The latest wave of cyber attacks affecting British Airways’ frequent-flier accounts, the coding site GitHub and some Uber account holders have highlighted the importance of online privacy. With hackers more adept than ever at bypassing sophisticated software systems, the pressure is on for coders to create innovative privacy solutions that will keep sensitive information safe.
In such a commercially-driven marketplace, success will be measured not only by a system’s effectiveness but also its licensing potential. Seeking and gaining patent protection for these innovations is therefore key.
To strengthen online security, we are moving on from the use of traditional passwords to visually-based authentication solutions.
An excellent example is PixelPin’s photo-based login system. Here, users create a password by selecting a personal photograph and calibrating a series of four spatial markers, which when touched in order allows access to an online account or application. For example, a photograph of a bicycle could provide password protection where the handlebars, seat, front and back wheels are selected in sequence.
One of the first instances of such technology was created by GrIDsure, who devised a visual system through which consumers could access a secure PIN code which reset after each use.
The chip and PIN system took the form of a 5×5 grid, each square filled with a number from 0 to 9. By remembering their ‘pin pattern’ users could identify their single use code as the four numbers which fell into their pre-memorised ‘pin squares’. Each time the ‘pin squares’ remained the same but the numbers reset, providing a secure, disposable PIN code.
While small firms and tech start-ups regularly come up with these innovations, they often rely on pick-up and licensing agreements from large, multi-national corporates in order to make their product a financial success. This end-goal is achievable however, as novel authentication systems are largely patentable and less conceptual than most software programmes, which are often more difficult to protect.
Moving forward, the onus will likely move not only towards improved data protection but also improved breach detection, with firms requiring effective ‘alarm systems’ to detect breaches as they occur. Identifying hacker activity in real time can prove vital in damage limitation and can provide businesses with the opportunity to neutralise threats before they escalate. It is important that industry leaders share information about the nature and timing of cyber-attacks, working together to identify vulnerabilities.
In the case of authentication, while visually based systems are largely more secure than simple textual passwords, the trend for multi-factor authentication seems to be gaining momentum. Here, users are required to provide numerous pieces of qualifying information often including something that they know, such as a traditional password, something that they have, for example a token or smartcard and a biometric such as a fingerprint impression.
As cloud computing and big data grow in significance in the day-to-day activities of many companies and consumers continue to store a wealth of data online, the role of technologists in improving web security will prove crucial. In this marketplace, devising an effective privacy solution could reap huge financial benefits. With hackers growing in prominence, the race is on.
Sourced from Michael Jaeger, patent attorney at Withers & Rogers