Brainstorm Magazine

  • Full Screen
  • Wide Screen
  • Narrow Screen
  • Increase font size
  • Default font size
  • Decrease font size

Talent spotting in the Cape

Picking a winner among IT debutantes is tough. Not since Jake White met Luke Watson has it been so hard to decide if someone is the real McCoy.

BY  Carel Alberts , 1 November 20070 comments

Martin Dippenaar is convinced that Global Kinetic's FiveBarGate solution will dramatically reduce phishing and Trojan attacks.Martin Dippenaar is convinced that Global Kinetic's FiveBarGate solution will dramatically reduce phishing and Trojan attacks.

E-mailPrint


When given a commission to write up an interesting new kid on the industry block, one is asked to judge if they will (or at least could) succeed. It`s not an easy one to call. And, once your opinion is out there, it`s out there. The only clue, given the lack of trading history in many such cases, is that Brainstorm, for one, found the company interesting enough to check out.

But even that is just a pre-qualifier.

When Springbok rugby coach Jake White eventually agreed to give Luke Watson a run (against his better judgement), it was because of immense pressure from Cape fans and rugby administration. And still it went horribly wrong. Brainstorm would never do that. Pre-qualification doesn`t help, being Jake White clearly doesn`t always help either, and besides, I`m no Jake White. I can`t hire a buddy to do my job for me.

Two-factor

The new kid I`m checking out this month is Global Kinetic, the developers of a two-factor authentication technology called FiveBarGate that aims to alleviate the security issues surrounding online banking, e-commerce and even VPN access.

Martin Dippenaar, managing director of Global Kinetic, the creators of the concept, agrees to meet me at his offices in Century City, right next to the new Liberty Life offices and a little way up the road from Business Connexion, CA, PricewaterhouseCoopers, Nashua, SAP, Unisys, Discovery, Vodacom and The Louis Group. To name a few.

This confuses me. How the hell did an unknown end up at Century City? In all fairness, I should point out that while FiveBarGate is a first product for Global Kinetic, the company itself has been around the block more than a few times. Even so, it remains a ten-person Microsoft certified partner whose main business is consulting on Microsoft`s platforms.

But never mind all that. We`re here to find out about Global Kinetic – and its product FiveBarGate – and not about the ticket to wealth that Microsoft consulting clearly is. Two-factor authentication (TFA) is not a new idea. It`s a very old idea, in fact. Will it even get out of the starting blocks?

The first thing to note about this take on TFA is that it`s new. It doesn`t rely on the carrying of a digitag of the kind FNB gives its users, which is just too much trouble. And while it uses the ubiquitous cellphone, making it harder to ignore, it doesn`t require the cellphone to be within signalling range, as FNB`s InContact service does.

This means you can do your online banking safely from overseas, or when you`re out of range (but obviously connected in some other way to your bank`s website), by using your time-dependent ‘gatekey` (an alphanumeric one-time PIN, or OTP, as it were). You also don`t have to wait for an SMS, and for the bank, there`s no charge for generating a unique gatekey every time someone logs in.


Making a hash


Even if our source was made public, it wouldn't matter. The algorithm is unbreakable.
Martin Dippenaar, Global Kinetic
How does it work? A tiny application is loaded onto the user`s cellphone (over the air or via PC cable); on the server side (at the bank) sits a FiveBarGate server application. Both contain a hashing algorithm. On client (phone) side, when the user inputs his or her username and password, the application generates a unique, time-dependent, alphanumeric gatekey, seven characters long and a verification code. The user then enters username, password and gatekey into the bank`s website (on a PC) and is authenticated by the server. Because no decryption is done, but a much-longer-than-gatekey hashing string is merely recalculated on the server, the algorithm is unbreakable, says Dippenaar.

“Even if our source code was made public, it wouldn`t matter. While a bankcard PIN has a one in 10 000 chance of being cracked, this has a one in 261 million chance,” he claims.

That should be challenge enough to give it a chance. As things stand, FiveBarGate has no triallists, which doesn`t make it any easier to conveniently guess at its likelihood to succeed. An insurance company is interested, qualifies Dippenaar. A local software distribution house wants distribution rights too. There`s no rush; FiveBarGate only really debuts this month (November).



Tags: Seriously  Made in SA