Access Control

Google is making autofill on Chrome for mobile more secure

Posted by | Access Control, Android, biometrics, Chrome, computing, cryptography, Google, Identification, identity management, internet security, Mobile, Password, password manager, Security, smartphones, TC | No Comments

Google today announced a new autofill experience for Chrome on mobile that will use biometric authentication for credit card transactions, as well as an updated built-in password manager that will make signing in to a site a bit more straightforward.

Image Credits: Google

Chrome already uses the W3C WebAuthn standard for biometric authentication on Windows and Mac. With this update, this feature is now also coming to Android .

If you’ve ever bought something through the browser on your Android phone, you know that Chrome always asks you to enter the CVC code from your credit card to ensure that it’s really you — even if you have the credit card number stored on your phone. That was always a bit of a hassle, especially when your credit card wasn’t close to you.

Now, you can use your phone’s biometric authentication to buy those new sneakers with just your fingerprint — no CVC needed. Or you can opt out, too, as you’re not required to enroll in this new system.

As for the password manager, the update here is the new touch-to-fill feature that shows you your saved accounts for a given site through a standard Android dialog. That’s something you’re probably used to from your desktop-based password manager already, but it’s definitely a major new built-in convenience feature for Chrome — and the more people opt to use password managers, the safer the web will be. This new feature is coming to Chrome on Android in the next few weeks, but Google says that “is only the start.”

Image Credits: Google

 

Powered by WPeMatico

To make locks touchless, Proxy bluetooth ID raises $42M

Posted by | Access Control, Apps, Enterprise, funding, Fundings & Exits, hardware, keyless entry, Kleiner Perkins, Mobile, OpenPath, privacy, proxy, Recent Funding, scale ventures, Security, smartlock, Startups, TC, Y Combinator | No Comments

We need to go hands-off in the age of coronavirus. That means touching fewer doors, elevators, and sign-in iPads. But once a building is using phone-based identity for security, there’s opportunities to speed up access to WIFI networks and printers, or personalize conference rooms and video call set-ups. Keyless office entry startup Proxy wants to deliver all of this while keeping your phone in your pocket.

The door is just a starting point” Proxy co-founder and CEO Denis Mars tells me. “We’re . . . empowering a movement to take back control of our privacy, our sense of self, our humanity, our individuality.”

With the contagion concerns and security risks of people rubbing dirty, cloneable, stealable key cards against their office doors, investors see big potential in Proxy. Today it’s announcing here a $42 million Series B led by Scale Venture Partners with participation from former funders Kleiner Perkins and Y Combinator plus new additions Silicon Valley Bank and West Ventures.

The raise brings Proxy to $58.8 million in funding so it can staff up at offices across the world and speed up deployments of its door sensor hardware and access control software. “We’re spread thin” says Mars. “Part of this funding is to try to grow up as quickly as possible and not grow for growth sake. We’re making sure we’re secure, meeting all the privacy requirements.”

How does Proxy work? Employers get their staff to install an app that knows their identity within the company, including when and where they’re allowed entry. Buildings install Proxy’s signal readers, which can either integrate with existing access control software or the startup’s own management dashboard.

Employees can then open doors, elevators, turnstiles, and garages with a Bluetooth low-energy signal without having to even take their phone out. Bosses can also opt to require a facial scan or fingerprint or a wave of the phone near the sensor. Existing keycards and fobs still work with Proxy’s Pro readers. Proxy costs about $300 to $350 per reader, plus installation and a $30 per month per reader subscription to its management software.

Now the company is expanding access to devices once you’re already in the building thanks to its SDK and APIs. Wifi router-makers are starting to pre-provision their hardware to automatically connect the phones of employees or temporarily allow registered guests with Proxy installed — no need for passwords written on whiteboards. Its new Nano sensors can also be hooked up to printers and vending machines to verify access or charge expense accounts. And food delivery companies can add the Proxy SDK so couriers can be granted the momentary ability to open doors when they arrive with lunch.

Rather than just indiscriminately beaming your identity out into the world, Proxy uses tokenized credentials so only its sensors know who you are. Users have to approve of new networks’ ability to read their tokens, Proxy has SOC-2 security audit certification, and complies with GDPR. “We feel very strongly about where the biometrics are stored . . . they should stay on your phone” says Mars.

Yet despite integrating with the technology for two-factor entry unlocks, Mars says “We’re not big fans of facial recognition. You don’t want every random company having your face in their database. The face becomes the password you were supposed to change every 30 days.”

Keeping your data and identity safe as we see an explosion of Internet Of Things devices was actually the impetus for starting Proxy. Mars had sold his teleconferencing startup Bitplay to Jive Software where he met his eventually co-founder Simon Ratner, who’d joined after his video annotation startup  Omnisio was acquired by YouTube. Mars was frustrated about every IoT lightbulb and appliance wanting him to download an app, set up a profile, and give it his data.

The duo founded Proxy in 2016 as a universal identity signal. Today it has over 60 customers. While other apps want you to constantly open them, Proxy’s purpose is to work silently in the background and make people more productive. “We believe the most important technologies in the world don’t seek your attention. They work for you, they empower you, and they get out of the way so you can focus your attention on what matters most — living your life.”

Now Proxy could actually help save lives. “The nature of our product is contactless interactions in commercial buildings and workplaces so there’s a bit of an unintended benefit that helps prevent the spread of the virus” Mars explains. “We have seen an uptick in customers starting to set doors and other experiences in longer-range hands-free mode so that users can walk up to an automated door and not have to touch the handles or badge/reader every time.”

The big challenge facing Proxy is maintaining security and dependability since it’s a mission-critical business. A bug or outage could potentially lock employees out of their workplace (when they eventually return from quarantine). It will have to keep hackers out of employee files. Proxy needs to stay ahead of access control incumbents like ADT and HID as well as smaller direct competitors like $10 million-funded Nexkey and $28 million-funded Openpath.

Luckily, Proxy has found a powerful growth flywheel. First an office in a big building gets set up, then they convince the real estate manager to equip the lobby’s turnstiles and elevators with Proxy. Other tenants in the building start to use it, so they buy Proxy for their office. Then they get their offices in other cities on board…starting the flywheel again. That’s why Proxy is doubling down on sales to commercial real estate owners.

The question is when Proxy will start knocking on consumers’ doors. While leveling up into the enterprise access control software business might be tough for home smartlock companies like August, Proxy could go down market if it built more physical lock hardware. Perhaps we’ll start to get smart homes that know who’s home, and stop having to carry pointy metal sticks in our pockets.

Powered by WPeMatico

Verkada raises $80M at $1.6B to be every building’s security OS

Posted by | Access Control, Apps, artificial intelligence, Aydin Senkut, Cloud, Felicis Ventures, funding, Fundings & Exits, hardware, Meritech Capital partners, Mobile, Next47, Security, security cameras, sequoia capital, Startups, TC, Verkada | No Comments

Fifty iPads were stolen from Verkada co-founder Hans Robertson’s old company. Only when they checked the security system did they realize the video cameras hadn’t been working for months. He was pissed. “The market lagged behind the progress seen in the consumer space, where someone could buy high-end cameras with cloud-based software to protect their home,” Verkada’s CEO and co-founder Filip Kaliszan tells me of his own attempt to buy enterprise-grade security hardware.

Usually, startups ascend on the backs of fresh technologies and developer platforms. But Kaliszan and Robertson realized that commercial security was so backward that just implementing the established principles of machine vision and the cloud could create a huge company. The plan was to keep data secure yet accessible and train its cameras to take clearer photos when AI detects suspicious situations instead of just grainy video.

At first, few could see the vision through the slow upgrade cycles and basement security rooms common with most potential clients. “The seed and the A were extremely difficult rounds to raise compared to the later rounds because people didn’t believe we could execute what were are proposing,” Kaliszan glumly recalls.

But today Verkada receives a huge vote of confidence. It just raised an $80 million Series C at a stunning $1.6 billion post-money valuation thanks to lead investor Felicis Ventures writing Verkada its biggest check to date. The cash brings Verkada to $139 million in funding to sell dome cameras, fisheye lenses, footage viewing stations and the software to monitor it all from anywhere.

Why sink in so much cash at a valuation triple that of Verkada’s $540 million price tag after its April 2019 Series B? Because Verkada wants to bring two-factor authentication to doors with its new access control system that it’s announcing is now in beta testing ahead of a Spring launch. Instead of just allowing a stealable key fob or badge to open your office entryway, it could ask you to look into a Verkada camera too so it can match your face to your permissions.

“Our mission is to be the essential physical security software layer for every building, and the foundation of a larger enterprise IoT infrastructure,” Kaliszan tells me. By uniting security cameras and door locks in one system, it could keep banks, schools, hospitals, government buildings and businesses safe while offering new insights on how their spaces are used.

The founders’ pedigrees don’t hurt its efforts to sell that future to investors like Next47, Sequoia Capital and Meritech Capital, which joined the round. Robertson co-founded IT startup Meraki and sold it to Cisco for $1.2 billion. Kaliszan and his other co-founders Benjamin Bercovitz and James Ren started CourseRank for education software while at Stanford before selling it to Chegg.

Making a better product than what’s out there isn’t rocket science, though. Many building security systems only let footage be accessed from a control room in the building… which doesn’t help much if everyone’s trying to escape due to emergency or if a manager elsewhere simply wants to take a look. Verkada’s cloud lets the right employees keep watch from mobile, and data is also stored locally on the cameras so they keep recording even if the internet cuts out. “Our competitors stream unencrypted video and it’s on you to protect it. We’re responsible for handling that data,” Kaliszan says.

Verkada’s machine vision software can make sense of all the footage its cameras collect. “We can immediately show them all the video containing a particular person of interest rather than manually searching through hours of footage,” Kaliszan insists. “Our platform can use AI/machine learning to recognize patterns and behaviors that are out of the norm in real time.”

For example, a hostage negotiator was able to use Verkada’s system to assess whether a SWAT team needed to invade a building. Verkada can group all spottings of an individual together for review, or scan all the footage for people wearing a certain color or with other search filters.

Indeed, 2,500 clients, including 25 Fortune 500 companies, are already using Verkada. In the last year it has tripled revenue, partnered with 1,100 resellers, launched nine new camera models, added people and vehicle analytics, opened its first London office and is on track to grow from 300 to 800 employees by the end of 2020.

“We call this reinvention,” says Felicis Ventures founder and managing director Aydin Senkut. “One thing people underestimate is how big this market is. Honeywell is valued at $110 billion-plus. There’s a Chinese company that’s over $50 billion. The opportunity to be the operating system for all buildings in the world? Sounds like that market couldn’t be better.” Senkut knows Verkada works because he had it installed in all his homes and offices.

Most enterprise software companies don’t have to worry about the complexities of hardware supply chains. There’s always a risk that its sales process stumbles, leaving it stuck with too many cameras. “We’re still burning money. We’re not there yet or we wouldn’t be raising venture. Because we’re going after a mature market, you can’t come at it with a model that doesn’t make sense. Investors come at it from a hard-nosed approach,” Robertson admits.

“People have a tendency to write off Verkada as a boring camera company. They don’t realize how access control as the second product is going to supercharge the company’s potential,” Senkut declares.

One bullet Verkada dodged is the one firmly lodged in Amazon’s chest. Ring security cameras have received stern criticism over Amazon’s cooperation with law enforcement that some see as a violation of privacy and expansion of a police state. “We don’t have any arrangements with law enforcement like Ring,” Kaliszan tells me. “We view ourselves as providing great physical security tools to the people that run schools, hospitals and businesses. The data that those organizations gather is their own.”

Powered by WPeMatico

Google turns your Android phone into a security key

Posted by | Access Control, Android, authentication, Authenticator, computer security, cryptography, Google, google authenticator, Google Cloud Next 2019, hardware, multi-factor authentication, phishing, Security, security token, TC | No Comments

Your Android phone could soon replace your hardware security key to provide two-factor authentication access to your accounts. As the company announced at its Cloud Next conference today, it has developed a Bluetooth-based protocol that will be able to talk to its Chrome browser and provide a standards-based second factor for access to its services, similar to modern security keys.

It’s no secret that two-factor authentication remains one of the best ways to secure your online accounts. Typically, that second factor comes to you in the form of a push notification, text message or through an authentication app like the Google Authenticator. There’s always the risk of somebody intercepting those numbers or phishing your account and then quickly using your second factor to log in, though. Because a physical security key also ensures that you are on the right site before it exchanges the key, it’s almost impossible to phish this second factor. The key simply isn’t going to produce a token on the wrong site.

Because Google is using the same standard here, just with different hardware, that phishing protection remains intact when you use your phone, too.

Bluetooth security keys aren’t a new thing, of course, and Google’s own Titan keys include a Bluetooth version (though they remain somewhat controversial). The user experience for those keys is a bit messy, though, since you have to connect the key and the device first. Google, however, says that it has done away with all of this thanks to a new protocol that uses Bluetooth but doesn’t necessitate the usual Bluetooth connection setup process. Sadly, though, the company didn’t quite go into details as to how this would work.

Google says this new feature will work with all Android 7+ devices that have Bluetooth and location services enabled. Pixel 3 phones, which include Google’s Titan M tamper-resistant security chip, get some extra protections, but the company is mostly positioning this as a bonus and not a necessity.

As far as the setup goes, the whole process isn’t all that different from setting up a security key (and you’ll still want to have a second or third key handy in case you ever lose or destroy your phone). You’ll be able to use this new feature for both work and private Google accounts.

For now, this also only works in combination with Chrome. The hope here, though, is to establish a new standard that will then be integrated into other browsers, as well. It’s only been a week or two since Google enabled support for logging into its own service with security keys on Edge and Firefox. That was a step forward. Now that Google offers a new service that’s even more convenient, though, it’ll likely be a bit before these competing browsers will offer support, too, once again giving Google a bit of an edge.

Powered by WPeMatico