Jean-Yves Mathieu, Head of Information Security @Aubay Luxembourg helps companies with their set-up of security governance, from planning to execution, inclusive of CISO training. His shares his view on the Woobe system.
I believe that Woobe raises data confidentiality, security and privacy to a new level by combining several layers of protection:
At the user level,
By storing personal identification and fingerprint data in a sealed smartcard rather than a central database. Woobe “match-on-card” technology ensures complete data privacy for users. Their biometric information and cryptographic identity never leaves the card and can only be activated by matching dynamic fingerprint data (the user swipes a finger over the Woobe scanner in his or her usual way).
At the document level,
By encrypting content and restricting access to authorized, identified users through dynamic fingerprint matching, which is one of the most secure authentication solutions available (see below).
At the system level,
By separating the document storage and working functions. The Woobe browser, which is integrated into the user’s operating system, simply presents a list of encrypted documents. Authorized users must identify themselves using the Woobe biometric process in order to access and act on documents (open, accept, refuse, sign, send, etc.).
At the network level,
By storing documents in the cloud on highly secure, redundant Woobe servers. No content can be accessed without decryption through the biometric ID process.
At the legal level,
By identifying users and timestamping their actions at every critical step. No changes to documents can be made without the relevant users’ knowledge, and the agreement process for any contractual content is fully documented in a way that can be used as legal proof.
Woobe security: a new military-grade approach
Woobe has invented a completely new system to guarantee that only document owners can ever open a document using their smartcard and fingerprint authentication. Consequently, documents can be copied and stored on different media without compromising security because security is intrinsically bound to each individual document. Even if the encryption code could be broken on one Woobe document, the hacking process would have to start from scratch on the next…
Security at the user’s fingertips, literally
Woobe uses matching-on-card biometric technology with a sweeping thermal sensor embedded into the smartcard reader. This means that a user can only be authenticated after swiping a live finger across the reader in his or her usual way. No data enters the user’s computer, and unlike passcodes, there is nothing visible that can be stolen by onlookers or malware. Woobe’s smartcard has been designed to meet military-grade security (EAL5+ or Evaluation Assurance Level 5 of 7, an international standard). Woobe’s encryption and authentication system is so robust that it overrides the need for security at the network and storage levels. Indeed, in this system copies are encouraged! it is more important to ensure redundancy, so that a document can never disappear.
No central files = absolute data privacy
Personal data privacy is not just a concern but a requirement. The Woobe system ensures absolute privacy in terms of personal data, document content and reporting, by encrypting data using a variety of algorithms (RSA, AES-128 and RIPEMD-160). All personal data is stored on the card and can only be accessed by the only person it relates to: no one else can read or change the information on the card.
Thanks to Woobe’s “full match-in-card” technology and unique messaging system, users are protected from cyber spying and out of reach of “GAFA” (Google, Apple, Facebook, Amazon) and the other major private companies that have access to massive amounts of personal data. The system becomes a virtual safe, without windows or doors for prying eyes. In a future release, Woobe plans to flood the system with an avalanche of fake number records to further protect the real data against analysis of communication patterns between users.
Legal authentication if necessary
Woobe can act as a trusted third party to legally vouch for the authenticity of documents and all related signatures and identities without opening them, using a technique similar to zero-knowledge cryptography. Further, users can mandate forensic investigators and/or judges to access selected documents in the event of legal proceedings. If necessary, Woobe can also identify users (only indirectly through their enrollers), who may then be ordered by courts to provide access.
Unique, new and proven
The Woobe system is so different that existing certifications do not appear relevant (e.g., for data center security) where the security resides in the encryption and authentication processes. The company therefore asked two renowned cryptography experts, Professor Jean-Jacques Quisquater and François Koeune of UCL Crypto Group to audit the system. Their conclusion? Woobe works!