PINoptic

ePINoptic

ePINoptic is a visual probabilistic one time password authentication security solution which provides a highly secure, flexible and easy to integrate response to online fraud and hacking. ePINoptic can be installed in a variety of implementations between existing servers and IT devices to suit technical department traffic requirements.

From logging in to an application or network via the internet to secure online banking, parental controls and e-commerce, PINoptic is an easy to roll-out solution which requires only a small mental shift for users who are used to PIN or password based systems.

Description

ePINoptic is an innovative way of replacing typical PINs and password systems commonly used to make payments and login to online applications and websites whilst providing vastly improved levels of security without putting extra burden on the user.

In the digital age, all of us carry around in our heads (and frighteningly our wallets) a plethora of passwords to access content or conduct transactions whilst online resulting inevitably in 'password fatigue'. ePINoptic is a simple, easy to integrate alternative that allows the user to have a memorable picture password which they use everytime but in doing so they generate and enter a one-time password using number or letters associated with those pictures.

Applications include:
  • Online Login
  • Online banking
  • E-commerce
  • Content & Resources Access
  • VPN & Remote Access
  • Parental Controls

Benefits

  • Considerably more secure than simple passwords.
  • PINoptic research shows that the majority of users are able to remember images better than numbers resulting in fewer password resets and reminders.
  • Integration is truly flexible as an integrator can specify architecture and software split between server(s) and devices. This allows CIOs to dictate traffic levels.
  • Pre-packaged PINoptic symbol-sets support ease of consumer understanding and ubiquity i.e. One password could be used for everything without compromising security levels and this prevents 'password fatigue' - single logon.
  • No need to carry additional hardware making it more convenient than token based systems whilst providing similar levels of security.
  • New symbol or image sets can be designed by the vendor/brand-owner for uniqueness or branding purposes.
  • Symbol sets scale well for use on the plethora of internet enabled devices - PCs, laptops, PDAs, mobile phones etc.
  • Uses images as well as numbers which means it passes the Turing test and cannot be cracked by computer programmes.
  • API based package allows for simple integration.

Technical Info

Software development kits (SDK) are available. The first is written in C++ for easy integration into host devices. A static library is available for Windows PCs and a small-footprint version for Windows Mobile platforms. The second SDK is in Java for integration with web-based applications. Others will follow shortly - please ask for more information.

Each SDK comprises a PINoptic authentication engine and a straightforward applications programmer interface (API) which allows control of:

Configuration including:
  • Number, size, shape and position of virtual buttons.
  • Design, size and position of the images on each virtual button.
  • The number of elements in the PIC code.
  • The choice between static and dynamic PINoptic grids.

And operation including:
  • PIC code setting.
  • PIC code authentication.

Implementation

PINoptic licenses the use of its software development kit which includes technical support, bespoke development training and customisable end-user training so that a VPOTP solution can be created to suit your needs and your unique IT/network environment.

ePINoptic solutions can be simply implemented and can be integrated in house without external contractors having access to servers.

Market information

The number of passwords and logins web users need makes it inevitable they will re-use phrases, warned the International Telecommunications Union.

  • 61% of us use the same password wherever we can, with more than one in 10 people having 50 or more separate online accounts to log into, many are not only using the same password for everything, but also writing all their passwords. Sixty percent of those questioned in the survey admitted using the same numbers or words for multiple accounts. (@www survey, February2008)
  • 52% of chief information security officers acknowledged having a "Moat & Castle" approach to their overall network security. They admitted that once the perimeter security is penetrated, their networks are at risk. (Preventsys and Qualys research)
  • 1 in 3 workers jot down their computer password, undermining their security. (Nucleus Research and KnowledgeStorm, November 2006)
  • The average cost of insider data breaches is $3.4 million per business per year. (Ponemon Institute/ArcSight, September 2006)
  • 68% of information security professionals at large organizations say laptops pose the biggest security risk. (Enterprise Strategy Group, March 2006)
  • 52% of internet users do their banking online, nearly a third (32%) pay their utility bills online and almost a quarter (23%) buy their groceries online. These trends coupled with the rising value of the UK online economy (British shoppers spent £13.5 billion online during the first half of 2006), mean the internet is increasingly a target for criminals and fraudsters. 18% of people won't shop online due to fear of online crime. (Get Safe Online survey, December 2006)
  • Many people are also leaving themselves vulnerable to internet hackers, by not taking enough care to create secure passwords. Fifty one per cent of respondents use the same password for more than one website. (Get Safe Online survey, December 2006)
  • The number of so-called phishing attacks had soared from 3,394 during the first three months of 2007 to 10,235 during the first quarter of 2008. (APACS Januaury 2008)