Can a security startup which relies on Russian cryptography expertise bring about a revolution in the way that users authenticate to gain access to websites today and secure data?
That's what WWPass, founded and privately funded by Russian-born entrepreneur Gene Shablygin, wants to prove with a physical authentication token called the PassKey, with which users can cryptographically authenticate to any website supporting the PassKey function via WWPass software on an Apache server.
What's different here, according to WWPass executives, is that users on their own manage their own encryption keys, and neither WWPass nor the website know what the keys are or who the users are.
In the WWPass authentication service, the user identity is anonymous to the website supporting WWPass, while another service that could be invoked, the "Personal Secure Storage," would let users securely store data.
Alan Taffel, chief marketing officer, admits WWPass has no websites to announce that support WWPass currently. But he claims that Shablygin, now a naturalised American citizen, who also founded the information technology firm Jet Infosystems, has spent three years organising the development of the WWPass technology in what's his first US venture.
"Gene needed a different set of credentials for every application he was accessing," says Taffel, noting that the desire to come up with something better was the motivation to him to find a better way to do this. Today, the 50 employees of WWPass, about half of them in Moscow, have what they say is a breakthrough single sign-on authentication for websites, applications and services, while also allowing for secure data storage.
The PassKey can be supplied in a variety of formats, including USB fobs, cards and smartphone apps. It could be used with near-field communication (NFC) technology coming into use on smartphones, according to Eric Scace, chief strategy officer. The PassKey comes as keyset with a second token that the user can turn to if the original passkey is lost or stolen.
As part of the business model, the plan is to charge service providers supporting WWPass authentication about $5 (£3) per 1,000 authentications. Winning needed attention for something as novel as PassKey could be an uphill battle, but the company says it's confident about the security provided in its technology and knows there's a business need.