Can a security startup based in Bedford, N.H., which relies on Russian cryptography expertise from Moscow, bring about a revolution in the way that users authenticate to gain access to websites today and secure data?
That's what WWPass, founded and privately funded by Russian-born entrepreneur Gene Shablygin, wants to prove with a physical authentication token called the PassKey, with which users can cryptographically authenticate to any Web site supporting the PassKey function via WWPass software on an Apache server. What's different here, according to WWPass executives, is that users on their own manage their own encryption keys, and neither WWPass nor the website know what the keys are or who the users are.
[ Windows 7 is making huge inroads into business IT. But with it comes new security threats and security methods. InfoWorld's expert contributors show you how to secure the new OS in the "Windows 7 Security Deep Dive" PDF guide. ]
MORE ON SECURITY: 6 security companies to watch
In the WWPass authentication service, the user identity is anonymous to the website supporting WWPass , while another service that could be invoked, the "Personal Secure Storage," would let users securely store data.
Alan Taffel, chief marketing officer, admits WWPass has no websites at present to announce that support WWPass currently. But he claims that Shablygin, now a naturalized American citizen, who also founded the Moscow-based information-technology firm Jet Infosystems, has spent three years organizing the development of the WWPass technology in what's his first U.S. venture.
"Gene needed a different set of credentials for every application he was accessing," says Taffel, noting that the desire to come up with something better was the motivation to him to find a better way to do this. Today, the 50 employees of WWPass, about half of them in Moscow, have what they say can work as breakthrough single sign-on authentication for websites, applications and services, while also allowing for secure data storage.
The PassKey, which WWPass plans to market for about $29.95, can be supplied in a variety of formats, including USB fobs, cards and smartphone apps. It could be used with near-field communication (NFC) technology coming into use on smartphones, according to Eric Scace, chief strategy officer. The PassKey comes as keyset with a second token that the user can turn to if the original passkey is lost or stolen.
As part of the business model, the plan is to charge service providers supporting WWPass authentication about $5 per 1,000 authentications. Winning needed attention for something as novel as PassKey could be an uphill battle, but the company says it's confident about the security provided in its technology and knows there's a business need.
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security.
Read more about wide area network in Network World's Wide Area Network section.