Feature

Sedicii – An Award-Winning Waterford-Based Cybersecurity Firm

Sedicci has won high praise for their progressive technology. Their authentication software uses Zero Knowledge Proof (ZKP) to significantly reduce the risks when exchanging data online. We spoke to Richard Coady, who co-founded the company with Rob Leslie. Richard has vast experience in local and global technology sales and business development and has previously held senior positions at BT (Esat Net), WBT Systems, Prometric and Certiport.

Can you describe what your company Sedicii does?

The authentication of users and the verification of their identity are posing significant challenges for all organisations that need to provide online and offline services within the digital economy. Over 300 million users have had their personal details stolen or exploited in the past 2 years costing both businesses and users an estimated $100 Billion from online fraud.

Sedicii addresses this business and user challenge of protecting user’s private data required for completing web based transactions and also offline telephone transactions. Its patented technology authenticates users without exchanging, storing or exposing any personally identifiable information. In protecting the users’ private data, this proven methodology eliminates data exposure to fraud and radically protects the security of private user data in a user friendly and convenient way.

We have taken the power of the smartphone and linked it the user with a password. With this powerful combination, something you have, something you know and Sedicii’s magic algorithm, Sedicii has created a method that allows a person to access a multitude of services with a single, unified and standardized authentication method with only one password to remember that nobody, anywhere knows except the user.

What are the challenges being faced by users in today’s society?

Today’s internet world requires users of secure services to authenticate themselves before they receive access to the services they seek. The private information that users share online is open to being hacked or compromised. Private information can be intercepted at the user’s browser (where the data is entered), during the transmission (when the data entered is sent to the server/service provider) or at the server (where all user details are stored for future comparison). This need to authenticate has spawned an ever-increasing number of websites that mimic the look and feel of a genuine website with the intention of fooling the unsuspecting user into entering his user credentials (login name and password). These details, once entered, are recorded and used by the fake website operator and ultimately used to steal assets from the user, either in the form of cash or information. Equally, we have seen a huge increase in malware targeting user’s personal computers which record sensitive information such as credentials, bank account and credit card details. Once recorded, this information is then sent to hackers without the user knowing anything has happened, until they notice spurious transactions from their bank account or credit card account.

How does your innovation meet these challenges?

Sedicii solves this massive global problem that is costing the global economy billions of euros every year. Our patented technology allows the user to retain control of their data (passwords, credit cards etc.) so that they can be used without having to expose that information outside their personal devices. Our patented technology has the potential to eliminate a significant portion of global online fraud which is evidenced by the number of winning and finalist positions that we have achieved over the last 10 months, in countries all over the world, from organisations such as BT, Cisco, EY, Accenture and the ITLG.

Sedicii has developed a new method of authenticating users whilst completely protecting their private data. It is based on the Zero Knowledge Proof protocol. Unlike existing current authentication methods, the Sedicii technology uses 1024 bit-key encryption that enables the user to interact online without the need to transmit or share their private password information with anyone. The user password is never stored on any server anywhere, nor is it transmitted from the client to the server. No browser plug-in is needed as Sedicii uses new features available in the HTML 5 standard. Once established, the user’s personal information is stored using abstract patterns, which are really complex mathematical graphs that cannot be decoded without massive computational effort, in order to impersonate you. No password information is stored anywhere except in the user’s head. The value of this unique authentication capability is that it completely removes the need for websites to have to store passwords thereby protecting users from identity theft through phishing or malware attacks. Sedicii’s game changing technology removes the security issues for online service providers because they no longer need to store this key piece of a user’s personal data.

SERVICE OPTIONS

Sedicii is available under an enterprise licence (installed within the customer’s own hardware configuration) or provided as a secure, cloud based, single sign-on service for businesses. It can also easily be integrated with other standard authentication technologies to provide two-factor authentication. As a general reference, pricing for the enterprise licencing option is based on the total number of users, on a per user charge, per year. For early adopters, there is the additional benefit of shared revenue and incentivised pricing available. Further pricing or technology information is available from Sedicii.

Further information on the Sedicii Software and company:

SEDICII ENABLED AUTHENTICATION APPLICATIONS

At a fundamental level, Sedicii provides a robust and intuitive anti-phishing Single Sign-On capability through mutual authentication methods that does not request for users to reveal their passwords at visited websites. Sedicii enables a single authentication server to authenticate with many applications providing the user with a single password to access all websites, applications and databases using Sedicii. This approach facilitates a more cost effective method of password maintenance (password reset etc) and supports a strong password and security policy. Our method of authenticating without exchanging, storing or exposing personal user information is a future proof, robust and scalable architecture for the following possible applications

SEDICII MOBILE AUTHENTICATION (Enhancing Personal Mobile Banking Experience & Security)

Based on Zero Knowledge Proof, Sedicii’s flexible and strong Mobile Authentication provides;

  • User friendly and secure split login authentication approach will protect accounts, whilst maintaining user convenience levels for mobile banking or enterprise log-in.

  • Eliminate the OTP that is transmitted to the phone (or separately created by token generators).

  • A‘by default’ authentication approach that can be re-used with other services, reducing ops/security challenges of multiple passwords.

  • Exponentially increasing security by eliminating the storage and transmission of the user data – less attractive for potential hackers.

SEDICII CONTACT CENTRE AUTHENTICATION (Verifying Identity in an Online or Call Centre Environment)

Based on Zero Knowledge Proof, Sedicii’s flexible and strong Contact Centre Authentication;

  • Creates a secure, mobile PIN authentication process to identify callers to a contact centre in real time and eliminating the need for either party to expose private information during the course of the authentication.

  • Achieves cost efficiencies (up to 20%) and improves customer experience to contact centres

  • Provides a secure and verifiable method for contact centre and customer authentication for both outbound and inbound calls

SEDICII CARD PAYMENT AUTHENTICATION (Enhancing Payment Security with Secure User Authorisation)

The Sedicii Card Payment Authentication solution is designed to inform the card owner when a credit card transaction is being performed with their credit card at a Sedicii enabled merchant website or app and provide the merchant with a non-repudiable method for a person to authorise a CNP (card not present) transaction. The Sedicii solution will support the needs for convenience and security for customers and merchants, in the following ways:

  1. Bind the card owner to the credit card in a highly secure manner that will support nonrepudiation of transactions.

  2. Provide the card owner with immediate contact at the point of sale, when their card is being used, in order to request a final authorisation. If authorisation is not received the transaction can be delayed or voided.

  3. Avoid fraudulent CNP transactions and the financial losses that follow from them.

  4. Avoid chargebacks and fines from the card schemes for breaches of the rules.

SEDICII IDENTITY VALIDATION (Real-time “Know Your Customer” that does not exchange private user data)

The Sedicii Identity Validation solution will validate of personal identity information within a trusted identity ecosystem, where companies and organisations who seek to validate an attribute will pay a nominal fee to verify that attribute against existing, trusted information held by other trusted third parties, thus providing the following:

  1. Enable a legitimate individual or organisation to prove that an identity attribute of an individual is true or false, in real-time, against previously verified data.

  2. Verify identity attribute information, without exposing or storing the underlying information, making the identity verification fast, safe and secure. The attribute details never leave the device, browser or server of the customer or verifier, reducing the burden of responsibility on the merchant whilst still protecting the consumer.

SEDICII ACHIEVEMENTS

Since being formalised in December 2013, the Sedicii Architecture has been selected as winner and finalist with the following Industry leaders.

Date WINNER Date FINALIST / SHORTLISTED
Dec ‘14 EY Startup Challenge “Right to be Forgotten” Jan ‘15 Plug & Play (US) Accelerator Program
Dec ‘14 Matchi Fintech Innovation Challenge – Best Security & Fraud Reduction Product Feb ‘15 Irish Times Innovation Award
Oct ‘14 EU IPACSO Innovative Privacy Company Dec ‘14 Matchi Global Fintech Innovation Challenge for Mobile Payments & Customer Service
Oct ‘14 ITLG 7th Annual Silicon Valley Award for “Most Innovative Company” Dec ‘14 Finalist Accenture Ireland Fintech Innovation Lab
Sep ‘14 EU Commission H2020 research grant of €50,000 Nov ‘14 Semi-finalist in PITCH at the Dublin Web Summit 2014 (final 13 out of 1,500)
Sept‘14 IP Award for R & D Collaboration Sept ‘14 Semi-finalist Cisco IoT Global Challenge
Sep ‘14 IP Award for Technology Transfer of the Year Aug ‘14 Finalist BBVA Next Bank Europe, Barcelona
Oct ‘14 Ulster Bank Regional Award for “Best Business Start Up” May ‘14 Finalist Techcrunch Disrupt, New York City
May‘14 BT Infinity Lab London Winner Apr ‘14 Top 20 Tech Tour Europe – Digital Technology
Feb ‘14 Bank Innovation DEMOvation challenge, Seattle Apr ‘14 Finalist Swift Innotribe Europe, London UK

Related Posts