How It Works

Identity, Authentication, and Channel Security Integrated.

REL-ID is a safe, simple, and scalable security platform that, for the first-time, tightly integrates your identity, authentication, and channel security. By combining strong "relationship" identities with our patented protocol in a mobile-first solution, REL-ID establishes secure, continuously authenticated application channels with blazing speed and at IoT scale. This powerful omnichannel technology enables a phenomenal user experience with every authorization and login while dramatically reducing your attack surface.

REL-ID delivers all of this by extending the mobile device’s capabilities to remote applications using RMAK, our patented mutual authentication & key exchange protocol.

The REL-ID Process

The REL-ID process consists of an initial registration step, and subsequent fast and easy login steps that also establish a secure and individualized tunnel.

REL-ID Registration

REL-ID (short for "RELationship-IDentity") starts with the elements of the existing model of absolute identities and super-charges them. The REL-ID process starts from the first time that your customer downloads your app and opens it. During this REL-ID Registration stage, the process first evaluates the trustworthiness of the device before establishing a unique device identity, overlays an application identity, and verifies the identity of the user (existing or new) to the level of assurance necessary to establish the relationship. The business gets to define what the identity verification process needs to be (it could range from simply logging in with existing credentials and answering some dynamic security questions, to a simple email verification based flow in retail scenarios, and going all the way to a full-fledged KYC process in financial scenarios).

Tech - RELID Registration.png

With the device, app, and user identified, REL-ID generates a unique split symmetric key (think of it as a private-private key pair). REL-ID then binds any set of absolute user-credentials (username, voice, retina, fingerprint, etc.) to the application identity, device identity, and the REL-ID key. The user credential used can be chosen by the user, from the set of options that the business has chosen to support. It also takes the device, application, and access identities at the server side of the connection and binds all of those difficult-to-spoof, mutual factors into a unique combination. This shared/mutual/relationship identity, containing elements from both the user and the enterprise, and cemented with a cryptographic key pair, is then split. Each side of the connection is responsible for part of the identity, but neither ever has full knowledge. Like writing down a note and then tearing it in half, it is impossible to recreate that tear and to guess perfectly all the contents of the half you don't possess.

REL-ID CONNECT

On every subsequent user interaction where the user comes back to the app and opens it, the connect process is executed to establish a mutually authenticated and secure channel.

The mathematics of the "relationship identity" (torn-note) is a true 1:1 relationship, which becomes the basis of the connect step. Because of the 1:1 nature of the relationship, the two halves form the basis of our very strong key-exchange and subsequent continuously authenticated encrypted channel. Each side uses their respective half of the relationship identity as the shared (but not identical) secret used as part of our proprietary modification to a fully authenticated Diffie-Hellman key exchange. Adding the relationship identity into the mix makes it fully man-in-the-middle proof, and basing it on a cryptographic element that the user is unaware of makes it completely unphishable and immune to social engineering.

Tech - RELID Connect.png

By moving the key-exchange into the application layer at both ends, we keep decryption as close to the responsible parties as possible, solidifying end-to-end data integrity and privacy. It also means that the authentication and data encryption happens within the process space, which protects against any kind of exploits that get between the app and the underlying platform APIs.

Platform Components

The REL-ID platform consists of a set of components that work together to deliver comprehensive end-to-end security.

It starts with our embeddable SDK; which enables application developers to leverage the path-breaking security REL-ID provides. The core of REL-IDSDK is built in endian-neutral ANSI-C, making it easily deployable and portable to almost any operating system. Because of the nature of our device-fingerprinting process and endpoint threat detection capabilities, the SDK core is wrapped in a device-specific binary for each operating system. Currently, we support Windows, OSX, Linux, iOS, and Android. The SDK also allows you to plug in the biometric authenticators of your choice, making it possible to choose different biometrics as required (for instance, an open app with TouchID, but approve high-risk transactions with voice biometric verification).

All of these platforms connect through the SDK to REL-IDgateway, our edge-server, which is a horizontally scalable soft-appliance that can be deployed on-premise or in your private or public cloud. The SDK communicates to REL-IDgateway using the RMAK protocol. 

 

 

The REL-IDserver provides built-in support for various policy controls based on the information gathered by REL-IDSDK on the client. It can integrate with existing authentication services or authentication stores, as well as third-party risk engines to dynamically drive authentication policy. All of this is managed through the REL-ID gateway manager. In this way, organizations can set policies that define suitable authentication methods required based on the contextual information - user, device, application, session, and transaction - available to it.

The REL-IDverify service adds the capability for enterprises to initiate push notifications and then subsequent, on-device transaction approval requests to the user over the secure authenticated channel. The REL-IDserver ensures that these notifications are sent to the correct user's registered device. REL-IDverify is currently available for both Android and iOS platforms and uses Google / Apple notification services as a "knock on the door" for the respective device to indicate that there is a notification waiting. This means, the actual transactional information (what resource is accessed, amount of transaction, etc.) is never shared over the public notification services OR with the ISPs. Once the REL-ID app receives a notification, it pulls the actual transactional information though REL-ID's MITM proof secure channel and shows the necessary prompts to the user to act on the transaction.

The REL-ID solution can be deployed in a wide range of environments - on-premises, private cloud, public cloud. Unlike many other security solutions on the market, Uniken never touches your connections - our edge-server appliance is entirely in your control.

LET'S GET IN TOUCH