The dead cell phone token
South African token provider Fire ID is launching today at the RSA Conference in San Francisco. Company CEO Jenny Dugmore is at the show to raise the profile of the company, which to date has business relationships mostly in its home base and in Slovakia.
The company offers a software authentication system that provides a one time password from software loaded on a cell phone. A server in the datacenter carries a duplicate version of the software that uses the same seed to generate the same password. Occasionally, said Dugman, they may get out of sync and then the phone's owner would need to connect to the Internet and sync up with the base server. But most of the time, they would be one or two passwords off and the server would handle that problem automatically.
The cell phone generates a one time password, preferably while not connected to the Internet. Since it's a one time password, keylogging has no effect, and as long as the phone's not connected to the Internet, the password cannot be intercepted.
Starting at $30 per person per year, with steep discounts for volume buys, the software token should compare favorably in price to hardware tokens, and Dugmore also pointed out that it's designed to be loaded on the one item that users will always have with them.
A consumer version of the software will see the clients given away free and the servers sold to enterprises.
If this idea is as good as it seems -- and it's only been on the market since January -- there will be imitators. But it wasn't developed overnight. The company was founded in 2006, launched nationally in South Africa in January, and launches in the U.S. today with big plans. "We believe that the U.S. is potentially our primary market," said Dugmore.
In fact, there's already a competitor in the U.S. market: Charismathics, which hopes to distribute a similar app for the iPhone.