Made in SA

Talent spotting in the Cape

Picking a winner among IT debutantes is tough. Not since Jake White met Luke Watson has it been so hard to decide if someone is the real McCoy.
1 November 2007
Martin Dippenaar is convinced that Global Kinetic's FiveBarGate solution will dramatically reduce phishing and Trojan attacks.

When given a commission to write up an interesting new kid on the industry block, one is asked to judge if they will (or at least could) succeed. It`s not an easy one to call. And, once your opinion is out there, it`s out there. The only clue, given the lack of trading history in many such cases, is that Brainstorm, for one, found the company interesting enough to check out.

But even that is just a pre-qualifier.

When Springbok rugby coach Jake White eventually agreed to give Luke Watson a run (against his better judgement), it was because of immense pressure from Cape fans and rugby administration. And still it went horribly wrong. Brainstorm would never do that. Pre-qualification doesn`t help, being Jake White clearly doesn`t always help either, and besides, I`m no Jake White. I can`t hire a buddy to do my job for me.

Global Kinetic - the lowdown

* Global Kinetic was founded in 2005 by Martin Dippenaar.
* Dippenaar describes his co-workers as "basically a bunch of high-end developers". The company consults on enterprise projects and develops its own products.
* Dippenaar wants to strengthen the group's consulting business while developing more of its own products.
* FiveBarGate employs ten staff, each with nine to 19 years' experience and multiple skills.
* The company's main clients are in the banking, insurance, CRM and production industries.
* Its next step product is a "social network offering with an innovative approach and advertising engine". Global Kinetic also wants to build a charity site, covering all costs, including development, hosting and transactions, and will give the entire donated amount to the charity.
* Outside of work, some employees perform in a band.


The new kid I`m checking out this month is Global Kinetic, the developers of a two-factor authentication technology called FiveBarGate that aims to alleviate the security issues surrounding online banking, e-commerce and even VPN access.

Martin Dippenaar, managing director of Global Kinetic, the creators of the concept, agrees to meet me at his offices in Century City, right next to the new Liberty Life offices and a little way up the road from Business Connexion, CA, PricewaterhouseCoopers, Nashua, SAP, Unisys, Discovery, Vodacom and The Louis Group. To name a few.

This confuses me. How the hell did an unknown end up at Century City? In all fairness, I should point out that while FiveBarGate is a first product for Global Kinetic, the company itself has been around the block more than a few times. Even so, it remains a ten-person Microsoft certified partner whose main business is consulting on Microsoft`s platforms.

But never mind all that. We`re here to find out about Global Kinetic – and its product FiveBarGate – and not about the ticket to wealth that Microsoft consulting clearly is. Two-factor authentication (TFA) is not a new idea. It`s a very old idea, in fact. Will it even get out of the starting blocks?

The first thing to note about this take on TFA is that it`s new. It doesn`t rely on the carrying of a digitag of the kind FNB gives its users, which is just too much trouble. And while it uses the ubiquitous cellphone, making it harder to ignore, it doesn`t require the cellphone to be within signalling range, as FNB`s InContact service does.

This means you can do your online banking safely from overseas, or when you`re out of range (but obviously connected in some other way to your bank`s website), by using your time-dependent ‘gatekey` (an alphanumeric one-time PIN, or OTP, as it were). You also don`t have to wait for an SMS, and for the bank, there`s no charge for generating a unique gatekey every time someone logs in.

Making a hash

Even if our source was made public, it wouldn't matter. The algorithm is unbreakable.
Martin Dippenaar, Global Kinetic
How does it work? A tiny application is loaded onto the user`s cellphone (over the air or via PC cable); on the server side (at the bank) sits a FiveBarGate server application. Both contain a hashing algorithm. On client (phone) side, when the user inputs his or her username and password, the application generates a unique, time-dependent, alphanumeric gatekey, seven characters long and a verification code. The user then enters username, password and gatekey into the bank`s website (on a PC) and is authenticated by the server. Because no decryption is done, but a much-longer-than-gatekey hashing string is merely recalculated on the server, the algorithm is unbreakable, says Dippenaar.

“Even if our source code was made public, it wouldn`t matter. While a bankcard PIN has a one in 10 000 chance of being cracked, this has a one in 261 million chance,” he claims.

That should be challenge enough to give it a chance. As things stand, FiveBarGate has no triallists, which doesn`t make it any easier to conveniently guess at its likelihood to succeed. An insurance company is interested, qualifies Dippenaar. A local software distribution house wants distribution rights too. There`s no rush; FiveBarGate only really debuts this month (November).