Tyfone Connected Smart Card Solution Fixes Cyber Security and Biometric Vulnerabilities

• May 15, 2013

Tyfone, a mobile financial and security pioneer with more than 80 granted and pending patents, today unveiled its Connected Smart Card (CSC) solution – a combination of hardware products, software solutions and hosted services – that enables financial, government, healthcare and other enterprises to augment passwords and other user ID information used to access sensitive information. Tyfone’s CSC solution uniquely combines centralized data with local, device validation to strengthen and simplify the centralized storing of passwords, credit card numbers and other digital ID credentials, optimally ensuring security to keep passwords, payment and biometric ID information out of the hands of cybercriminals.

“Criminals have always robbed banks because ‘that’s where the money is,’ but today’s cybercriminals prefer the centralized databases that store individuals’ passwords because with passwords they can loot literally millions of bank accounts and credit card numbers, steal sensitive government and corporate data, and hack critical infrastructure such as power grids,” said Dr. Siva Narendra, CEO of Tyfone.  “Recognizing this threat, Tyfone worked closely with our financial and government customers to implement our CSC technology, a next-generation cyber security solution that enables the locally-secured, hardware-enabled storage of passwords, card preset payment information, biometrics and other ID credentials to keep criminals and hackers at bay.”

Tyfone’s CSC solution operates much like the traditional plastic smart card systems already in widespread use, but has a much smaller physical footprint and uniquely has the ability to connect to any mobile device, tablet or PC. Tyfone’s CSC hardware works with all existing software, smart card applets, password schemes and digital certificates, making it the first truly interoperable solution that secures the device, the identity and the transaction, controlling access to ID information in a unique combination of distributed and local (on device) layers.  This unprecedented approach allows for seamless integration with organizations’ existing smart card-driven security solutions, maximizing investments in security infrastructure.  The end result is that Tyfone’s CSC solution ensures that employees, consumers and other end-users can securely access their bank accounts or email, pay online as a card preset transaction or enter a building without the vulnerability that comes with today’s centralized storing of passwords or biometric IDs. 

New Data Security Approach Necessary for Increasing Cyber Attacks

Cyber security is a critical and growing concern for governments and financial institutions as access to sensitive information and financial transactions are increasingly done via mobile devices and websites, which utilize password protection.  Of particular concern is the security of these passwords, which are stored centrally – and increasingly in the cloud – making these databases vulnerable and tempting targets for hackers.  According to Deloitte, one of the top auditing and consulting firms worldwide, 90 percent of centrally-stored passwords are currently vulnerable.  Additionally, according to Wired Magazine, more than 280 million stored passwords have been compromised over the past 18 months.

Though further bolstering authentication through the use of thumbprints and other biometric IDs has been touted as a solution, the reality is that biometric credentials are unique, sensitive, personal information and therefore actually more vulnerable than passwords, if centrally stored in the cloud.  This greater vulnerability is because a person’s thumbprints and other biometric data cannot be changed if stolen, whereas passwords can be changed after a breach has occurred.

“While cloud services increase productivity by allowing for ubiquitous, anywhere access, centralized data create centralized points of failure,” said Dr. Steve Crocker, Tyfone advisory board member and an Internet Hall of Fame inductee for his work that lead to the development of ARPANET, a precursor to the Internet.

“There are two solutions to this centralization problem. One option, as more services move to the centralized cloud servers is to migrate identity storage to be client centric. This client-centric approach helps prevent a single hack from compromising millions of identities, like recent hacks of Zappos.com or LinkedIn," added Crocker. "The other alternative is to have a completely distributed storage that syncs up between various authenticated clients without any centralized storage. This distributed approach also prevents massive loss of data from a single hacking event. In either case, information and/or control of access to information is distributed, making the authentication solution more robust.”

CSC Availability and Incorporation into Existing Systems

Tyfone’s CSC solution is currently in pilot deployments for strategic customers with general availability planned for the fourth quarter this year. Organizations interested in joining the pilot or integrating Tyfone’s CSC solution with their own security products can contact Tyfone at [email protected].