What is Tento?
Tento uses visual cryptography to hide one-time passcodes in a token stored in the user’s mobile phone. These tokens are called TentoIDs. Each TentoID is different and we can produce trillions of them, so they can be used to uniquely identify the entire web user population – like web-based DNA. Every TentoID token is capable of producing billions of different passcodes.
Our technology can replace a remembered password where one-factor authentication (1FA) is required or it can be combined with other biometrics (or even a remembered password!) to provide multi-factor authentication (MFA). Traditionally, there have been 3 different kinds of authentication factor -
– “something you know” (eg static password)
– “something you own” (eg a personal token such as a TentoID)
– “something you are” (eg a biometric such as a fingerprint)
At Tento, we add a further independent factor -
– “somewhere you are” (in other words, your location)
How it works
Our software produces billions of single-use biometric passcodes. The human eye can easily read the passcodes we produce but even the device that displays the passcode is unable to read it. This is because the passcode is displayed as an image on the device screen. It is never held in digital form - either in the device or on the network. Malware in the user device cannot access the passcode, other than as an image and our characters have been designed to resist OCR (optical character recognition) techniques.
When users register with a website that uses TentoID Authentication, the Tento app is installed in their device. If the user has not previously protected their phone with one of the many systems available, they should do so now! Their phone is now capable of displaying Tento OTPs. When they want to log in to a 1FA website, they enter their username as usual. They get an on-screen QR-code which they scan with the TentoID app in their phone and their one-time use password is immediately displayed on the phone screen. They enter this on the web page to log in. The phone does not need to be connected to any network, it is used as an out-of-band device, just like a SecurID keyfob token, making it extremely secure.
A different QR-code is produced for every authentication request received by the Tento Authentication Server (TAS). The OTP is displayed on the users phone screen for 30 seconds, after that it is deleted from the phone and from the TAS. If the user fails to enter the correct password within the 30 second period, they are allowed a limited number of further attempts.
Businesses who require only 1FA no longer need to keep their own password files, removing a favourite target for hackers and cybercriminals. They simply use the Tento Authentication Server (TAS) whenever they need to authenticate a user.
Tento OTPs conform to published authentication standards. They are random, use 47 different keyboard characters and satisfy the uniqueness test.
Benefits of Tento
Trillions of unique user tokens
Millions of one-time passwords from each user token
Variable length one-time passwords – choose the appropriate security level
OTPs comprise alpha, numeric, symbols in any combination
Real-time and offline forensics
Instant revocation of user token if phone is lost or stolen
Temporary revocation of user token if phone is mislaid
Can be integrated with a biometric factor for 3-factor authentication
Simple technology licensing model based on territory, application area and time
Lower cost than any comparably secure authentication systems
Runs in multiple client devices
One-time passwords (OTPs) displayed as images – resistant to malware and hackers
Distinguishes humans and robots
Can be branded with your logo, straplines, content, etc.
No more costly password resets for IT helpdesks
Easy integration with existing authentication systems
Can run in parallel with existing authentication systems
Comprehensive online and offline reporting for sysadmins
control of issued and unissued tokens
warning of fraud attempts