Tento Technologies is a cyber-security start-up offering strong, cost-effective 2 factor authentication using  visual cryptography for website logins and online payments. 

Digital-Catapult-Centre-Badge-Contributor Tento is delighted to have been selected as a contributor to Digital Catapult

News updates …


Elmsend Films shoot  @ tweets: Great shoot with Their new app is going to make big waves in online protection… Watch this space for upcoming details


Capture Liverpool Hope University Dept of Maths and Computer Science partners with @Tento_UK to develop password cryptography. Read the News


Howard Yates - Canary Wharf The UK Government has backed Tento’s one-only password tech. Watch the video on our News tab along with more coverage. Thanks to Minister Ed Vaizey for his quote: “I congratulate Tento on winning the challenge and their trial will hopefully provide new ways for businesses and their customers to carry out secure and efficient online transactions” Howard Yates, founder Tento, says “We were delighted to win the cybersecurity challenge set by IC Tomorrow (part of Innovate UK). This gives us some funding and, more importantly, the chance to work with Royal Bank of Scotland, culminating in a 3-month trial of our technology”


  A brief explanation of our patented technology

When a customer registers with a Tento-enabled server, a unique user token (a TentoiD) is stored in the customer’s device (smartphone, tablet, desktop, etc).  This is a once-only process.  Banks could issue a TentoiD with their customer apps.  Mobile operators could issue a TentoiD inside every smartphone they supply.  Issuance of TentoiDs can be integrated into an existing customer on-boarding process.
Once registered, whenever the TentoiD owner needs to authenticate online, they launch the Tento app (or the bank app, etc) preferably using a biometric such as a fingerprint, to request authentication. This ensures the TentoiD is being used by the authorised owner.  There is no need to enter an email address or any other identifier.
A  complementary one-time password (OTP) token (called a TentoKey) is sent to the user device from the authentication server, via a requesting server (eg a bank webserver).  Neither the TentoiD nor the TentoKey contains enough information to enable cybercriminals to retrieve the OTP.  The phone processes the 2 tokens and displays the OTP as a pixelated image.  Neither the user device nor the requesting server has any record of the OTP (in either plaintext or encrypted form) at the time of OTP display. The OTP image can easily be recognised by the human eye/brain, but cannot be deciphered by OCR software, malware in the device or man-in-the-middle agents.
It could be said that the Tento system delivers personalised, dynamic CAPTCHA codes.
The customer reads the OTP image and types the OTP using the phone keypad or speaks it if using a device with speech recognition.  The input is encrypted (conventionally) and sent back to the requesting server. This passes it on to the authentication server for verification.  A different encryption key is used each time.
The authentication server sends a yes/no decision to the requesting server.

Share this: