Startup Nok Nok Labs Pitches Strong New Authentication Process

Nok Nok Labs officially opened its doors today to introduce client/server-based technology proposed as an innovative foundation for flexible, strong multi-factor security that can be used in e-commerce, Web services or the enterprise.

By Ellen Messmer
Tue, February 12, 2013

Network World — Nok Nok Labs officially opened its doors today to introduce client/server-based technology proposed as an innovative foundation for flexible, strong multi-factor security that can be used in e-commerce, Web services or the enterprise.

Slideshow: 33 Questions to Ask About Your Company's Security

Slideshow: 15 Free Security Tools You Should Try

Nok Nok's software, expected out next month, is based on a new authentication protocol developed by an industry group known as the Fast IDentity Online Alliance, or FIDO Alliance for short. This group, backed by PayPal, Lenovo and Infineon as well as Nok Nok Labs, has developed what's called the Online Security Transaction Protocol (OSTP) to be able to go beyond simple user passwords and logins to flexibly bring into play a much stronger multi-factor identity check online before allowing certain types of Web access or secure transactions to occur.

[ ROUNDUP: 12 Must-Watch Security Startups for 2013A

"It's trying to solve the problem of weak authentication," says Phil Dunkelberger, CEO of Palo Alto, Calif.-based Nok Nok, whose software product is at heart a browser plug-in and back-end software development kit for a server that supports FIDO's OSTP.

The OSTP client piece, which can be in a browser or chip, works transparently to the user to set up this new method for security authentication when it works in conjunction with the back-end OSTP server component, he points out.

It works by basically combining information gained about the user's device, whether it be computer or mobile, to inventory whether it has the trusted platform module (TPM) chip or webcam or fingerprint device or other biometrics, two-factor authentication software or various other possibilities. It binds all of this selected information through a cryptographic process to create a shared secret between the back-end server and the device. This process is carried out so that e-commerce companies, for example, could automatically shift to higher security multi-factor authentication to verify user identity online in more high-stakes transactions.

The idea, says Dunkelberger, is that users will decide to electively have this higher-level multi-factor authentication used, especially when they become involved in online monetary transactions in e-commerce.

The co-founders of Nok Nok include Ramesh Kesanupalli, its chief alliance officer; Michael Barrett, who is the chief information security officer at PayPal; and encryption expert and IT consultant Dr. Taher Elgamal. Barrett is also active in the FIDO Alliance. Nok Nok Labs, founded in 2011, has about 30 employees and has received $15 million in funding from Onset Ventures and Doll Capital Management. Board members include Richard Clarke, CEO of Good Harbor Consulting, and Barrett.

1 2 next page »

Originally published on www.networkworld.com. Click here to read the original story.

More from CIO

You are here: Technology Topics » Security » News

Most Recent Security Stories

White Papers »

2012 Confidential Documents at Risk Study by the Ponemon Institute

This study, which surveyed 622 IT and security practitioners with an average of more than 11 years of experience, answers this question.

IDC: Benefits of Unified Endpoint Data Management in Embracing BYOD

This report describes how a unified approach to endpoint data management addresses the challenges IT faces with BYOD and the consumerization of IT.

Inquiry Spotlight: Consumer-Facing Identity

The challenges of consumer-facing identity management, access management, and authentication differ in ways subtle and dramatic from those of the employee-facing variety.

Top 10 Endpoint Backup Mistakes

When considering endpoint backup options, be sure you're making the right decisions. Protecting data on endpoints has become more challenging because of recent trends like exponential data growth, the rise in endpoints, BYOD, and SaaS applications.

8 Must-Have Features for Endpoint Backup

Save IT time and maximize user productivity by choosing the right features. Protect corporate data while benefiting administrators and users.

Gartner Critical Capabilities Report

Gartner rates Druva "Excellent" for endpoint backup in Critical Capabilities report. Given the rise of mobility and BYOD, endpoint backup must evolve to meet the unique needs of the mobile & office workforce.

Webcasts »

Customer Success Video (State of Michigan)

Learn how the State of Michigan is utilizing DeepSight security intelligence to protect critical infrastructure.

PGI Customer Success Video

Learn how PGI is using Symantec Managed Security Services to protect their systems, while allowing them to focus on running, and building, their business.

Simplifying the Complexity of Mobility: A Holistic Approach to Develop a Mobile Enterprise Strategy

Simplifying the Complexity of Mobility

Vblock Specialized System for SAP HANA

Overview video from DJ Long about the new Vblock Specialized System for SAP HANA.

ActiveSync on BlackBerry 10: What Does it Enable?

Find out how ActiveSync works with BlackBerry® 10 to enable basic security and device management features. See what's involved in setup. And learn about BlackBerry® Enterprise Service 10, for full Enterprise Mobility Management.

Software Asset Management - Program Considerations to Help Reduce Risk and Lower Costs

SAM: A must have IT tool to help reduce costs and minimize business and legal risks.