B. Robert Raja
Chairman & Managing Director
Odyssey Technologies exhibits strong competencies in Cryptography and Internet working. The company has an impeccable understanding of the existing data risks and the exceptional know how of a plethora of authentication solutions that can be built. The MDS gives a clearer picture of what Odyssey has been up to in the security domain.
In conversation with B. Robert Raja, Chairman & Managing Director, Odyssey Technologies
MFA is popular due to the high degree of security and is much better than a single user name and password combination. How is Odyssey Technologies positioned in this market?
Odyssey has been advocating authentication well beyond user names and passwords for over two decades now. We were the earliest purveyors of Public Key and Digital Signature based authentication and have offered them in a usable format to the market. Since it was BFSI and Government which adapted early to these sophisticated factors, Odyssey has generally found favor in these segments. Nevertheless, we have been offering other factors like One Time Passwords, Mobile delivered Passwords, mPIN and similar alongside digital signature based authentication. Our products are basically vertical agnostic. Odyssey has been one of the very few players offering multifactor authentication as an easily deployable product.
Software security requires good hygiene and constant diligence to protect your organization and users from known threats; it also requires working proactively to identify and address emerging risks. In what ways does Odyssey Technologies develop products and solutions for internet transaction security?
Transaction security generally depends on the strength of identification and authentication of parties as well as the security of the transport. Both of them evolve constantly and require proactive changes to the deployed security measures. Moreover, the changing threat profiles also warrant continuous revamping of the security elements in the products.
Odyssey has been advocating authentication well beyond user names and passwords for over two decades now
When we came into the security industry, SSL version 3 was the de facto standard and TLS 1.0 had just been introduced. Initially Browser support for TLS was scant and took nearly a decade for that to become the accepted model. Since then, TLS 1.1 and 1.2 have made their appearance and are already close to the end of their life giving way to TLS 1.3. Adapting to these changes requires that at any given point in time, you support at least three versions of similar protocols as browsers and other end points adapt to these standards at varying speeds and you have to be compatible with all of them.
Similarly, the authentication factors also have undergone changes in size and structure over this period. We have been supporting our products with RSA 1024, DES 40-bit and 64-bits, ARC4. MD5 and SHA-1, which are all considered obsolete today. These are replaced by RSA 2048, AES, SHA-2, SHA-3 among others and there have been a lot of detail evolution within these implementations. In every one of these cases, Odyssey’s products have been in the forefront of support.
Tell us about your encounters with clients that have led to a successful implementation story.
Odyssey in addition to providing authentication solutions, also offers products for digital certificate lifecycle management. Digital certificates are one of the strongest factors of authentication and the only one not involving the so called shared secret. As such, certificate life cycle management forms a cornerstone of good authentication.
We have deployed this product in a few enterprises but the pride of place goes to our deployment at Safescrypt licensed Certifying Authority run by Sify Technologies. Today, Safescrypt is the largest Certifying Authority in the country in terms of subscribers.
For authentication solutions, the instance which is very significant to us is a zero-touch deployment of ‘Odyssey Snorkel’ in a large private sector bank in the country. This deployment is well over fifteen years old and what started as servicing corporate segment for B2C and B2B needs has found acceptance in retail segment as well.
We have also implemented an authentication solution for a payment bank with well over 50 million users.
Where is the company headed in the years to come? What are your future innovation goals?
The company is passing through its most innovative phase right now. This year, we are slated to introduce an authentication infrastructure styled ‘xorkee’ and a bunch of applications that run on that infrastructure. This is predominantly a Public Key based authentication model, but is not in competition with PKI and rather complements it.
This is the first time that public key authentication will be offered in a package that is consumable by everyday users. PKI has long been accused of being very complex, and not fit for common users. In fact, every technology in use today is far more complex than PKI, but they are all bundled right so you don’t notice it. Consider the components of making a call from your mobile phone the transceiver, the tower handovers, keeping track of where a given cell phone is at the moment, multiplexing calls to optimize spectrum usage. Each of them is mind bending and is way beyond the skill level of a common user. Yet, three year old kids routinely make calls.
PKI today is similar to that in that it is a bundle of complicated and mathematically involved technologies and Odyssey is in the cusp of putting together a cellular phone of authentication.
We believe the framework and the security model we pioneer here will become the standard of public key usage worldwide.