A startup created by four researchers and professors from the Politecnico di Torino has invented a new two-step verification method. How it works
Protecting web accounts – such as email, social and work accounts – has now become of paramount importance to all users. Attempts to steal personal information are on the rise, and it is essential to put in place all the countermeasures that will make life more difficult – or even better, impossible – for cyber criminals.
One of the simplest and most effective actions that can be implemented is to activate two-factor authentication. In this way, in fact, the only password will no longer be sufficient to access our social profile or email inbox. Si dovrà infatti utilizzare un secondo codice d’accesso, generato in maniera casuale da un sistema centralizzato o da un’app, per poter chattare con gli amici o leggere le email ricevute.
In questo scenario, la startup italiana ToothPic vuole giocare un ruolo da protagonista, ideando (e brevettando) un nuovo metodo di autenticazione a due fattori in grado di trasformare un semplice smartphone in una macchina crittografica potentissima.
Chi è e cosa fa ToothPic
Fondata da Enrico Magli, Diego Valsesia, Giulio Coluccia e Tiziano Bianchi, ricercatori e professori del Dipartimento di Elettronica e Telecomunicazioni del Politecnico di Torino, ToothPic è stata in grado di farsi notare a livello internazionale sin dai suoi primi mesi di vita. Already in 2019, for example, it received a very prestigious award from the IEEE Computer Society for the best scientific paper published during the previous year.
The four founders of ToothPic
In the paper, titled “ToothPic: Camera-Based Image Retrieval on Large Scales”, the four PoliTo researchers and professors describe the theoretical basis of what will be their two-factor authentication system. During 2020, despite the difficulties dictated by the state of health emergency, the work doesn’t stop: the FIDO (Fast IDentity Online) certification arrives from the FIDO Alliance, which recognizes that the authentication solution proposed by ToothPic complies with internationally established security standards and can be easily used by all users.
Two-factor authentication according to ToothPic
Unlike other two-step verification solutions, which use computer systems to randomly create numeric codes, ToothPic relies on the “hidden signature” that each smartphone photo sensor leaves on photos and videos. A real electronic fingerprint that, in fact, allows you to uniquely identify the device. And, above all, impossible for anyone to replicate or hack.
An extremely effective and valid idea, as also recognized by the European Patent Office, which granted two patents to the Italian startup. “La necessità di applicare per l’ottenimento di brevetti nasce dalla volontà di tutelare e allo stesso tempo valorizzare l’innovazione di un’idea che, nel caso di ToothPic, si è trasformata concretamente in una soluzione tech unica al mondo che mira ad aumentare la sicurezza dei processi per l’autenticazione online e la protezione degli assetti digitali di organizzazioni quali Banche, Assicurazioni, Corporate, Pubblica Amministrazione”, spiegano i fondatori di ToothPic.
Timeline dei brevetti ottenuti da ToothPic
La startup nata all’interno del PoliTo e sostenuta, nei suoi primi passi, dall’acceleratore d’impresa della stessa università piemontese, ha già realizzato diversi SDK per Android e iOS che possono essere facilmente integrate all’interno di app che, per un motivo o per un altro, necessitano di standard di sicurezza e protezione dati personali particolarmente elevate.
How ToothPic’s authentication system works
The Turin-based startup has conceived, developed and patented a method to “transform” the digital camera sensor into a real cryptographic machine. Exploiting the camera’s micro-imperfections, invisible and tiltable, ToothPic is able to encrypt and decrypt passwords to our personal web profiles, transforming the mobile device into a unique and easily usable access key.
Once ToothPic’s algorithms are implemented within an app, the user will not need to enter a second, different access code each time. It will be the smartphone itself, and specifically the camera, to provide the web platform with the necessary information to identify the user in a certain and unique way.
An extremely simple and at the same time very effective system. As ToothPic’s founders explain, in fact, the cryptographic keys are in fact inclinable: being linked to the characteristics of the camera mounted by the single device, they cannot be “transferred” and used on another device.
Content offered by ToothPic