UK security integrator Torotech has begun offering a new take on securing online transactions such as banking access: a digital fingerprinting system that uses the uniqueness of a piece of user hardware as an authentication token.
Torotech's "Digital DNA" offering takes advantage of the fact that even mass-produced hardware is never completely homogenous. This means that a particular PC, or even a peripheral such as a USB stick or mobile phone, has a unique profile that can be used in the authentication process.
For instance, the system can identify individual devices of the same brand, model and capacity, using supposedly non-forgeable data such as serial numbers, according to Mobilegov, the Franco-British firm that developed the underlying Digital DNA technology.
Mobilegov originally intended Digital DNA for controlling the access of peripheral storage devices to corporate networks, but Torotech argued the system could be ideal for applications such as banking, e-commerce and secure remote working.
Under Torotech's system, the first time a user logs onto a bank or e-commerce site, the site takes a fingerprint of one user-supplied hardware device, whether the PC itself or a peripheral.
Each time the user subsequently logs on, that device is needed to complete the authentication process.
Users who want to log on from multiple locations could use a peripheral device such as a mobile phone or PDA for authentication, said Torotech managing director David Hawksworth.
The technique gets around limitations in the use of ordinary authentication tokens such as smartcards or single-use PIN generators, according to Torotech.
For instance, if a peripheral device is used for authentication, it matters less if that device is lost or stolen, since its role in authentication is not evident to anyone aside from the user, the company pointed out.
The Digital DNA system also cuts the costs that can be associated with maintaining systems that rely on smartcards, tokens or readers, Torotech said.
"Digital DNA is so unique, like our own DNA, that it is impossible to duplicate and therefore can be used to protect personal data and financial information to a much higher level than ever before," Hawksworth said in a statement.
The system covers a range of devices, including removable storage but also network cards, Bluetooth modems, keyboards, monitors and others hardware.
Mobilegov, which developed the underlying technology, is a 2004 spin-off of the European eJustice project, which aimed primarily to develop biometric authentication technologies.