[CCTV News = Reporter Choi Hyung-joo] Once used in SF movies, iris, facial, and fingerprint recognition are no longer future technologies. Today we use biometric authentication technology in many devices very naturally for security.
In response, we met with Yoo Mi-young, CEO of OctatcO, a Korean company that develops biometric authentication modules and supplies them to individuals and businesses, and listened to OctatcO’s philosophy of developing biometric authentication modules and its future goals.
Q. Please introduce OctatcO.
OctatcO is developing a convergence technology that integrates biometric recognition with H/W-based high-security encryption technology that provides strong security and convenience. Based on this, it helps users around the world to use powerful and convenient authentication in their daily computing environment.
Q. What is multi-factor authentication technology and how did it enter the multi-factor certification market?
Multi Factor Authentication refers to the use of two or more authentication methods, such as password, security key, and biometric authentication.
Until now, weak authentication methods that use only passwords have caused serious physical and human losses such as stealing user accounts from crimes and being stolen. As cyber threats from password vulnerabilities continue to increase, the encrypted multi-factor authentication market has been growing rapidly since 2017.
In particular, the market for consumer certification, such as simple payments, has more than tripled, and the market for B2B multi-factor certification has shown a growth rate of 50%. It is no exaggeration to say that communication and digital collaboration patterns within or between organizations have ignited growth of markets for multi-factor certification through the introduction of cloud and others.
The importance of this online authentication method is more emphasized than ever for all companies and government agencies that serve online. Here, the question of “how to more accurately certify users” and “how to manage and maintain systems more safely and comfortably” is a question that can never be left out for digital business processing.
With the massive number of accidents caused by password leaks occurring in Korea, I myself was forced to become one of those victims, and I founded OctatcO to create a strong certification structure that certifies these damages conveniently and safely without sharing any more secrets.
Q. Please introduce the OctatcO product.
First of all, Easyfinger 2, a fingerprint recognition module for online authentication, can be conveniently installed on laptops and desktops. It may be the first time in the world that a single device has implemented both Windows Hello and FIDO2 technologies.
With Easyfinger 2, users in PC environments can extend their services indefinitely to one device, from PC login to groupware login, website authentication and electronic signature. Currently, more than 10 services including Windows PC login and MS office365, as well as Microsoft’s Cloud Azure Active Directory authentication and secondary authentication security keys such as Dropbox, Twitter, and Github are also available immediately.
EasyIris, an iris recognition module for certification, is the world’s first external FIDO UAF certification that supports smartphones and PCs based on the world’s smallest and fastest iris algorithm.
Q. What do you think is the most important aspect of biometric authentication technology, and what philosophy is included in the product?
Biometric technology, which was used in business areas such as national security facilities such as airports and ports, and access control, is becoming more common in general consumer markets.
Biometric technology, which started from smartphone lock-up screen solutions, is developing rapidly and diversely with offline solutions beyond finance, government services, online banking, and electronic signatures, and now we are easily using biometric devices in personal areas such as homes and small shops. I think having both this powerful security and convenience is the most important part of biometric technology.
Under these circumstances, OctatcO has developed the Easy Finger 2 product to make it easier to use many services with a single device. While making the product, customers thought about how to use the authentication method using biometric technology more conveniently, and Easyfinger 2 contains the answer.
EPIFinger 2 is a powerful means of authentication to replace passwords, providing users with experiences such as creating passwords no longer and not forgetting, experience of conveniently authenticating hundreds of services with one device, and not being a victim of massive hacking attacks such as ▲Phishing.
From the perspective of an organization manager, it also provides experiences such as the experience of not having to change passwords regularly anymore, experience of not having to directly manage personal information, and the cost savings from the perspective of an organization manager.
Q. What is the technology and what are the advantages of FIDO in the product?
In the 1960s, the first password was used to securely access large computer system files. In the 1990s, the emergence of the World Wide Web (WWW) led companies that needed online membership management to take and use the previous password system, and the current password world was born.
The password system is a way for only individuals and service companies to share passwords. The problem is that as the number of services used by individuals has increased and the requirements for passwords have become increasingly difficult, it has become difficult to remember all those passwords.
In addition, the password itself soon became a vulnerability as the average number of online users was more than 90 accounts, and more than 51 percent reused the same password in several places. And there have been frequent large-scale hacking attacks that attack the vulnerability, raising calls for a new authentication system that goes beyond passwords.
Against this backdrop, several companies have gathered to establish the Fast Identity Online (FIDO) Alliance with the aim of “more convenient and stronger certification.” Based on public key encryption technology, FIDO technology generates private keys only with personal biometric identification and stores them only in safety areas such as Trusted Platform Module (TPM), which cannot be physically taken out.
As such, FIDO authentication method does not store personal biometric information on servers, so there is no risk of mass leakage of personal information due to corporate hacking accidents, and access to other services or accounts is impossible except for designated biometric recognition methods and customized authentication methods.
In addition, based on biometric authentication methods, various services can be logged in faster and more conveniently than passwords, and web browsers and platforms such as Chrome, Edge, Firefox, and Safari are also supported.
In Korea, FIDO technology is applied to many authentication service apps such as Samsung Pay and mobile banking apps, and LINE, which has 400 million users, said in May that it will apply FIDO2 technology to account logins and Line Pay and “apply FIDO technology to Line Bank and Insurance to support convenient and safe authentication.”
Q. What differentiated technology does OctatcO have?
The most commonly used authentication technology is password, but it accounts for more than 80% of the total data leakage directly or indirectly.
Although industries have introduced various multi-factor solutions such as SMS, OTP, and Dynamic Question for stronger certification, SMS and OTP are still having difficulties in expanding markets due to high man in the middle (MITM) attack issues, high acquisition costs, difficulty in integrating systems, and low user inconvenience.
OctatcO’s Easyfinger2 solved these problems. Using biometric technology, it is impossible to log in to others for theft, and it is cheaper to introduce FIDO2 technology and Windows Hello technology in one device, making it easy to integrate systems with high general purpose.
In particular, the U.S. Standards Institute has adopted a public-key encryption method that meets AAL3 (Assurance Authentication Level3), the highest certification level of NIST’s digital guideline 800-63, to enhance reliability.
Among the existing multi-factor authentication module products, it is difficult to find products that implement these technologies at once, and hundreds of authentication can be carried out conveniently and safely with one Easyfinger 2 product even in PC environment, not smartphone.
Q. How is the market performance after the product launch?
In December 2019, Samsung Life Insurance introduced EZFinger 2 products for certification of all its employees in order to implement a strong certification system. In addition, through cooperation with information security companies, ‘Blockchain Cold Wallet Key’ security fingerprint recognition linkage solution and personal identification of breathalyzer before boarding a vehicle are currently being applied, and other projects in domestic public institutions and banks are currently underway.
In addition, since it started selling directly to the general consumer market, sales of Egfinger have been increasing by 2 to 30 percent every month, and sales have been steadily increasing in online shopping malls such as the U.S., Britain and Japan in addition to the domestic market.
In the case of D, Oktaco’s British distributor and PKI cryptographic technology company, it has been using the EZFinger 2 product ever since it was tested, and it is said to be the most efficient and powerful hardware security key.
A cloud service company, which is supplied with E-finger from D, said it has not allowed a single phishing attack so far after replacing passwords with E-finger, which has also widened its position in the global market.
Q. What is your outlook for the biometric authentication market in the future? And the goal for the future is…
The multi-factor certification market, including biometric technology, is expected to grow at an annual average rate of 26 percent by 2025. With the market also expected to grow rapidly from 6 trillion won to 25 trillion won, 5 trillion won of which is the same hardware security key market as Egfinger.
There are about four global certified security key providers, and OctatcO is the only company that has a dual multi-biometric solution, and OctatcO is the only company in the world that implements Windows Hello and FIDO2 technologies as a single device.
In the future, OctatcO will expand its business to the Korean government and financial institutions based on reliable references such as Samsung Life Insurance, and strengthen overseas exports mainly in advanced countries such as the U.S., Europe, Japan and Singapore to achieve its 6 percent global market share target.
It is also planning to release various types of authentication module products such as card type, key ring type, and wearable device type such as ring in order to provide wider convenience. Through this process, OctatcO will be reborn as a company that supplies the most powerful and competitive certification module products in the B2B and B2C security key markets.