Claveo Software selected as semi-finalist for Innotribe Startup Challenge

Posted by Matt Hubert on April 22, 2012 No comments

SINGAPORE April 2012; Claveo Software is pleased to announce that we have been selected as a semi-finalist of the Innotribe Startup Challenge, honouring the company as one of the most promising financial technology and financial services startups. On 24th April, Claveo will compete against 14 other startups at Innotribe Challenge Showcase in Singapore to secure a place as a finalist for the $50,000 grand prize and on-going support from SWIFT to grow the business.

Innotribe, SWIFT’s initiative to foster collaborative innovation in financial services and a panel of industry experts selected 15 semi-finalists from hundreds of applications to enter the Challenge. Claveo will pitch our solution to a panel of the financial industry’s leading angels, VCs and decision makers.

The winners of the Startup Challenge Showcase in Singapore will be invited to SIBOS in Osaka to compete for the $50,000 prize against other finalists from the New York and Belfast Challenge Showcases. The winner of the Singapore Challenge will also attend Innotribe Bangkok at the Asian Banker Summit, where they will have the opportunity to present their business to leading members of the banking and corporate community.

Matteo Rizzi, Innovation Manager, Innotribe, says “I’m delighted to announce Claveo Software as a semi-finalist and look forward to discovering more about the business. This year’s semi-finalists have assessed the developments and trends in the region and have identified opportunities in the market. The entrants have each demonstrated a forward-thinking and innovative approach to the financial sector and have developed start-up businesses which could have profound impacts on the future of the industry. I’m extremely excited to give Claveo the opportunity to pitch its ideas to some of the top decision makers in the industry”.

We’d like to thank SWIFT Innotribe, Cisco, Invest in Northern Ireland, Sberbank and the other Innotribe Challenge Partners for making the Innotribe Startup Challenge possible.

For further information about the Innotribe Startup Challenge, please visit: http://innotribestartup.com/ or follow @innotribe on Twitter.

 

About Innotribe

Launched in 2009, Innotribe is SWIFT’s initiative to enable collaborative innovation in financial services.  Innotribe presents an energising mix of education, new perspectives, collaboration, facilitation and incubation to professionals and entrepreneurs who are willing to drive change within their industry. It fosters creative thinking in financial services, through debating the options (at Innotribe events) and supporting the creation of innovative new solutions (through the Incubator, Startup Challenge and Proof of Concepts (POCs). It is through this approach, the Innotribe team at SWIFT is able to generate a platform that enables innovation across SWIFT and the financial community. For more information, please visit http://www.innotribe.com/.

 

About SWIFT

SWIFT is a member-owned cooperative that provides the communications platform, products and services to connect more than 10,000 financial institutions and corporations in 210 countries. SWIFT enables its users to exchange automated, standardised financial information securely and reliably, thereby lowering costs, reducing operational risk and eliminating operational inefficiencies. SWIFT also brings the financial community together to work collaboratively to shape market practice, define standards and debate issues of mutual interest.

For more information, please refer to www.swift.com

Claveo Licenses Its First Deployment

Posted by Matt Hubert on August 6, 2011 No comments

Today we’re happy to announce that we’ve licensed our first deployment to a Turkish bank, and will be finishing deployment soon. We’re very excited to get Claveo into the hands of users for some valuable feedback. We’ll be displacing some very difficult-to-use and expensive digital signature-based systems, so we’re just as excited as our customer about the kind of growth and cost savings this will bring them.

Even better, this agreement includes a new strategic partnership positioning them to lead our sales and marketing efforts in Turkey, allowing us to devote our resources to other beneficial sectors. We’re looking forward to the new deployments this will bring in the future (with three more already lined up).

Stay tuned!

Welcome to the Claveo Blog

Posted by Claveo on August 1, 2011 No comments

Welcome to the official blog of Claveo Software. Watch this space for exciting Claveo news and other interesting computer security information.

We’ve just imported all of our old blog content, finally!

Users Hate Security

Posted by Matt Hubert on July 14, 2011 No comments

Wouldn’t it be nice if you could log into your bank account by just typing your username? And then any time you ever returned you were automatically logged in? That sure would beat having to type a username, a password, and then confirm your favorite picture and high school mascot every time you wanted to check your balance [1]. Unfortunately ease-of-use and security don’t exactly mix, to the point where I’d say security is the archenemy of usability. It seems as if every security measure you introduce directly detracts from the usability of a system by an almost equal amount, giving us an interesting problem to solve in developing Claveo where we try to offer the highest possible level of both.

Perhaps this explains why second-factor authentication solutions haven’t exactly changed that much for at least the last five years (with 2011 finally showing some promise). The existing solutions have offered “good enough” security with an equally “good enough” user experience, and any shift in that balance would inevitably cause one of those to suffer. So we faced a challenge when instead of moving one side up or down we tried to lift up the entire seesaw.

Our first approach in designing our system was to assume that at every point during a use of Claveo (enrollment, authorization, management, what have you), somebody had gained root access to our server. This isn’t to say we take server security lightly (we have of course taken every measure to protect our servers against unauthorized access), but this more “pessimistic” view of the security landscape forced us to solve problems in a worst-case scenario mindset. Any authentication provider will inevitably end up as a honey pot, so we wanted to keep our pot as empty as possible: Claveo’s design would not be finished until under no circumstances could an intruder compromise or spoof a user’s account, from enrollment to deleting your account.

Enrollment turned out by far the hardest and most complicated aspect of the system. Once you can set up your key infrastructure the rest is gravy, but setting it up in the first place when you assume somebody can completely disregard your key and send theirs instead was not a one-night development. From typing in your bank’s URL on your phone to a pre-stored list of verified Claveo Service providers, we came up with everything we could to avoid ruining the enrollment user experience. And as hard as we tried to avoid anything relating to typing codes or numbers, security unfortunately got the better of us. But we hope that the hassle of typing in a short code once is worth knowing that we’re looking out for you every step of the way.

Security and usability may continue to fight for dominance, but with advances in mobile technology we hope to continue to raise the battlefield entirely.

Refining Your Investor Deck: A Lesson in Compromise

Posted by Matt Hubert on June 29, 2011 No comments

While we haven’t formally boarded the angel investment train yet, we’ve been getting our deck ready so when that train comes, we have our ticket. And after talking to dozens of investors and entrepreneurs from different backgrounds about what they like to see in decks, one thing is for certain: nobody agrees.

Now this probably doesn’t come as a surprise to anybody, but what I found interesting was that the pile of advice I amassed over the last few weeks neatly separated itself into two categories (and not a cacophony of different philosophies as I had expected).

The Old School Deck

These are the decks that veterans in the industry will convince you have 20+ slides of crucial information. From the same people who “back in their day, decks had to be chiseled out of stone and rolled up hill,” these decks contain everything: three-year financial projections, management/board of directors, cap table, sales channels, detailed competition information with comparable exits (someone even mentioned stock prices), and of course a thick volume of competitive advantages. Now in their defense, these are all very valuable pieces of information and when (if) investors start doing their due diligence, they’ll want to cover all the bases. So maybe preparing a deck really is about squeezing every ounce of your company into a paste that can cover 20 slides. This seemed reasonable, until I started hearing from some other individuals who disagreed…

The Silicon Valley Web Startup Deck

From the same people that will invest in you without even meeting you¹, it seems that in Silicon Valley securing an angel investment can often only require a good twenty-minute conversation. Business plan? Revenue projection? A complete waste of time! Around here, angels seem to invest in “people, not ideas.” If I were to tell the other investors this, they’d think Silicon Valley were filled with a bunch of hippies. But it too carries some truth: Some investors care less about what you’re doing and more about what your capabilities are as an entrepreneur, because as your company struggles, pivots, and fails, only you can respond to market pressures and salvage it from complete collapse. Your cap table and sales channels seem to matter less than the result of a one-on-one personal interview.

We needed to reconcile these two different approaches. Luckily, it didn’t end up being that difficult. First, shorter is always better. Give your investor enough information to ask informed questions. They’ll do the rest. Second, prepare for these questions. Just because one investor may be vehemently against a revenue projection doesn’t mean others won’t value it. Have that 20+ slide deck prepared so if somebody does ask, you don’t leave them empty-handed. And third, know your investor. Obviously a young angel from Silicon Valley will have different values than a traditional VC firm from Chicago. Luckily what the first wants is likely just a subset of the second, so spend your time getting familiar with every corner of your business so you can break off the appropriate chunk for each.

And that said, while some people may think they’re a waste of time, researching and developing these materials has an added benefit: understanding your core business inside and out. Never jump into a cave blindly if you don’t want unexpected results, especially when those results can cost you your company.

[1] In their defense, Paul Graham has a pretty developed intuition.

Claveo and Key Management

Posted by Cetin Koc on June 1, 2011 No comments

Incorporating cryptography in a sensible and hassle-free way in order to gain better security is what Claveo all about. Using encryption to lock documents, to hide passwords, and to control access is not hard. The global academic and technical standards organizations relentlessly work on creating more secure algorithms. However, what they do not offer you is a method by which you can safe-keep the cryptographic keys. Allowing someone to encrypt a document using a standardized cryptographic algorithm (such as AES-128 or AES-256) without a method of key management is a recipe for disaster.

Key servers are the canonical solution to this problem, but any centralized system is plagued by an equally centralized point of failure. If you’re storing the trusted version of a public key (or the seed to a rolling OTP), this barely mitigates the disaster it was trying to solve.

What if you could truly create a distributed key management architecture without sacrificing security? Claveo solves this particular problem: Your phone becomes your key, and your authentication endpoint becomes your key management server. You use your phone  to log in to a website, authorize a transaction, or encrypt and decrypt a document. The secret keys are never divulged from the phone; if someone attacks the Claveo server and completely owns it for a brief period of time, all he/she accomplishes is a brief disruption of the Claveo Service, but never learns any of the users’ keys or encrypted information.

Claveo is a method by which you control your transactions–your interactions with the Cloud–using your phone. Your phone is your key.

Take a look at our website, download the Claveo App for your phone, and try our demos. The possibilities are limitless. You can use Claveo to authorize just about any transaction: signing on to a bank website for Internet banking, sending and requesting money, sending targeted, encrypted content and allowing those who paid to have the plain content, video, music, audio books, anything.

You show us the ways your secure transactions can be authorized with Claveo, and we look forward to making it happen.