Following IT security firm e-Lock Corporation's recent partnership local data centre services provider HeiTech Managed Services to provide Malaysian enterprises with a cloud-based file integrity monitoring solution, Computerworld Malaysia asked e-Lock Corporation's founder and chief executive officer, Dr Ken Leong, to give more details of the company's security approach.
Photo - Dr Ken Leong, Founder and CEO of e-Lock Corporation Sdn Bhd
Could you give us some of the background story behind your solution?
We started e-Lock back in 1996 and that's when our journey as an IT security company began. We came up with TheGRID solution when we realize the typical approach for online identity authentication via user's login ID and secret password is highly susceptible to identity theft. There are many identity theft techniques that online criminals use such as phishing, pharming, keylogging and man-in-the-middle attacks and there was not one effective solution that can counter all these known techniques. Existing available solutions were also expensive and cumbersome to implement.
As such we came out with TheGRID in the year 2005 as a complete solution in preventing all these identity theft techniques.
TheGRID works by implementing two-factor authentication using the user's device as the additional 2nd factor proof of the user's identity. It registers the set of devices used by the user to access the website and associating the set of devices to the user's login ID, two-factor authentication is achieved by uniquely Identifying the user's device and verifying it with the list of registered devices for that particular user.
Initially, TheGRID was operating on web browsers on user's desktop computers. In the year 2011, with the pervasiveness of smartphones we came out TheGRID Beacon which is a revolutionary two-factor authentication using mobile technology. It is a new breakthrough in the implementation of a simple yet secure authentication & authorization services for Internet applications. TheGRID Beacon is a mobile application and its supporting backend components effectively transform a mobile phone into a powerful platform for an out-of-band, second-factor authentication & authorization device.
What kind of features set this apart from other solutions on offer to Malaysians and how does it help in today's increasingly complex and risky environment?
TheGRID Beacon unique main features are its' simplistic design and its ability to give the user the full empowerment over his/her online account. TheGRID Beacon utilizes the users' existing personal smartphones for authentication. The user simply toggles a button to activate or deactivate a beacon as such TheGRID Beacon essentially gives user control over his /her online identity.
Users are empowered to fully control whether their online account is active or totally switched off using their registered mobile device. So, even if the ID and password of the user have been stolen, the users online account is in off state, preventing any access by unauthorized parties.
Moreover, TheGRID Beacon enables remote transaction approval over the users' smartphones, any transaction performed online must first be approved by the user via the registered mobile device before it is allowed to go through.
TheGRID Beacon is more superior than other two-factor solutions based on mobile devices such as SMS one time password which has numerous known security weaknesses. In short, TheGRID Beacon stands out because it provides the required security and advanced features without compromising on the convenience and usability.
How has the solution fared in the market so far?
The solution has performed well beyond our expectation and companies that have implemented it are highly impressed by the scalability, ease of use and also the flexibility of the solution.
A great case study for TheGRID Beacon usage would be its implementation at SBI Sumishin Net Bank ("SSNB") which is the largest internet bank in Japan. SSNB is a very forward looking company and is always open to new technologies and ideas. Thus when our business partner in Japan introduced the concept of using TheGRID Beacon for authentication and transactional approval using smartphones they were extremely excited. Prior to the implementation of TheGRID Beacon they were using already a non smartphone mobile based application for authentication.
Sign up for Computerworld eNewsletters.