 Hey, welcome back everybody. Jeff Frick here with theCUBE. We're in downtown San Francisco at LinkedIn's headquarters at Data Privacy Day 2018. Second of the year we've been at the event, pretty interesting, you know, there's a lot of stuff going on in privacy. This kind of follows the security track, gets less attention, but with the impending changes in regulation is getting a much more play, much more media. So we're excited to be joined by our next guest. He's Jared Chong, the vice president of product at Ubico. Jared, welcome. Thank you, Jeff. So for folks that aren't familiar with Ubico, what are you guys all about? We're all about protecting people's identities and privacy and making them they authenticate securely to online accounts. So identity, that's so an increasingly important strategy for security. Like don't worry about the wall, can we really figure out who this person is? So how has that been changing over the last couple of years? Yes, there's definitely a lot of things been changing. So we can think of identity as some, some companies want to know who you are, but some companies actually are okay with you being anonymous, but then they want to still know that it's the person that they talk to that's still the person. And so what we see in the wall of things- Oh, an anonymous person as opposed to an not-perfect. Someone else, but we want to make sure the anonymous person is the same anonymous person. Oh, okay, okay, right. And that's important, right? So if you can think of fake journalists and you think of, they need to talk to the informer. So they need to know that this is the real informer and they don't want to have the fake informer tell them the wrong story. And so they need a way to actually strongly authenticate themselves. And so identities is this very interesting intersection of strong authentication, but at the same time, real identities as well as anonymized identities. And they are actually real life applications for both that can protect citizens, can protect dissidents, but also at the same time can help governments do the right things when they know who you are. Right, so we're so far behind them. I still can't understand why you dial in to the customer service person and you put in your account number and they still want to know your mom's maiden name. And we've told them all a thousand times that can't be much of a secret anymore. And then I've read something else that said the ability to use a nine digit social security number and keep that actually private is basically, chances of doing that are basically zero. So we're well past that stage in terms of some of these more sophisticated systems, but we still kind of have regulations that are still asking you to put in your social security number. So what are the ways that you guys are kind of addressing that and you're kind of taking a novel approach with an open source solution, which is pretty cool. Yes, we've created the open standard which is FIDO U2F standard and we actually co-created this with Google. And one of the key things is that what we call knowledge base systems are just thing of the past. Knowledge base is anything that you try to remember, including passwords. Right. And what we call recovery questions. You know, you name the recovery question that you want to put in. Right, right, your dog, your pet, you know, your street. Everything online from LinkedIn or from Facebook. So why are we doing those systems? And obviously we need to change that. But this open standard that we've created really allows you to physically prove yourself with a physical device. Like, so you want to tell who you are and there are a couple of ways you can tell who you are online. You can tell by remembering something, by something that you have and something that who you are, right? So these are the basics on how you can identify yourself over the wire. And what we've really focused on is the combination of something you have and something you know. But the something you know is not reviewed to the world. The something you know is reviewed to the device that you have. So it's kind of like an ATM card, right? You're not going to tell the pin to the wall and nobody really has your ATM. Nobody asks you for the ATM. Even the banks don't know what your ATM is. Right. And you can change that and only you know about it. So we take that same concept and make it available for companies to implement these type of authentication systems for their own services. So today Google supports this open standard. Actually today Facebook supports it as well. And Salesforce and a host of other services. Which means that you can actually authenticate yourself with the device and something you know. And that really allows you as an individual to not have to think about all these different things that you have to remember for every single site. Cause that's what people are doing today. Right. And so the beauty about this protocol as well is that we've developed this thing is that these systems, they don't know that you have the same authenticator. Which is the great thing. So they can't collude and share and then pinpoint it was you. If you took this authenticator you can use it with many different things. But all of them don't know that you have what we call the UB key. And so this is the UB key. So it's like the old RSA key what we think a lot of people are familiar with. What people think. Right, right. Obviously we've, it's way beyond the RSA keys. But I mean, but it's the same kind of concept. You've got a USB, little device. And that's what you bring with you and that's who you are. And you can strongly authenticate to the services you want. I think that's really the foundation which is people want to take back their way that they authenticate to the systems and they want to own it. And that's really a big difference that we see rather than the bank says you must have this or you must have that and you can only use it with me. You can use it with somebody else. I want to bring my authenticator anywhere. Right. So you said Google's using that. I'm a huge Google user. I don't have one of those things. So where's the application? Is that something that I choose? Cause I want to add another layer of protection or is that something that Google says, hey Jeff, you're such and such a level of customer user, et cetera. We think you should take this to the next level. How does that happen? So it's actually been a bailout since the end of 2014. Okay. It's part of the step up authentication. The latest iteration of the work that Google has done is the Google Advanced Protection Program which means that you can enable one of these devices as part of your account. And one of the things they've done is that for those users at risk, you can only log in with these devices which really restricts. So they define you as a high risk person because of whatever reason. And they encourage you, hey, please protect yourself with additional security measures. And the old additional security measures used to be like, send me an SMS text. But that's actually pretty broken right now. We've seen it being breached everywhere because of what we call phone hijacking. I pretend to be you and I got your phone number right now. Now I got your phone. Shoot, I thought that was a good one. That is known. That's a lot of video how you can do that. And so this is available now for everyone. Everyone that has Gmail account, can go into your account and says, I want to step up a authentication. They call it two step verification. Okay. And then I get one of these in the mail. You actually have to buy these, but Google has been providing, within different communities. They've seen the market. We've been also doing a lot of advocacy work. Many different types. Even here today, we've distributed a lot of UB keys for a lot of the journalists to use. But in general, users will go online to Amazon or something and you would buy one of these devices. So then once I have that key and I bought into that system, as you're saying, then I can use that key for not just Google, but for my Amazon account, anyone that supports that standard. Exactly. Anyone that supports the standard. That standard is growing extremely rapidly. It's users, it's big companies using it. Developers sites are using it. So the thing that we created for the world back in 2014 is now being actually accelerated because of all these breaches that are very relevant to data breaches, identity breaches, and people want to take control. Right. I'm just curious, if you have a point of view, why haven't the phone companies implemented more use of the biometric data piece that they have, whether now they're talking about the face recognition or your finger recognition, and tied that back to the apps of my phone? I still am befuddled by the lack of that integration. There's definitely solutions in that area. And I think one of the challenges is that just like a computer, just like a phone, it's a complicated piece of software. There's a lot of dependencies. All it takes is one software to get it wrong and the entire phone can be compromised. So you're back into complicated systems, complex systems. People write these systems. People write these apps. It takes one bad developer to mess it up for everybody else. So it's actually pretty hard unless you control every single ecosystem that you build, which is vastly difficult now in the mobile space, the mobile carriers are not just the player on, it's not just from AT&T. You've got the OS, you've got Google, the Android phone, you've got AT&T, you've got the apps on the phone, you've got all the various processes that components that talk to different apps. You've got the calling app, you've got all these other games. So because it's such a complicated device, getting it right from a security perspective is actually pretty difficult. But there are definitely applications that have been working over the years that have been trying to leverage the built-in capabilities. We actually see it as the Ubiqui can actually be used with these devices. And then you can use these devices after you bootstrap them, what we deem as what we call blessed device. So you can use multiple different things. And the standard actually doesn't always define that you just use a hardware device like a Ubiqui. You can use a phone if you trust the phone. We want to give flexibility to the ecosystem. So I'm just curious in terms of the open standards approach for this problem, how that's gaining traction. Because clearly, open source has done very, very well, far beyond Linux and as an operating system. But so many, so many apps that have run open source software components of open source. So in terms of market penetration and kind of adoption of this technology versus the one single vendor key that you used to have, how is the uptake, how is the industry responding? Is this something that a lot of people are getting behind? It's definitely getting a lot of traction in industry. So we've started the journey with Google and what's happening was that in order to work with this prominent scale, you have to believe that just between Ubiqui and Google can't solve this problem, right? And if the answer is you've got to do my thing, no one's going to play in this game. Right, right. There's a high level. So I think what we've done is that the open standard is the catalyst for other big players to participate without any one vendor going to necessarily win, right? So today, there's a big plenary going on at FIDO and it's really iteration of what we've developed with Google and now we're taking the next level with actually Microsoft and we've called it FIDO 2. So from U2F, FIDO Universal Second Factor to FIDO 2 and that entire work that we've done with Google is now being evolved into the Microsoft. So I would say in a couple months, you will start to see real Microsoft products being able to support the same standard, which is really excellent because what do you use every day? You either use that, that's three major platform players that you have today, right? You either use a Google type of device, a Chrome or an Android. Right, right. You use a Microsoft device, you've got Windows everywhere. Or you use an Apple device, right? So, and the only way these large internet companies are going to collaborate, if it's open, if it's closed, if it's my stuff, Google's not going to implement Microsoft stuff, Microsoft's not going to invent an Apple stuff. So the only way you can do something together. Talk about the Apple part of that analogy, but that's okay. Yeah, that's true, that's true. But I think it's important that the security industry, working with the identity industry work together and we need to move away from all this one off proprietary things because it makes it really difficult for the users and the people to implement things. And if everybody's collaborating like an open standard, then you actually can make a dent in the problem that you see today. And to your point, right, with BYOD, which is now used to be a thing, it's not a thing, obviously everybody's bringing their own devices to have an open standard so people at different types of companies with different types of ecosystems with different types of users using different type of devices have a standard by which they can build these things. Absolutely. Exciting times. Exciting times. All right, Jared, well thanks for taking a few minutes out of your day and we look forward to watching the Ubico story unfold. Exactly, thank you very much. All right, very good. He's Jared, I'm Jeff. You're watching theCUBE, we're Data Privacy Day 2018. Thanks for watching.