The University of Surrey has developed an innovative ‘all in one’ password system that will allow users to use their face, eyes or fingerprints – alongside or instead of word-based systems – on their work or home computers.

Pass∞ improves passwords

The new technology, named Pass∞ (Pronouced PassInfinity), can be completely backward-compatible with existing computer systems, meaning it could be easily added to all systems immediately with little or without any changes to existing infrastructure. Pass∞ will allow users to generate much more complicated but still easy-to-remember passwords. This means that passwords will be significantly harder to crack, because hackers will not only have to break the password, they will also have to work out the format and composition of the password itself.

Pass∞ was invented by the Department of Computer Science’s Dr Shujun Li and his PhD student Miss Nouf Aljaffan. It will not only make it easier for organisations and service providers to implement and maintain user authentication systems, but will also empower users with the ability to combine many different authentication actions for proving their identities.

Biometrics-based user authentication

It will do so while preserving the overall user experience with text-based passwords, biometrics-based user authentication systems (such as face, iris, fingerprint based systems) and multi-factor user authentication systems.

One of the many features Pass∞ can offer is user-friendly free combinations of multiple authentication actions, such as entering normal passwords, styling some characters, selecting a picture, clicking some points on a picture, drawing something on a picture, showing your face in front of a webcam, and even adding the user’s current geo-locations.

Other features Pass∞ provides include high modularity and backward compatibility so that minimum or even no changes are needed to add new and to reconfigure existing user authentication modules, thus drastically simplifying transitions from old authentication systems to new ones and for maintenance of existing systems.

Single framework and user interface

"The new technology will give both end users and organisations a simple and easy to use system that has great flexibility and agility"

Dr Shujun Li, a Deputy Director of the Surrey Centre for Cyber Security (SCCS) and co-inventor of Pass∞, said: “This is definitely among the biggest ideas and the most exciting research work I have been working on at the University of Surrey for over five years. What makes the idea unique is the big contrast between the simplicity of the solution and how it solves many hard problems around passwords and user authentication in general. The new technology, which is in its final stages of development, will give both end users and organisations a simple and easy to use system that has great flexibility and agility to incorporate all known user authentication factors and many (if not all) known systems in a single framework and user interface.”

The inventors believe that Pass∞ has a great potential to increase both the security and the usability of passwords significantly as a much longer password can be generated from a shorter sequence of authentication actions which are easy to remember.

Advanced password manager

In addition, Pass∞ can be deployed at either server or client side. When implemented at the client side, for instance on users' mobile phones or personal computers, it can be developed as an advanced ‘password manager’ and/or a web browser extension, thus allowing it to work with any remote servers. When it is deployed at the server side, the server can provide more options to end users, e.g., allow them to decide what biometric authentication actions (face, fingerprints, speech, iris, etc.) to choose and how to combine them.

The University of Surrey has filed a patent application on the new technology. The Pass∞ team at the University of Surrey, in partnership with tech transfer specialists Crossword Cybersecurity plc, is currently conducting some market research and are keen to hear about the public’s feedback on the project and to share their thoughts on the new technology. For more information, please visit www.passinfinity.com. The market research is funded by the Department for Culture, Media & Sport (DCMS) and the Innovate UK through the SETsquared Partnership's Cyber Security ICURe (Innovation to Commercialisation of University Research) Programme.

Download PDF version

In case you missed it

Impact of sophisticated IT technologies on the security market
Impact of sophisticated IT technologies on the security market

Over the course of the past few months, I have discussed a myriad of topics, from Big Data, the Internet of Things and emerging video surveillance-use cases, to analytics, storage complexities and IT technologies like virtualisation and hyperconverged infrastructure (HCI). All of these trends have a significant effect on the security market, and in April they were highlighted in spades at ISC West. It’s great to talk about these trends but it’s far better to see how they are being leveraged in real-world applications. That’s really where we can all see the true value of new solutions and concepts. We’re lucky enough to work with some leading organisations that want others to benefit from their experience and I’m happy to have the opportunity to share two of these applications with you. Protecting educational facilities UCF has adopted advancements in technology, particularly video surveillance solutions, to help ensure stronger security on campus Educational institutions face an increasingly complex risk environment. Recent high-profile incidents emphasise these risks and magnify the vulnerabilities that educational facilities face. These incidents have led to more public demand for improved security solutions across campuses. The primary mission of these organisations is to deliver quality education to students, and they face the challenge of balancing between a highly secure facility and one that supports open interaction. The University of Central Florida is no different. This organisation, one of the largest universities in the country, has adopted advancements in technology, particularly video surveillance solutions, to help ensure stronger security on campus. Active shooter incidents In March 2013, UCF faced an active shooter situation in which a former student planned to pull the fire alarm in a residence hall and then attack his classmates as the building was evacuated. However, the shooter’s gun jammed, and as officers were closing in on the gunman, he took his own life. During the university’s response to the incident, accessibility to critical video data was a major issue. Educational institutions face an increasingly complex risk environment UCF had cameras in the area where the incident took place, but first responders had no way of viewing the footage without being at the physical location of the video recorder. At the time, UCF had a wide variety of standalone systems in place, including non-integrated video surveillance, access control and intrusion systems. As a result, there was no way to centralise video management, viewing and analysis. Upgrading from analogue systems Altogether, its security system consisted of older analogue platforms that were reaching end of life, 58 standalone servers, 12,000 access points and a wide variety of DVRs — all being managed in a siloed manner. UCF needed a solution that would allow officials to centralise system management, store video data more effectively and reliably, and enable the security team to deliver situational awareness to responders when needed. Security leaders sought a way to further modernise its security, surveillance, access control and IT infrastructure The university deployed an HCI solution, one that is optimised for demanding, data-intensive workloads like video surveillance. Using standard off-the-shelf server hardware, the system aggregates the storage and compute resources from multiple servers into a single unified pool that all cameras can access, which maximises performance and storage capacity utilisation. The platform also hosts the university’s video management solution, which serves as a centralised source to manage video and effectively protect its security data. Because of the growing demand for video across UCF's campuses — for both safety and business purposes — the HCI solution’s ability to eliminate the opportunity for data loss and easily scale were key components in its selection. Protecting air travel and airports In 2012, Charleston International Airport embarked on an ambitious upgrade project dubbed the Terminal Redevelopment and Improvement Program. The $200 million initiative was designed to modernise and expand the facility to meet increased passenger demand. While the aesthetics and amenities of the airport were under construction, security leaders sought a way to further modernise its security, surveillance, access control and IT infrastructure. The IT and security teams needed to address the challenges of their existing standalone server environment, which included siloed systems, management complexity and high administrative and equipment costs. Charleston International Airport embarked on an ambitious upgrade project dubbed the Terminal Redevelopment and Improvement Program Considering the high value of the airport’s video, security and IT data, it required a solution that could deliver reliable data protection, system resiliency and fault tolerance. The airport is required to store video for 30 days, but it seeks to expand its retention time to 60 days. Therefore, technology that can scale simply was key in the selection process. Storage system updates It also required a storage platform that could manage the demanding and write-intensive nature of its nearly 250 IP surveillance cameras — a challenging task for traditional video recorders. The airport deployed HCI appliances to better manage captured video data and expand its archive capability for video surveillance. Users rely on video to validate whether something did or did not happen - and this is essential in airports HCI surveillance solutions are designed to provide industry-leading resiliency. Even if multiple hardware failures occur, including an entire appliance, video management servers will remain online and recording, and any previously recorded video will continue to be protected and accessible. Reducing expenses and costs The solution also reduced total cost of operations by consolidating servers, storage and client workstations into one enterprise-class solution that is easily managed from a single user interface, without the need for specialised IT skills. These use cases demonstrate the value emerging technologies bring to these types of modern environments. And they show that solutions like HCI are no longer simply much-talked about technology trends. Video, IT and security data is critical to organisations of all types and they need to ensure their investment in capturing this data is protected. From a security standpoint, users rely on video to validate whether something did or did not happen. If that video data isn’t protected, they lose a very valuable investigative tool. That isn’t an option in today’s complex environment. That’s is why it is paramount to understand how new technologies can help expand current capabilities and evolve security operations. This can’t be left to chance.

Small business owners reduce losses with smart video surveillance
Small business owners reduce losses with smart video surveillance

Small business owners work hard. They are often the first ones there in the morning and the last to leave at night. Even then, they likely bring their work home with them. During that time, everything they do is aimed at making their business as successful as possible. Because of this, many business owners don’t take vacations, and if they do, they spend a lot of time worrying about their business while they’re away. In both cases, the potential for burnout is tremendously high. The primary concern for these individuals is loss, whether from theft, waste, vandalism or other causes. Depending on the degree of the loss, it can have a devastating effect on small business. Therefore, professional security solutions must be top of mind for these businesses. Small business owners can take advantage of advanced technology that can help them work smarter, not harder Video surveillance for small businesses One technology that can address loss, the feeling of helplessness that comes from not being on site and more is video surveillance. Sadly, it’s not always on the radar for small business owners, many of whom think video surveillance is very expensive and out of reach. But that couldn’t be farther from the truth. There are high-quality, relatively inexpensive solutions that don’t require much, if any, configuration, allowing an installer to place cameras, run cable, plug cameras into the recorder and use software to get end users up to speed on remote access. Best of all, almost all of these solutions come with a mobile app or other means of accessing video—both live and recorded—remotely from a smartphone or tablet. In a world where our phones have become our lifeline to a lot of information, including email, banking, inventory management and more, a security system simply has to provide this type of access. Given the availability of cost-effective video surveillance solutions and their ease of use, small business owners can take advantage of advanced technology that can help them work smarter, not harder in a few key areas. Video surveillance solutions come with a mobile app for accessing video remotely from a smartphone or tablet Efficient incident monitoring Having a high-quality video surveillance system with proper coverage means that any time an incident or loss occurs, a small business owner can go back and find it on the video and identify exactly what happened. For example, if something goes missing from a retail store, reviewing the video will reveal exactly what happened, when it happened, how it happened and—depending on lighting, camera resolution and field of view—possibly who took it. Video systems can also be valuable from a liability perspective. Slip-and-fall claims are not uncommon, but in many cases they turn out to be false. Thankfully, cameras can provide video that will support or refute a claim. Without video, such incidents could be costly for small businesses. A simple review of recorded videos will solve any mystery and eliminate the potential for a long argument with no evidence Video recording for incident verification Another example would be a customer who claims they were shorted on the change they received from a cashier. Rather than taking the time to count the money in the drawer and reconcile that with receipts, a small business owner could simply review video from a camera placed above the point of sale to determine if the customer’s claim is correct or if they may have been mistaken. This feature can also help alleviate or avoid a potentially awkward or difficult situation when there’s a difference of opinion with a supplier. Say for instance a delivery driver claims he or she brought three cases of product to the back door, but there are only two cases in the stockroom. A simple review of the video that’s been recorded will solve the mystery once and for all and eliminate the potential for a long, drawn-out argument with no evidence one way or the other. Smartphones for remote monitoring It’s natural for small business owners to feel stressed when they’re not at their physical location. After all, they’re the ones who have invested in the business and are responsible for making sure it runs smoothly and profitably from day to day. For small business owners with surveillance systems, vacations can become not only a reality but also the relaxing time they are supposed to be. For small business owners with surveillance systems, vacations can become not only a reality but also the relaxing time Rather than sitting on a beach and worrying about whether the store opened on time or if employees are doing what they’re supposed to be doing, an owner can pull out his or her smartphone, log in to remotely to the video system and know for sure. That peace of mind is invaluable for small business owners. This is also helpful for business owners with multiple locations. Because no one can be in two—or more—places at once, a video surveillance system can provide eyes and in some cases ears at a location, which can be accessed at the click of a button. Video surveillance for training For a small business, it’s imperative that employees follow established policies and that staffing levels are maintained at the most efficient level possible. These are two other areas where video surveillance can help. If a small business owner sees that something isn’t being done properly, whether by a single employee or if the problem is more widespread, he or she can use video for training purposes. They can sit down with the employee or employees to review the video and explain the proper policies and procedures. Conversely, video can be used to demonstrate proper techniques or even to recognise employees for a job well done. From a staffing standpoint, reviewing video could reveal unexpectedly busy or down times Maintaining staffing levels From a staffing standpoint, reviewing video could reveal unexpectedly busy or down times. A business owner can review video from 3 p.m. on a Saturday to see how many customers are in a location and determine the ratio of employees to customers. Looking at a variety of times over a period of weeks or months could help determine optimal staffing levels, which may lead to the decision to increase staffing on Saturday afternoons when a store is busy. This will help improve customer experience and potentially increase sales. Motion detection for accurate access control Cameras can be deployed with motion-detection sensors to alert business owners when someone enters a certain area, whether during or after business hours. In many cases, detected motion can trigger an alert and/or a video clip to be sent to the business owner’s smartphone so they can review and verify whether something is out of the ordinary. These deployments could be set up to monitor a variety of locations, such as an office, safe, doors and other sensitive areas at all times or just during specific hours. If motion is detected during off hours, the business owner can view video and alert police that an unauthorised individual is at their business. Surveillance videos can be used to demonstrate proper techniques or even to recognise employees for a job well done Cybersecure video surveillance systems From a cybersecurity perspective, manufacturers are constantly releasing firmware updates to protect cameras from malware and/or unauthorised intrusion. Once someone has accessed any device, all systems and devices connected to the same network become vulnerable. Updating these devices tends to be an afterthought for small business owners, who may either forget or simply not have the time to do it. So it should come as no surprise that these important updates often go uninstalled. Today’s advanced video systems overcome this obstacle with easy updating, which can be performed by small business owners or installers to ensure constant protection. Other systems are available with auto-updating capabilities, which remove the onus from small business owners completely. Today’s advanced video systems overcome cyberthreats with easy updating Cost-effective surveillance solutions These are just a few of the many benefits video surveillance systems offer small business owners. What’s important to note is that for each to be successful requires having to have the right camera for the right environment. For instance, a camera positioned at the back door of a business has to have wide dynamic range to deal with changing light levels throughout the day. A camera used to monitor transactions must offer high enough resolution to identify bill denominations. Today’s solutions are cost-effective, easy to use and offer the flexibility to monitor operations from anywhere at any time – giving small business owners the power to work smarter, not harder to grow their bottom line.

BREAKING: Arecont Vision launches end-to-end cloud surveillance solution at ISC West
BREAKING: Arecont Vision launches end-to-end cloud surveillance solution at ISC West

As ISC West opens today in Las Vegas, many companies will be introducing new products. But the announcements today from Arecont Vision will have a larger impact, and they involve much more than new products. In fact, the megapixel camera company is staking a claim to a broader slice of the market, and expanding its go-to-market strategy in the process. “The industry has changed, and the amount of competition out there today is significantly different and more pervasive,” says Raul Calderon, Arecont Vision’s Chief Operating Officer and General Manager. “We decided essentially to meet the market head on. It’s like a rebuilding and reshaping of our organisation to be more competitive and solutions-based for the future.” The details of that reshaping are playing out in multiple announcements at ISC West. Arecont Vision is announcing a new group of cameras, the Contera line, made in China, which includes single- and multi-sensor megapixel dome and bullet cameras. Also, expanding beyond its core camera business, Arecont Vision will introduce a Contera video management system (VMS) and cloud-managed video recorders (ConteraCMR) to round out a complete solution to address traditional and cloud-based video surveillance project requirements.The industry has changed, and the amount of competition out there today is significantly different and more pervasive”  Remote access and management The cloud component of the new Arecont Vision platform is ConteraWS (web services), which enables local video recording and stores user profiles and cloud information for remote access and management. Management through the cloud means local administration is not required, thus reducing complexity and staffing needs. The system can be securely operated from a thick client, mobile app, Apple TV app, and/or a multi-browser web client. To ensure cybersecurity, ConteraWS has multi-factor authentication, NIST-compliant data encryption, transport layer security and requires no open inbound ports. Providing multiple system components enables customers going forward to buy end-to-end solutions from Arecont Vision. The online SysCon System Configurator simplifies selecting the best ConteraCMR platform for specific project requirements. The VMS, CMR and Web services components of the new end-to-end solution are rebranded by Arecont Vision in an OEM agreement with OpenEye. Providing multiple system components enables customers going forward to buy end-to-end solutions from Arecont Vision Enabling seamless integration As historically a camera manufacturer, why has Arecont Vision decided to embrace the trend toward end-to-end solutions? “The industry has spoken,” says Calderon. “Customers want to have a seamless integration with one provider of goods and services. We are adopting the mentality the broader industry has had for some years now.”Customers want to have a seamless integration with one provider of goods and services. We are adopting the mentality the broader industry has had for some years now” The “hybrid” platform involves video recording locally on premises (no bandwidth issues), but managed through the cloud by Amazon web services. There is an active connection between each recorder and the cloud. All administrative and access rights are managed in the cloud. A user can log into a web services account, which makes a connection to the recorder. This alleviates the requirement for any port forwarding or VPN. From an integration management standpoint, customers can manage all their clients and their recorders through a web services account. They can give permissions to local users to access only the recorders on their premises, but they can access centrally all the recorders they have deployed. From a maintenance and management standpoint, the approach allows an integrator to offer a true recurring monthly revenue (RMR)-based video solution. An integrator can charge for the web services access on a monthly basis, and/or provide other services such as health monitoring, or archiving critical video clips in the cloud. “This is a new take on the way VMSs work,” says Calderon. “It’s a new take on how we are delivering solutions to the market. We are driving toward a new way of doing business. The right integrators will see it as an opportunity to grow and develop their business — before someone else does.” The Contera cameras, the existing Mega camera line, and the Contera VMS, CMRs, and Web services are integrated for sale as end-to-end solutions. In addition, each component could also be deployed alongside other third-party components using ONVIF standards and leveraging Arecont Vision’s MegaLab program that tests and certifies third-party systems in the company’s Technology Partner Program. The Contera cameras will be assembled overseas and use industry-standard ASIC IC architecture We were able to develop, design, implement and manufacture the product in a more fast-track kind of way" New surveillance camera technology Unlike Arecont Vision’s existing Mega IP camera family, the Contera cameras will be assembled overseas and use industry-standard ASIC IC architecture, a system on a chip (SoC) platform that allows for a more affordable price point. The new cameras will also use Sony sensors. “We were able to develop, design, implement and manufacture the product in a more fast-track kind of way,” says Calderon. In contrast, the Mega IP camera family is Made in USA and uses Arecont’s MPIP (massively parallel image processing) architecture and FPGA IC chips, which offer “ultimate” cybersecurity, says Arecont Vision. “On the camera side, we have always had parts of our cameras manufactured in Asia, and did all the final assembly and PCB programming and even fabrication in the United States,” says Calderon. “With the new line, we decided to have some designs manufactured in Asia so that we can compete from a labour cost perspective. A partner we have worked with for 10 years — a Taiwanese company with a factory in China — is doing the turnkey assembly work for us. It is a collaborative development, and we are able to reduce costs significantly. We are concentrating on 10 models for which we can drive volumes and drive prices where they need to be. We will not compete at the lowest end of the market; we will be competing in the mid-tier. That’s our goal, to maintain a mid-tier presence in the market with a more competitive product.” He says some 300 units in the existing Mega camera line will continue to be assembled in Los Angeles.