BEDFORD, NH--(Marketwire - Feb 14, 2012) - WWPass (www.wwpass.com), a new entrant in the Identity and Access Management (IAM) and secure cloud storage markets, today unveiled a new approach to user authentication that is as convenient for users as a username/password yet provides greater security and convenience than one-time-password tokens. The service's users employ a single set of anonymous credentials for authentication into applications, sites, physically secure areas, and even affinity programs. Unlike other IAM systems, WWPass maintains no database of user identities -- eliminating a vulnerability that has led to multiple instances of identity theft. WWPass' secure, dispersed cloud storage service encrypts and fragments data, distributes those fragments around the globe, and stores them anonymously. Together the services reconcile the trade-offs between convenience and security that typify other approaches.
"Enterprises have invested heavily in secure storage and authentication tools for years, yet data breaches have become increasingly commonplace," said Alan Taffel, Chief Marketing Officer at WWPass. "At the same time, users resist higher-security tools as well as the proliferation of single-application tokens, cards, and affinity program tags burdening their wallets, purses and key chains. Those approaches are all inconvenient! The only solution is a new approach to security that is dirt simple to use but extraordinarily advanced behind the curtain. We launched WWPass to offer the market one such new approach to solving these access management and data protection problems."
Replacing IDs with PassKeys
Unlike conventional secure forms of authentication, which require a separate password and/or token for each application, WWPass offers a universal credential, a "PassKey," for accessing any application, including networks, applications, transaction systems, or even locked doors. The PassKey is a cryptographic secure element that provides secure access to an unlimited number of WWPass-enabled applications, services and technologies. The PassKey is available in multiple hardware form factors including a USB/NFC fob and a smart card. A "soft" PassKey in the form of a SmartPhone app will be available shortly.
The PassKey holds neither the user's identity nor any application-specific credentials. One PassKey and its associated password can securely replace many existing cards, keys, and login-password pairs. If a PassKey is lost or stolen, its owner can instantly and autonomously disable the missing device and create a replacement.
On the other side of an authentication session, WWPass-enabled applications, servers or other systems bi-laterally authenticate with WWPass. WWPass then independently identifies to the user the website requesting credentials. Together with the elimination of username/passwords for website log-in, these steps reduce susceptibility to phishing.
The WWPass system also allows applications to set their own requirements for the stringency of user credentials (e.g., one versus multi-factor, hard versus soft credential) and notifies every application when the user removes their PassKey.
Although each user employs a single WWPass PassKey for access to all WWPass-enabled applications, each application receives only application-specific credentials or data from WWPass' authentication and dispersed storage services. This approach prevents applications from correlating user identities based on username/password. As a further security measure, WWPass does not store user identities or associate users with their applications; indeed, all users are anonymous to WWPass, as are the owners of any data that WWPass stores.
Using a free API and software development kit provided by WWPass, developers, service providers and enterprises can "WWPass enable" any application, database or service. WWPass has already enabled popular, enterprise-oriented open source applications, including Apache Web servers, Magento e-commerce servers, WordPress CMS systems, and PKCS11-compliant secure applications such as Thunderbird email, Linux login, and OpenVPN. WWPass also offers with every PassKey a bundle of personal applications that utilize its technology, including Personal Secure Storage (an "electronic safe deposit box") and a secure password storage browser plug-in for use with websites not yet WWPass-enabled.
Offering More Secure Cloud Storage
In addition to safely and anonymously authenticating users and their applications, WWPass offers individuals and enterprises a method of storing data that is far more secure than existing cloud-based solutions. Unlike traditional approaches to cloud storage, WWPass employs an anonymous, globally dispersed storage scheme. Prior to transmission to WWPass, user data is encrypted via an algorithm and encryption key controlled by and known only to the PassKey. Upon receiving the encrypted data, WWPass transforms it into a dozen unrecognizable fragments, which it then disperses to storage centers around the world. Stored fragments contain no meta-data identifying either the originating user or the associated application. As a result, each WWPass data center contains only incomprehensible data fragments, of unknown ownership, that are encrypted with a key and algorithm unknown to WWPass. WWPass' dispersed storage service is inherently redundant; any six of the twelve fragments are sufficient to reconstitute the complete, original encrypted data.
"Taken together, these new technologies offer a sophisticated solution to user and application authentication and secure cloud storage problems," said Eric Scace, Chief Strategy Officer for WWPass. "With this approach, we're giving both users and their applications more security and more convenience -- two things they have never before been able to get in a single offering. And we do this while preserving user anonymity, a completely unique and important improvement to privacy and personal identity protection. We don't know anything about our users -- and we never want to."
For additional information on WWPass, please visit: wwpass.com
WWPass' executives will be offering live demos of their groundbreaking technology during RSA 2012. To set up a time to meet with them, please contact Michelle Schafer at Schafer@merrittgrp.com or 703.403.6377.
About WWPass
WWPass is dedicated to making the privacy and security of both personal and enterprise data so convenient to implement and use that these attributes become universal to all applications. To that end, the company offers tightly integrated solutions in the Identity and Access Management (IAM) and secure cloud storage markets. With WWPass authentication services, users employ a single anonymous credential with which they safely access an unlimited number of applications and sites. WWPass cloud storage services utilize encryption, fragmentation, and global dispersion to store data anonymously and more securely than with traditional cloud storage offerings. WWPass is headquartered in Bedford, NH. For more information, visit WWPass at wwpass.com.