One company is looking to change the way we secure our information on the internet but are we ready to change?

LinkedIn CertiVox SkyPin

Password leaks at some of the words largest and most prestigious web portals are becoming commonplace - and the reason is simple. Hacking is a business and the way security is implemented on most websites makes it worthwhile for cybercriminals to attack.

As seen in the attacks on LinkedIn and Yahoo recently, companies store usernames/password combinations in a single database. All hackers have to do is access this single file and they have the details of all users on the system.

Some companies don't even encrypt their passwords, meaning cybercriminals have even less to do in order to gain access to the valuable details.

The theft of information in this way is big business. According to data released this month by Experian, 36 million pieces of information, including user logins, will be stolen and traded this year - from British online users alone.

It is clear that the current authentication system of username/password is not working, and one company called CertiVox is looking to make a big impact with a completely new way of accessing your private information on the web - by creating a virtual ATM right in your browser.


The biggest stumbling block to its success, according to CertiVox's CEO Brian Spector, is getting users to understand and trust the new service, called SkyPin. However, reading the first line of the company's white paper on SkyPin, doesn't exactly make it very clear:

"SkyPin is a patented and patents-pending multi-factor authenticated key agreement protocol based on elliptic curve bilinear pairing cryptography."

Put simply, SkyPin is a digital locker where your login details to a range of online portals are stored, and all you need to remember is one 4-digit PIN. But the key difference to the current way of doing things, is your information is not stored in a database and Spector says not even the company themselves can crack the encryption used to authenticate your PIN code.

CertiVox is drawing on a decade or more of expertise in the area of cryptography and in 2011 it appointed world-renowned cryptographer Michael Scott, as its chief cryptographer.

How will it work?

This is how the system will work. You fire up your browser, up pops a virtual 9-digit keypad like at an ATM, and you are requested to input your SkyPin. Once you have entered the code, you will then be signed into any service which has signed up to use SkyPin.

Spector reckons any web developer worth his or her salt would be able to implement the SkyPin authentication on their site within five minutes.

The system has come about in part thanks to advances in HTML5 technology which allows Certivox to drop a data block into the browser. It only works with Chrome and Firefox at the moment, though users of Internet Explorer (IE) will be able to use a work around with Chrome Frame, a plug-in which creates a virtual Chrome browser within IE.

This will be vital for people using the system on a work PC which is tied down to using IE.

Spector said that CertiVox is going to give away the SkyPin product for free to most companies who want to implement it on their websites, but will look to make money on with bigger organisations such as financial and medical institutions who will require more support.

The service will begin rolling out in November according to Spector, but users could begin to see another CertiVox service sooner than that.

PrivateSky is a service which is already live, and was created by the company to help sell the SkyPin service. However it proved so popular that it has now been productised. PrivateSky allows users to send and recieve encrypted messages and files, using the same world-class cryptography used with SkyPin.

PrivateSky will become a lot more visible in the coming weeks when it is integrated into Microsoft's Outlook email client, meaning users won't have to sign into a different service to send encrypted files.

"Go big or go home"

Spector believes that SkyPin and PrivateSky will disrupt the way the internet operates and he has big ambitions for the products, using the phrase: "Go big or go home."

In a bid to cope with the possibility the services take off quickly, CertiVox has raised £5m in venture capital, which has enabled it to build a couple of European-based datacentres to handle all of the potential traffic.

Spector believes that something needs to change in the world of internet security and that "if it's not us, then it is going to be something else."

SkyPin will be sold to enterprises as a way of managing who has access to what parts of the system. It will allow system administrators to more easily control access for employees at different security levels.

"Infinity more secure"

The real key to the success of SkyPin is that it is "infinity more secure" than the traditional username/password model according to Spector. He claims that the encryption and authentication technology used in CertiVox's services is so powerful that not even CertiVox can see the data being stored on its system.

When asked if end users would trust a system using just a simple 4-digit PIN, Spector said that was the major stumbling block for the success of SkyPin. He said the company would be able to convince developers and administrators of the value of the service, but convincing end users is an entirely different matter.

Whether or not CertiVox is able to disrupt the industry quite as much as it hopes is unclear, but with the continued embarrassment of leaks and hacks exposing just how weak the current security process is looking like its not going to stop, something has to change -and quickly.