REL-ID is a safe, simple, and scalable security platform that, for the first-time, tightly integrates your identity, authentication, and channel security. By combining strong "relationship" identities with our patented protocol in a mobile-first solution, REL-ID establishes secure, continuously authenticated application channels with blazing speed and at IoT scale. This powerful omnichannel technology enables a phenomenal user experience with every authorization and login while dramatically reducing your attack surface.
REL-ID delivers all of this by extending the mobile device’s capabilities to remote applications using RMAK, our patented mutual authentication & key exchange protocol.
The REL-ID Process
The REL-ID process consists of an initial registration step, and subsequent fast and easy login steps that also establish a secure and individualized tunnel.
REL-ID Registration
REL-ID (short for "RELationship-IDentity") starts with the elements of the existing model of absolute identities and super-charges them. The REL-ID process starts from the first time that your customer downloads your app and opens it. During this REL-ID Registration stage, the process first evaluates the trustworthiness of the device before establishing a unique device identity, overlays an application identity, and verifies the identity of the user (existing or new) to the level of assurance necessary to establish the relationship. The business gets to define what the identity verification process needs to be (it could range from simply logging in with existing credentials and answering some dynamic security questions, to a simple email verification based flow in retail scenarios, and going all the way to a full-fledged KYC process in financial scenarios).
With the device, app, and user identified, REL-ID generates a unique split symmetric key (think of it as a private-private key pair). REL-ID then binds any set of absolute user-credentials (username, voice, retina, fingerprint, etc.) to the application identity, device identity, and the REL-ID key. The user credential used can be chosen by the user, from the set of options that the business has chosen to support. It also takes the device, application, and access identities at the server side of the connection and binds all of those difficult-to-spoof, mutual factors into a unique combination. This shared/mutual/relationship identity, containing elements from both the user and the enterprise, and cemented with a cryptographic key pair, is then split. Each side of the connection is responsible for part of the identity, but neither ever has full knowledge. Like writing down a note and then tearing it in half, it is impossible to recreate that tear and to guess perfectly all the contents of the half you don't possess.
REL-ID CONNECT
On every subsequent user interaction where the user comes back to the app and opens it, the
The mathematics of the "relationship identity" (torn-note) is a true 1:1 relationship, which becomes the basis of the
By moving the key-exchange into the application layer at both ends, we keep decryption as close to the responsible parties as possible, solidifying end-to-end data integrity and privacy. It also means that the authentication and data encryption happens within the process space, which protects against any kind of exploits that get between the app and the underlying platform APIs.
Platform Components
The REL-ID platform consists of a set of components that work together to deliver comprehensive end-to-end security.
It starts with our embeddable SDK; which enables application developers to leverage the path-breaking security REL-ID provides. The core of REL-IDSDK is built in endian-neutral ANSI-C, making it easily deployable and portable to almost any operating system. Because of the nature of our device-fingerprinting process and endpoint threat detection capabilities, the SDK core is wrapped in a device-specific binary for each operating system. Currently, we support Windows, OSX, Linux, iOS, and Android. The SDK also allows you to plug in the biometric authenticators of your choice, making it possible to choose different biometrics as required (for instance, an open app with TouchID, but approve high-risk transactions with voice biometric verification).
All of these platforms connect through the SDK to REL-IDgateway, our edge-server, which is a horizontally scalable soft-appliance that can be deployed on-premise or in your private or public cloud. The SDK communicates to REL-IDgateway using the RMAK protocol.
The REL-IDserver provides built-in support for various policy controls based on the information gathered by REL-
The REL-IDverify service adds the capability for enterprises to initiate push notifications and then subsequent, on-device transaction approval requests to the user over the secure authenticated channel. The REL-IDserver ensures that these notifications are sent to the correct user's registered device. REL-IDverify is currently available for both Android and iOS platforms and uses Google / Apple notification services as a "knock on the door" for the respective device to indicate that there is a notification waiting. This means, the actual transactional information (what resource is accessed, amount of transaction, etc.) is never shared over the public notification services OR with the ISPs. Once the REL-ID app receives a notification, it pulls the actual transactional information though REL-ID's MITM proof secure channel and shows the necessary prompts to the user to act on the transaction.
The REL-ID solution can be deployed in a wide range of environments - on-premises, private cloud, public cloud. Unlike many other security solutions on the market, Uniken never touches your connections - our edge-server appliance is entirely in your control.
Banks struggle to ensure customers’ data and dollars are safe while at the same time ensuring great customer experience design across all channels. How do you balance these competing interests?
Join guest speaker Peter Wannemacher, principal analyst at Forrester and Uniken CEO Bimal Gandhi for our upcoming webinar on February 27 at 3pm.
Remind Me Later