personal wearable devices as part of your own security, and Keypasco is at the forefront of this trend and development. The Internet of Things will continue to surround and connect people at home, at work and on the road. This creates new security and privacy challenges that needs innovative thinking to maintain the mobile security we are becoming increasingly dependent on. Our solution offers a convenient and secure service via the end-user’s own device.

Keypasco’s technology can be used for a wide range of applications such as: Authentication (Internet/mobile banking, eCommerce, mobile payment, online gaming, online betting), fraud protection (Credit card, ATM withdrawal etc), precision marketing (DeviceID application) and access control for Smart Home solutions.


Keypasco PKI Sign

PKI (Public Key Infrastructure) has been recognized as secure and is widely adopted as a security standard even enforced by law in many countries. Traditional PKI solutions often requires a secure carrier for the storage of the distributed PKI-credentials (certificate and private key), like an IC card, USB key, SIM card or SD card. With the Keypasco PKI Sign, there is no need of any additional hardware tokens.

Japan is the third country to grant Keypasco patent for the latest of our inventions: the Central stored PKI Solution. This feature enables us to offer a PKI solution where only a part of the PKI-credentials are decrypted and distributed to a mobile app. The mobile app is protected by the patented core technology; device authentication.

With the trend showing that more and more services, such as eBanking, are moving to mobile platforms, we need to transfer the security and PKI standard as well. Different services like HCE (Host Card Emulation), NFC payment, Internet bank/mobile bank, mobile payment, e-ticket, access control, etc., are typical applications that all use PKI technology.

The question is, how secure is it to store the PKI-credentials in a software application on a mobile phone with an open OS?

The Keypasco PKI technology, invented by Mr. Magnus Lundström, Security Architect and Head of Support at Keypasco, has solved this problem in a smart way. The PKI-credentials are not distributed, but the technology it is still compliant with the PKI regulation. The PKI Sign solution is protected by the Keypasco device authentication technology, which provides several extra layers of protection.

The PKI Sign patent is now approved in USA, Taiwan and Japan.


Keypasco Dynamic URL

Today we all have to keep track of a large number of different passwords and usernames, and it is often required to change them frequently. But good security is unfortunately still not achieved, and to use different tokens for different services is inconceivable, and will never be a standard for many reasons.

Dynamic URL is an extra addition to the Keypasco core technology (secure device authentication) to secure different content providers, while being flexible and intelligent. The Keypasco core technology works in the background and guarantees the security. With the Dynamic URL feature Keypasco can offer Single-Sign-On with one single trusted mobile security app, an ideal solution for cyber security.

With the Keypasco Dynamic URL technology, invented by Mr. Maw-Tsong Lin, CEO at Keypasco, and Mr. Per Skygebjerg, COO at Keypasco, you can have multiple Internet content providers on one side and multiple ID providers on the other. The providers share the same generic security application installed on the end user’s smartphone (also available for tablet, notebook, or PC), and this app has the ability to offer:

  • the Internet content provider a choice to select the ID provider with the best service for the best price
  • the ID provider the possibility to compete with their service content and price
  • the end user a choice to choose the ID provider they prefer and trust

Japan is the fifth country to grant Keypasco with the Dynamic URL patent. The patent is now approved in Taiwan, USA, Japan, European Union and Korea.

Keypasco applies for new patents continuously during the development of the Keypasco authentication solution. This is a part of Keypasco’s on-going strategy to offer cutting-edge technology that provides constantly updated security to its clients and customers.

 

Keypasco Selected as Red Herring Top 100 Europe 2016 Winner

Red Herring WinnerKeypasco has been recognized as a winner of the Red Herring Europe 2016 Award based on innovation and a sound business model for its Keypasco secure multi-factor authentication and secure mobility solution, including the Keypasco PKI Sign. In the past, companies such as Palo Alto Networks, Tenable Network Security, Veracode, Checkmarx and Qualys were among the winners of Red Herring technology Award. This award is a prestigious list honouring the year’s most promising private technology ventures from the European business region.

With users ranging from major banks, to eService businesses and international gaming companies, Keypasco is available to all businesses looking for a secure authentication and/or secure mobile solution to improve security.

Keypasco has previously been awarded for their secure authentication solution. Keypasco won in 2014 the New Product Innovation Leadership Award for Secure Authentication by Frost & Sullivan. Frost & Sullivan then described Keypasco as “a true pioneer of the 21st century for mobile security.” Keypasco is also in the running for the Contactless & Mobile Award in the category of Payment Security, and the winner will be announced the 26th of April 2016.

“I am happy that we have been awarded the Red Herring Top 100 Award. It is a great acknowledgement that our solution is innovative and unique. The largest difference between our mobile security solution and other look-alike mobile solutions is that we use a revolutionary and innovative technology (patents approved) while others still only use traditional technology wrapped in a new shell. Our solution offers our customers possibilities to create new services that were not possible before. It is going to be a natural part of our daily life,” commented Mr. Maw-Tsong Lin, Founder and Chief Executive Officer at Keypasco.

Red Herring’s Top 100 Europe list has become a mark of distinction for identifying promising new companies and entrepreneurs. Red Herring’s editors were among the first to recognize that companies such as Facebook, Twitter, Google, Skype, SalesForce, YouTube, and eBay would change the way we live and work. The Red Herring’s editorial team selected Keypasco out of a pool of two thousand from across Europe. Winners for the 2016 edition of the Red Herring 100 Europe award are selected based upon their technological innovation, management strength, market size, investor record, customer acquisition, and financial health.

About Keypasco
With more than 25 years of individual experience in IT security, Keypasco’s founders are the minds behind some of the revolutionary authentication technology solutions used today. Keypasco offer a patent-approved secure authentication and secure mobility solution to Internet Content Providers in the online gaming and financial/banking industry.

For more information, visit www.keypasco.com, email info@www.keypasco.com or contact us at +46-31-102360.

Red Herring Winner Maw & Per

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

20150419-Keypasco-Selected-as-Red-Herring-Top-100-Europe-2016-Winner