© NuID, Inc. 2018 info@nuid.io

Trustless AuthenticationTrusted Identity

+ Solution Overview

© NuID, Inc. 2018

trustless\ ‘trəst-ləs \

A system or network that allows for the exchange of value or information

without relying on trust between participants or in a third party.

© NuID, Inc. 2018[1] Risk Based Security 2016 Year End Review

[2] Verizon Enterprise Data Breach Investigations Report 2017

Background

Digital identity and authentication are at the core of information security concerns for businesses today. Whether it's your customers, partners, or employees, securely authenticating users and protecting their credentials are crucial to combating the growing risks of fraud and data breaches. Passwords and other authentication data are a prized target and a valuable tool for attackers. Nearly 40% of breaches compromise passwords,1 and over 80% of attacks involve the use of stolen or weak credentials2.

While approaches like multi-factor authentication (MFA), biometrics, and strong password requirements have their place in a comprehensive authentication strategy, they are ultimately stopgaps against the core structural problem of digital identity today: centralized authentication. As long as businesses maintain large, centralized databases of private identity and authentication data, attackers will target this data and find ways to circumvent expensive threat detection and defensive measures.

This siloed approach to digital identity is also harmful to the end-users. Users face a fragmented experience with an increasingly unmanageable number of credentials and cumbersome authentication requirements. This often results in poor password habits or frequent password resets which degrade user experience and cost your business in help-desk hours. With major breaches striking even the largest and most sophisticated companies, users are also increasingly wary of new registrations, resulting in abandoned purchases and transactions. User trust is harder than ever to earn and even easier to lose.

NuID is building a new paradigm in digital identity. Decentralized authentication eliminates the need for businesses to store passwords and other credentials while giving users a unified digital identity that can safely be used to authenticate into any participating digital service.

NuID is trustless authentication for trusted identity.

© NuID, Inc. 2018

Trustless AuthenticationTrusted Identity

The NuID platform leverages a decentralized architecture and zero knowledge cryptography to completely eliminate the need to store passwords and other private authentication data—anywhere. Unlike common “shared secret” authentication methods, which require the verifying party to know the user’s private credentials, zero knowledge authentication allows a user to prove they know their credentials without revealing any information about them. By getting rid of large credential stores, your company can drastically reduce the risk and potential damage of data breaches.

We call this trustless authentication because users no longer need to trust the services they use—or any third party—with their private authentication data. Even NuID has no access to users’ private data. As users become increasingly wary of providing their passwords to each new account and application, your business can ultimately build greater trust by asking for less.

credentials3

servicex servicey servicez

Ledger

1 2 3

credentials1 credentials2

servicey

1 2 3

servicex

password1x

password2x

password3x

servicez

password1y

password2y

password3y

password1z

password2z

password3z

Decentralized

Centralized

© NuID, Inc. 2018

Trustless AuthenticationTrusted Identity

Trusted identity starts with rock solid authentication. Whether you are authenticating customers, employees, or business partners, NuID strengthens existing identity frameworks by enabling strong authentication without sacrificing user experience.

Our API can be used as a lightweight authentication service to integrate with standards-based identity protocols like SAML, OAuth, and OpenID Connect. NuID can also be paired with leading cloud-based Identity Management services.

Trustless Authentication

Are you who you say you are? +

Have we seen you before? +

How would you like to be identified? +

Are you willing to share info with us? +

Trusted Identity

+ Are you over 21?

+ Should you have elevated permissions?

+ Are you a recognized member of our service?

+ What information do we know about you?

While NuID was designed to work with existing digital identity models, it also represents a step towards a new paradigm of decentralized identity. Growing privacy concerns among consumers and regulations like GDPR are fueling a trend towards a more decentralized and user-centric Internet. NuID’s trustless authentication will enable your business to provide digital services with the trusted identity models of tomorrow.

© NuID, Inc. 2018

Using NuID

NuID’s authentication solution makes it easy to deploy trustless authentication for your customers, employees, and other users. The platform includes a REST API and SDK to seamlessly integrate our service into your existing applications and access workflows.

NuID’s flexible design supports password-based and passwordless authentication methods, allowing your business to tailor the user experience to the context and security requirements of each interaction. Zero knowledge password authentication provides a familar and portable login experience for users while eliminating the need to store and protect those passwords on cloud or company servers.

+ Context-aware

Passwords

+ Extensible design

Biometrics

Devices

+ Lightweight- Thin RESTful API- Streamlined integration- Hosted in cloud, on-prem, hybrid

+ Interoperable- SAML, OAuth, OIDC, DID- SSO- BYOD

+ Future-proof- Passwordless- Biometrics- BYOI- Web3

Passwordless login offers a frictionless and mobile-first experience that removes the burden on users to remember passwords. Instead, users simply unlock a token on their personal devices with a PIN or biometric factor.

Passwords and passwordless factors can be dynamically combined to support step-up and MFA configurations.

© NuID, Inc. 2018

Enterprise Value

Storing passwords is a problem—and unfortunately—it’s an expensive one. In 2017, the average cost of a data breach was $7.4M1. Passwords and other authentication data are a prized target for attackers and represent a major liability for your company. Trustless authentication removes the risk of a mass credential breach by getting rid of centralized credential storage.

With a factor-agnositc design, the NuID authentication solution can also help your business provide a fast and modern authentication experience to delight your customers or employees.

+ Build trustCustomers are increasingly concerned for how their data is handled. Return data ownership to your users. Build greater trust by asking for less.

+ Boost productivityBuilding, maintaining, and protecting your credential storage and authentication mechanisms takes your developers away from working on your products.

+ Streamline loginReduce UX friction for strong authentication with flexible MFA and

+ Reduce riskNuID's trustless authentication eliminates the need to store private credentials, removing a major liability for breaches and attacks. With nothing to hide, there's nothing to steal.

+ Fight fraudPasswordless configurations can shield your business from account takeover attacks that use breached or phished credentials.

+ Lower overheadNobody forgets their fingerprint. Reduce operational costs of account lockout and access management. Lower data protection costs with zero knowledge authentication.

[1] For US firms. IBM Security & Ponemon Institute, 2017 Global Overview

© NuID, Inc. 2018

The NuID Platform

What it is

+ Zero Knowledge Proofs

+ Distributed Ledger

+ RESTful API

+ SDK

How it worksA zero knowledge proof (ZKP) is a cryptographic method which allows one party to prove that they know a given secret without revealing what that secret is.

ZKPs use one-way cryptographic functions to derive public reference parameters from a user’s secret (e.g. a password). These parameters are similar to a public key in that they are non-sensitive information which is derived from, but can not be used to reveal, the private secret. With NuID’s zero knowledge authentication, only these parameters are sent across the network. No private authentication data is stored on the device or sent to the verifier.

Zero knowledge authentication offers significantly stronger security than existing password hashing schemes and provides better usability and management than traditional PKI and other edge authentication methods. Because proofs can be generated on the fly with only the user’s secret, NuID’s solution does not require a private key to be stored on the user’s device—allowing users to authenticate from any device.

The NuID protocol immutably stores public reference parameters on a blockchain, so that they can be shared but not tampered with. A blockchain provides a trustless infrastructure with no central point of failure.

Combining these technologies allows users to own and manage their authentication credentials while enabling companies to authenticate without storing and protecting sensitive information.

© NuID, Inc. 2018

Implementation & DeploymentNuID is designed to be a lightweight and self-contained authentication API with minimal implementation overhead.

Interaction with the API is highly configurable, and in most cases as simple as interacting with a traditional REST API. Our SDK provides developer libraries for easy integration with your existing applications and leading IAM platforms.

As a data layer on top of a distributed ledger, the platform is “ledger agnostic.” It can be configured to use many different ledger platforms. The API to transact with the ledger can be hosted in the cloud, on-premise, or in a hybrid/micro-service architecture.

NuID integrates most seamlessly as an authentication server within token-based authorization flows such as SAML, OAuth, OpenID Connect, and others. This combination allows the user experience to be tailored for each endpoint, and enables MFA and transitive trust policies to be configured and implemented efficiently.

service

token server

REST API

ledger

1.

2.3.

4.

5.9.

6.

7.

8.

client

1. Client requests a protected resource

2. If no security token, delegate to token server

3. Token server requests zero knowledge proof (ZKP) of secret (e.g. “/login”)

4. Client generates ZKP with user secret

5. Token server forwards ZKP to REST API

6. Read ledger data

7. Verify ZKP against ledger data

8. Verification result returned to token server

9. Security token issued to client to access resource

Get in touch.Learn more about the future of authentication and digital identity.

info@nuid.io | nuid.io | @_NuID