Belgian start-up ticto presents world-première: a unique and intelligent security solution through visual authentication
Brussels, 30 October 2014 – Belgian start-up ticto launches the tictopass, a unique identification system that allows visual authentication of people who are authorized to access a specific event or site. This electronic badge, built using state-of-the-art smartcard technology, ensures that this visible authentication cannot be replicated owing to an ingenious system of cryptographic algorithms and clock synchronization. It has a similar security system as a banking card. The solution will be presented for the first time at the "CARTES" international payment, mobility and identification fair from 4 to 6 November 2014 in Paris. For companies and governmental institutions interested in a tictopass test run, the solution is now available for pilots.
Nowadays, security breaches of access systems still happen all too frequently. Take the recent examples of the sabotage of the Doel 4 nuclear reactor, near Antwerp in Belgium, which led to the temporary shutdown of the plant, or the access system at the Belgian Police Headquarters that proved to be easily hacked. Or the multiple occasions at which activists manage to breach security surrounding politicians at European summits.
And it is a global issue. In a 2010 study by the US Army Police Department, their undercover investigators were able to purchase near-perfect counterfeit ID cards and badges on the Internet or through other channels. Fraudulent badges and credentials were used to penetrate the security at several buildings such as military installations, federal courthouses, state buildings and commercial airports. Once granted access, the investigators entered areas designated as "Restricted" or "Authorized Personnel Only" and were able to wander around without being challenged by employees or security personnel. Again and again, we see attempts to make fake ID cards through widely available credit card printers. Hackers can put their own picture on a badge and just pretend to be authorized. Transgressors might also use expired badges, enter zones for which their badge has no authorization, or simply forget to register electronically with their badge at the prescribed point.
The study showed that, when shown a badge, most people assume it is legitimate. And even if they wanted to verify the badge, they do not have the practical means to do so. Beyond an access point, no one can perform a proper check without disturbing workers by asking for their badge. Today, the only reliable way to verify the validity of a badge is by electronic verification of the chip within a smartcard badge, which is currently the true "secure element" of a badging platform.
These examples reveal that current access and identification systems are still vulnerable. As a result, organizations enforcing laws and regulations often close down entire work sites to verify the individual ID badges or papers of each person present and check whether they adhere to the rules. This entails major costs and disruptions for all parties involved.
ticto is the first company to propose a unique solution for trustworthy and visible crowd authentication: the tictopass. The tictopass is a security badge in the form of a smartcard with a security and protection system modelled on an electronic ID or banking card. It contains a display covering the entire badge, a colour LED, a real-time clock and a cryptographic function similar to the one used by banks. Anyone wearing a tictopass can immediately be recognized thanks to a perfect synchronization system displaying a continuous succession of identical but unpredictable graphical images. Each of these images is the equivalent of a one-time-password. The tictopass transforms the internal secure element of a badge into a reliable visible indicator that the badge is authentic and has the right credentials and permissions. ticto has thus created a real solution for "visual crowd authentication"
In order to make the first tictopasses, the crowd authentication solution was reduced to practice through the skill and know-how of ticto's leading technology partners: beyond.io, INTO IT Applications and NagraID Security, a subsidiary of Oberthur Technologies. "The tictopass is an advanced, yet simple and effective solution to visually authenticate crowds" said Philippe Guillaud, Head of Innovation – Powered Products at NagraID Security. "Our Innovation Team's expertise in digital security and embedding of sensitive electronics in compact form factors has been very beneficial in the development of this product. It is the first electronic badge to combine electronic paper technology, a wireless interface and a secure element, while maintaining a very low power profile to ensure extended non-stop operation".
This authentication system is very attractive to many companies, institutions and business sectors:
1. High-risk sectors (for example to verify personnel authorizations at chemical or nuclear plants that are typically split up into dozens of separate security and safety zones);
2. Companies, conferences or organizations where confidentiality is important (for example international conferences with dozens of breakout sessions, each with its own access policies);
3. The transport sector (transportation hubs such as ports or airports where open and closed-off zones with different security levels coexist alongside one another);
4. Open-air work sites such as construction sites, agricultural activities or free-access markets (to check whether the many people present are authorized to work there);
5. The medical and care sector (where there is a need to verify whether the people on the site have the necessary qualifications and permissions).
Several major companies and institutions already believe in the business concept and are entering a phase where the tictopass will be tested in real working conditions. These companies include: BASF Antwerp, Brussels Airport, Group Cordeel, Lunch Garden, SCK•CEN (Belgian Nuclear Research Center) Mol, Willemen Group.
ticto has developed this authentication system by partnering with the following leading companies :
• beyond.io: A Research and Design lab for hire
• bundl: We deliver high end creativity for successful products
• INTO IT Applications: Creating convenience. Customized software development with focus on smart card technology
• NagraID Security: The World Leader in Display Card Manufacturing, subsidiary of Oberthur Technologies
• Voxdale: Design and Engineering Agency
About ticto
ticto is a start-up company, headed by CEO Johan Vinckier, that has developed the tictopass and holds the patent rights and other intellectual property rights. This Belgian company developed the tictopass through its work for companies seeking a solution for assuring that people in open environments have the necessary access qualifications and permissions. Johan Vinckier brings extensive experience and commitment as a former partner at McKinsey & Company, having navigated bpost through its transformation as a member of the Executive Committee and as a founder/president of Certipost, responsible for the digital signatures of the Belgian e-ID card. Other members of the ticto management team are Joseph Baert (ex-Certipost), Jean Claeys (INTO IT) and Bruno Moreau (founder of ASK).
A demo of the tictopass system will be given on stand 4 K 069 of NagraID Security at the "CARTES" international payment, mobility and identification fair in Paris from 4 to 6 November 2014.
www.ticto.com
Brussels, 30 October 2014 – Belgian start-up ticto launches the tictopass, a unique identification system that allows visual authentication of people who are authorized to access a specific event or site. This electronic badge, built using state-of-the-art smartcard technology, ensures that this visible authentication cannot be replicated owing to an ingenious system of cryptographic algorithms and clock synchronization. It has a similar security system as a banking card. The solution will be presented for the first time at the “CARTES” international payment, mobility and identification fair from 4 to 6 November 2014 in Paris. For companies and governmental institutions interested in a tictopass test run, the solution is now available for pilots.
Nowadays, security breaches of access systems still happen all too frequently. Take the recent examples of the sabotage of the Doel 4 nuclear reactor, near Antwerp in Belgium, which led to the temporary shutdown of the plant, or the access system at the Belgian Police Headquarters that proved to be easily hacked. Or the multiple occasions at which activists manage to breach security surrounding politicians at European summits.
And it is a global issue. In a 2010 study by the US Army Police Department, their undercover investigators were able to purchase near-perfect counterfeit ID cards and badges on the Internet or through other channels. Fraudulent badges and credentials were used to penetrate the security at several buildings such as military installations, federal courthouses, state buildings and commercial airports. Once granted access, the investigators entered areas designated as "Restricted" or "Authorized Personnel Only" and were able to wander around without being challenged by employees or security personnel. Again and again, we see attempts to make fake ID cards through widely available credit card printers. Hackers can put their own picture on a badge and just pretend to be authorized. Transgressors might also use expired badges, enter zones for which their badge has no authorization, or simply forget to register electronically with their badge at the prescribed point.
The study showed that, when shown a badge, most people assume it is legitimate. And even if they wanted to verify the badge, they do not have the practical means to do so. Beyond an access point, no one can perform a proper check without disturbing workers by asking for their badge. Today, the only reliable way to verify the validity of a badge is by electronic verification of the chip within a smartcard badge, which is currently the true “secure element” of a badging platform.
These examples reveal that current access and identification systems are still vulnerable. As a result, organizations enforcing laws and regulations often close down entire work sites to verify the individual ID badges or papers of each person present and check whether they adhere to the rules. This entails major costs and disruptions for all parties involved.
ticto is the first company to propose a unique solution for trustworthy and visible crowd authentication: the tictopass. The tictopass is a security badge in the form of a smartcard with a security and protection system modelled on an electronic ID or banking card. It contains a display covering the entire badge, a colour LED, a real-time clock and a cryptographic function similar to the one used by banks. Anyone wearing a tictopass can immediately be recognized thanks to a perfect synchronization system displaying a continuous succession of identical but unpredictable graphical images. Each of these images is the equivalent of a one-time-password. The tictopass transforms the internal secure element of a badge into a reliable visible indicator that the badge is authentic and has the right credentials and permissions. ticto has thus created a real solution for “visual crowd authentication”
In order to make the first tictopasses, the crowd authentication solution was reduced to practice through the skill and know-how of ticto’s leading technology partners: beyond.io, INTO IT Applications and NagraID Security, a subsidiary of Oberthur Technologies. “The tictopass is an advanced, yet simple and effective solution to visually authenticate crowds” said Philippe Guillaud, Head of Innovation – Powered Products at NagraID Security. “Our Innovation Team’s expertise in digital security and embedding of sensitive electronics in compact form factors has been very beneficial in the development of this product. It is the first electronic badge to combine electronic paper technology, a wireless interface and a secure element, while maintaining a very low power profile to ensure extended non-stop operation”.
This authentication system is very attractive to many companies, institutions and business sectors:
1. High-risk sectors (for example to verify personnel authorizations at chemical or nuclear plants that are typically split up into dozens of separate security and safety zones);
2. Companies, conferences or organizations where confidentiality is important (for example international conferences with dozens of breakout sessions, each with its own access policies);
3. The transport sector (transportation hubs such as ports or airports where open and closed-off zones with different security levels coexist alongside one another);
4. Open-air work sites such as construction sites, agricultural activities or free-access markets (to check whether the many people present are authorized to work there);
5. The medical and care sector (where there is a need to verify whether the people on the site have the necessary qualifications and permissions).
Several major companies and institutions already believe in the business concept and are entering a phase where the tictopass will be tested in real working conditions. These companies include: BASF Antwerp, Brussels Airport, Group Cordeel, Lunch Garden, SCK•CEN (Belgian Nuclear Research Center) Mol, Willemen Group.
ticto has developed this authentication system by partnering with the following leading companies :
· beyond.io: A Research and Design lab for hire
· bundl: We deliver high end creativity for successful products
· INTO IT Applications: Creating convenience. Customized software development with focus on smart card technology
· NagraID Security: The World Leader in Display Card Manufacturing, subsidiary of Oberthur Technologies
· Voxdale: Design and Engineering Agency
About ticto
ticto is a start-up company, headed by CEO Johan Vinckier, that has developed the tictopass and holds the patent rights and other intellectual property rights. This Belgian company developed the tictopass through its work for companies seeking a solution for assuring that people in open environments have the necessary access qualifications and permissions. Johan Vinckier brings extensive experience and commitment as a former partner at McKinsey & Company, having navigated bpost through its transformation as a member of the Executive Committee and as a founder/president of Certipost, responsible for the digital signatures of the Belgian e-ID card. Other members of the ticto management team are Joseph Baert (ex-Certipost), Jean Claeys (INTO IT) and Bruno Moreau (founder of ASK).
A demo of the tictopass system will be given on stand 4 K 069 of NagraID Security at the “CARTES” international payment, mobility and identification fair in Paris from 4 to 6 November 2014.