Proxy Raises $42 Million

By John Honovich and Brian Rhodes, Published Mar 17, 2020, 10:08am EDT (Info+)

Startup Proxy has raised $42 million, an astounding amount for the access control market.

For background, see our Proxy access control test.

How did they get much funding? What do they aim to do with it and to the market? We spoke with Proxy executives and examine these questions inside.

What **** **** ** **

*** **** ** *** ***** *** Proxy, **** ** ****** *** **********, the ******* ****. ***** ****** ******* for ***** ** ***********, ***** ********* offering ** ******** ******** ** * broad ***** ** ******* ******* **** printers ** ** ** ******* *****, tablets, ** ********* **** **** ****** and **** *******.

******, **** ******* ** *** **** term **** ***** **** ** * distinct ******** ** ******* **** **** control ****** **.

Business *****

***** *** ******* ***** ********, *.*.,****** ******* ****** **** ****, *** ******* ******** ***** ** focused ** ********, ************, * **** model ***** ** ********* *** ****** (e.g., *** ****, ******* ******* ~$** to $** *** ****** *** ***** depending ** ****** **** *** ***** of ***********), ******* ** ********* *** credential (******* ******** ** *******).

*** ******* ******** **** ** *** scale ** * ***** ***** ** devices *******, ********** ******* *** ********.

Top-Down ***** *****

****** **** ******** ******** ********* **** start **** ******* *******, ***** **** they **** ******* ** *********** *** commercial **** ****** *********, ********* ******* Silicon ******-***** ******.

******, **** *** **** ***** ******* interest ***** ****** ********* *** ***** combination ** ****** ****** *** * singular ********** ** ****** ** ******* devices.

Competitors - ***, *** *****, **, *******, ***.

*** ******** ********** ** ****** *** Global. ***** ***** **** **** **** made ********* ** *** ** *******, it ** ****** ***** *** ******* incumbents *** *****'* *** ********* **** these *** **** *****.

*******, ** *** ****** ******* ********** software ****, ***** ***** ** ******* with *********** ****** *******.

***** ***** ****** *** *** ***** management ********, ** **** *** ****** to ** * ****-******* ****** ******* management ******** *** ******* *** * mobile ************** ***** ** ******** *******.

Negatives / ***********

* *** ******* ********* ** *********** do ***** *** *** ******* *****:

  • ****** *****, *** ******* *** ~** employees.
  • ** **** ***** ************ ** ***** sales ** ** ***** ******* ********.
  • ******* ***** *********** *** ******** ****** control
  • ************** *** ***** ***** *** ****** channel

Can ***** ********* '************ ******' ********?

***** **** *****'* ******** **** **** customers ** *** ******** ****** *******, the ******** ** ******* ** *** this ******** * ********** ******** **** the '***** ******* *******' ************ *** company **** ** **** ** ********* systems.

******** *********** *** *********** ** *** often **** * '**** ** *** table' ** ***** ** ********* ** specifying ***** **-***** ******* *******, *** while *** ******** ** ****** '************ access' ** ***** ********* *** ** there, ******* ***** ***** ***** *** a ******** ** *** ***** ***** prove *********.

Using $** *******

** *******, ***** ** ****** ** use *** $** ******* ** ******** investments ** *&* ** **** ** sales, ****** *** ******* ********* **** caution ** *** ******* ** ****** they **** ***** / *****, ****** the ******* ********* ******** *********.

*** ******** ** **** *** $** million ***** **** ***** * *** chest ** ****** ******* ********* ** well ** ***** * ***** ************ to ** ***** *** ******* ******.

Competitive *******

*** ** ******* *** ******* ************ and *** **** ******* ******** ** enter *** ******** '********' ******, **** as ***** ** *********** ******.

** *** ******* ****,***'* **** *************** ** ****** *** ******** ******** credential *** **** ** *** ****** of * ******** ****** **** ********** users **** ******* (*********) ******* ** well. ***** ******* ********, **** ******* *** *** **************** ****** ****** ******** ********, **** none ***** ************* ******* ** ***.

*** *** ********* ** ****** ******* markets **** ***** ** *********** ******, but *** ********** ** ***** *** proven *********, ********** ******* *** ************* of *********** ******** *********** **** ***** systems.

*******, **** *****'* ******-***** ********, **** of *** ********** *** ****** ************ are ********* *** ********** ***** *********** and ****** ******* *** *********. *** less ******* *********** ******** ***** ***** valuable ** ******* ***** **** ****** where *** *** *** ****, *** is ***, ********* *** ****** ******.

***********, *** ** ***** *** ******* and **** ** *** ****** ******* industry's ******* ******* *******, **** *****, so **** ********* **** *** ********* and **** ** **** ** **** future ***** ******.

Vote / ****

Comments (4)

Undisclosed Integrator #1

03/17/20 11:34pm

Doors, doors, doors .... lol .. anyone know anything about doors?

As long as there is physical doors hardware and we're not controlling access to spaces via an invisible pressure beam (wouldn't be surprised if Elon Musk already has this one figured out) there will be significant challenges to mixing the locksmith world with the folks who want to control access to everything, no matter what it is, with a universal identifier.

Makes sense on the surface, so maybe its a matter of time and getting used to the idea, but the best customers for the newer entrants to physical access control are the large real estate companies with executives who know very little about door hardware as well, and focus on the end solution (IMO) bright lights.

Again, my opinion only, but the hackers are only getting better at their craft, and the stakes are higher and much more fragile than we may think, so attaching your one identify, your "world", to a complex web of integrated applications scares the hell out of me.

Agree: 1
Disagree: 2
Informative
Unhelpful: 1
Funny

Kurt Kottkamp

03/19/20 12:40pm

Who are the principals, and execs? Don't see it here or on their website.

Agree
Disagree
Informative
Unhelpful
Funny
Avatar

Brian Rhodes

IPVMU Certified | In reply to Kurt Kottkamp | 03/19/20 03:28pm

Hello Kurt:

Proxy's co-founders are Denis Mars and Simon Ratner, both Stanford alums with startup/ tech company experience. Ratner was a former design engineer at Intel/Sensory Networks involved with network security, Mars formerly worked for Y-Combinator, and Ratner with Google/Youtube.

Both had limited physical security experience prior to starting Proxy.

Does that help?

Agree
Disagree
Informative: 3
Unhelpful
Funny
Avatar

Brian Rhodes

IPVMU Certified | 04/02/20 05:27am

We asked HID for comment on the similarities/differences between their integrated offerings vs. the concept behind Proxy's goals to expand their platform beyond access doors.

HID clarified their approach:

Our vast partner base embeds HID reader authentication technology into their complementary non-PACS products and solutions that build upon our broad PACS installed base worldwide. This extends the use of HID’s trusted credentials into a wide range of applications. In the enterprise space, for example, HID partners with many of the world’s top secure print OEMs like Konica Minolta and others, as well as cashless vending partners, biometric terminal partners (such as Suprema, Stonelock and Iris ID), handheld devices partners like Infinite Peripherals, other peripheral device partners and many more.

In addition to these partner applications, HID technology is integrated into a wide range of business systems to provide secure access to lockers, locks, medical records, drug dispensing cabinets, time and attendance terminals, elevators, and so much more.

HID explains and cites examples of their 'identity business' integrating iClass SEOS and Mobile credentials into non-access platforms, which is similar to how Proxy is planning to expand their offering.

We asked both companies to compare the overall security of credentials given the different approaches.

HID cites that because integrated devices use PACS credentials like iClass SEOS:

'This ensures that the master keys and cryptographic operations, necessary to securely authenticate a mobile credential or smart card, are isolated to trusted endpoints containing certified embedded secure elements.'

Given that formats like iClass SEOS are extended to other non-access devices, there is similar user confidence that credentials are not spoofed or cracked.

We then asked Proxy to explain their approach to securing their BLE-based credentials, specifically if encryption is used. Proxy responded:

Proxy treats BLE as an untrusted communication medium (similar to HTTP). Within our system, access credentials are stored in the cloud (encrypted at rest) and delivered to the phone in the payload of an encrypted token. The access point-specific, time-limited encrypted token is then passed over to the reader via BLE, where the token is decrypted with a device-specific encryption key, and the credential is decoded and passed down the wire via Wiegand or OSDP v1 to the controller. Each token is one time use only to further secure the system against read-and-replay attacks. Proxy is SOC-2 Certified.

In many ways, HID's platform has a head start on the business Proxy wants to build. For example, the company's deployment at Clemson University in the US, where student IDs are used/valid in a number of systems:

Their cards and mobile devices can be used for everything from entering buildings – such as residence halls and individual rooms – to buying meals, accessing the gym, and using secure print services and numerous other university resources.

Proxy's idea is not new, but market success may depend if the company is more nimble/ more cost-effective than HID in achieving these integrations.

Agree
Disagree
Informative: 1
Unhelpful
Funny
Login to read this IPVM report.
Why do I need to log in?
IPVM conducts reporting, tutorials and software funded by subscriber's payments enabling us to offer the most independent, accurate and in-depth information.
Loading Related Reports