[2025 Excellent Information Security Technologies 2] Interview with Lee Jaehyoung, CEO of OCTATCO

• The Ministry of Science and ICT designates OCTATCO as “2025 Excellent Information Security Technology”

• Phishing-resistant M2A Service and Fingerprint Security Key Technology selected

• Zero-trust-based security and convenience enhanced by combining biometric data and other factors

• Plans for global market expansion centered in Asia, including Singapore, Southeast Asia, and Japan

OCTATCO has been designated as a “2025 Excellent Information Security Technology”. The Excellent Information Security Technology designation is a technology selected through a review by the Ministry of Science and ICT, based on novelty, originality, and commercialization potential of domestic information security technologies. A total of 9 technologies were selected.

The technologies designated for OCTATCO include its Zero-trust-based Phishing-resistant M2A Service and Fingerprint Security Key Technology. These technologies are gaining attention for eliminating vulnerabilities in traditional authentication methods and being optimized for the Zero Trust model.

In this interview with The Tech Edge, we hear from Lee Jaehyoung, CEO of OCTATCO, about the technologies recognized as “2025 Excellent Information Security Technologies”.

Q. Could you introduce OCTATCO’s technology designated as “2025 Excellent Information Security Technology”?

Recently, the security landscape has shifted from “Authentication” to “Trust.” It is increasingly important not just to verify “Is this the user?” but to also verify factors like the device used by the user, their location, time of access, and behavioral patterns. This reflects a market understanding that simple two-factor authentication (like checking numbers, codes, or biometric data) is no longer enough.

In this context, OCTATCO has established the concept of M2A (Multi-Attribute Authentication). This system does not rely on a single factor but instead considers various attributes (like biometric information, device trust, network environment, and location) simultaneously to judge authentication. By combining these elements, we aim to offer enhanced security and user convenience.

Additionally, our FIDO2-based fingerprint security key, the EzFinger series, is designed with WebAuthn compatibility, creating a secure zone inside the device. It encrypts biometric data and other personal information, preventing theft or duplication, while maintaining usability and compatibility. [Image]

Q. What is the future direction for OCTATCO’s security technology development?

In the current cybersecurity market, authentication is evolving not just as a standalone technology, but as an integrated part of access control (Authorization), policy enforcement, and device inventory. Accordingly, OCTATCO is moving beyond simple authentication solutions to develop a platform that encompasses Identity and Access Management (Workforce IAM) for enterprises.

For example, M2A technology will be integrated with Single Sign-On (SSO), allowing users to securely access various systems (such as ERP, email, groupware, VPN, etc.) with just one authentication.

Moreover, administrators will be able to configure authentication policies for different apps, allowing for adaptive authentication strategies where sensitive systems require more attributes. This structure could eventually expand to integrate AI-based behavior analysis, risk detection, and threat intelligence.

]

Q. How does OCTATCO’s security technology compare to global standards?

OCTATCO’s core technology is designed around international standards. In particular, the authentication policies are developed to meet the AAL (Authentication Assurance Level) framework of the US NIST SP800-63. OCTATCO’s products fully support FIDO2/WebAuthn.

In the US, federal agencies are now mandating Phishing-resistant authentication for all sensitive system access, as outlined by OMB M-22-09. Private institutions are also restructuring their security systems to align with this standard.

In Korea, while SMS and OTP based authentication are still commonly used, there is increasing demand for technology upgrades to counter new threats such as phishing and session hijacking, particularly in the financial sector.

OCTATCO possesses technologies that align with these international security trends and is already delivering solutions after undergoing partner verification with global companies.

Q. What was the motivation behind developing this technology?

Many security breaches begin with the theft of authentication information. As technology advances, attackers are opting for indirect methods rather than direct confrontations.

For example, OTP, SMS, and email link-based authentication are highly vulnerable to phishing attacks or session hijacking through proxy servers. Users began to feel that "two-factor authentication is still being breached," and companies started to search for fundamental alternatives to traditional MFA systems.

In response, OCTATCO recognized the need for a new authentication system that evaluates complex signals rather than just a simple combination of elements. This led to the development of M2A technology.

Q. What were the challenges faced in developing the technology?

The biggest challenge was strengthening security without compromising user experience. As more attributes are added to the authentication process, user authentication times may increase, and implementing highly secure devices inevitably leads to higher costs and management complexity.

To overcome this, OCTATCO prioritized the attributes and implemented policy-based authentication to minimize the perceived steps for users while enabling administrators to configure policies for each app and user group.

OCTATCO’s authentication platform is designed with seamless integration into various systems used by companies (groupware, VPN, ERP, etc.). It focuses on automating integration, improving user and device management efficiency, and policy-based access control. We also plan to expand support for various integration standards in the future.

Q. What policies, systems, and technical aspects need improvement for security technology development?

Policy-wise, many public institutions and some private sectors in Korea have yet to introduce the concept of Phishing-resistant authentication. OTP and SMS are still considered secure methods, and government projects and authentication standards do not adequately address the latest threats. There is a need for policy standards for resilient, strong authentication that can defend against phishing, session hijacking, and bypass attacks.

Technically, there is a need for a standard authentication framework, open APIs, and visualization-based tools that help administrators understand and control authentication policies, particularly for small and medium-sized enterprises (SMEs).

Institutionally, the introduction of guidelines for next-generation authentication methods like Passkey and FIDO2, as well as preferential policies for authentication adoption, could accelerate innovation in domestic authentication technology.

Q. What are your technological development goals for this year?

In 2025, we aim to focus on enhancing the M2A platform and SaaS-based SSO services. As enterprise IT environments become more complex, we are focusing on enhancing features that allow real-time analysis of context (such as user, device, access environment, time, etc.) beyond traditional multi-factor authentication.

To achieve this, we plan to develop a context processing engine that will evaluate various attributes like user, device, access environment, and time zone, applying risk-based authentication policies automatically to provide a flexible authentication system capable of handling sophisticated attacks like phishing, session hijacking, and privilege abuse.

We will also improve the SaaS-based SSO service to make it easier for companies to integrate with existing systems and centrally manage authentication policies for each app, offering an enhanced administrator experience (UX). Additionally, the SaaS model ensures quick adoption and maintenance efficiency.

The hardware security key (EzFinger series) is also being enhanced to improve reliability and security while maintaining user experience and compatibility, allowing for more refined authentication elements and policy integration.

Q. What are OCTATCO’s future plans?

In the future, OCTATCO is focused on the shift from user-based authentication to context-based authentication. Simply relying on user ID is no longer enough to verify trust. Authentication systems based on factors like device trust, access location, time, and usage patterns are becoming the security standard.

To respond to this change, OCTATCO plans to enhance the context-aware scope of M2A and develop more advanced algorithms for situational risk assessment. We aim to integrate ID management, auditing features, and facilitate the adoption of Zero Trust within organizations.

Additionally, based on our technical and regulatory experience in Korea, we plan to expand into the global market starting from 2025, focusing on Asia, including Singapore, Southeast Asia, and Japan, with tailored authentication services and SaaS offerings customized to local regulations and security environments.

OCTATCO views authentication not just as a login method but as a core infrastructure that implements the organization’s security philosophy. We will continue to research and strengthen our technology and operational structure accordingly.

[By The Tech Edge’s Chief Editor]

[Read the original Korean article here]