With Remme generating so much news in recent months, it’s time we provided an updated overview of our products. Their interconnected nature and the way in which they unite under a single umbrella seems self-explanatory to those of us on the inside, but may not be evident to our community, some of whom are new to Remme. As such, a little context and summarizing is required.
Today we're happy to release a global vision of the Remme product suite. Remme is an ecosystem of Identity and Access Management products with a digital key at its heart with the same level of resilience for both humans and machines. It comprises:
- Next-gen PKI Protocol – the foundational layer to create and manage decentralized IDs and their digital keys
- Auth for the management of human digital identities
- Keyhub for the management of machine digital identities
We’ve defined a clear development vision of all our products over the next couple of years with the ultimate goal of uniting Auth and Keyhub into a 360º Identity Management platform with the Protocol serving as an underlying decentralized layer to create, store and manage human and machine digital identities.
Human and machine digital identities: challenges
The way we handle digital identities doesn't cut it anymore. Archaic and complex IAM practices led to 2B breached records in 2018. The average data breach now costs $3.86M per company and $148 per lost or stolen identity record. The number of online identities is growing at an exponential rate and persisting with these archaic and complex IAM practices will have drastic consequences.
Given the challenges, it’s no surprise that the demand for blockchain-powered IAM solutions has been growing. Indeed, blockchain technology provides a number of characteristics that are perfectly suited for the future IAM needs such as built-in transparency, censorship resistance and widespread availability via a distributed network of nodes.
It’s not just humans that have identities. Numerous devices, apps and connected things have their own identities, too. And they require proper management. Just to compare:
Machines:
- 14.2 billion connected things
- Identified by keys and certificates
- $1,200 is the cost of one code signing digital certificate on the dark web
Humans:
- 7.7 billion people
- Identified by usernames and passwords
- $1,200 is the cost of human online identity, including bank account, online logins, passport details etc.
Machines are everywhere around us and control more of our business processes than we think. The bad guys know this, and they have now started to target machine-based identities to get inside your networks.
According to the Ponemon Institute report, $15 million is the average cost of code signing certificate and key misuse and $11.1 million is the average cost of unplanned outages due to certificate expiration. Often treated as hardware assets, unprotected machine identities can cause loss of trust with customers and partners, regulatory authority fines, unanticipated downtime or outages, increased operational and IT costs to name just a few.
Our approach to the problem is to simplify identity management altogether by providing a unified solution for the creation of digital identities and their ongoing management, both for humans and machines.
Protocol: Next-gen Public Key Infrastructure
Remme Protocol is an open-source solution that improves the security of data transmission and online communication between browsers, apps, servers, and devices by utilizing a decentralized environment organized in a distributed network. It is designed as a solution to provide a robust and secure alternative to traditional PKI systems, which often become a single point of failure.
There is a number of use cases we’ve envisaged for Remme Protocol that include user and smart device authentication, digital key management, domain validation, email signing and encryption, code signing and others. All these cases become possible with the Protocol’s blockchain layer hosting identity information with attributes and finally the layer on top with the user apps addressing a variety of custom PKI challenges.
REMChain, the public blockchain powered by REM token, run on the Protocol software, together with system apps and supporting tools, form the foundation of the Remme ecosystem. REMChain is a decentralized backbone that stores the data (public keys, key metadata, identity data, attributes etc) and enables various dApps (such as Auth, Keyhub or any custom app built by the community) to operate without a central server that often becomes a single point of failure, a throughput bottleneck or a censoring authority. REMChain decentralization and distribution are guaranteed by a network of independent and economically incentivized validating nodes (Block Producers). These nodes earn rewards in REM tokens. The higher quality is delivered by the network to the end-users the more rewards they receive.
With demand for blockchain-powered open source PKI solutions having grown substantially in recent years, we’re confident that Remme Ecosystem can become a resilient and practical alternative to the existing framework, principally by simplifying the user experience.
Auth: human digital IDs
In the Remme ecosystem, Auth is built to address the challenges with human identity and access management for modern organizations of all sizes. A rich variety of Auth features, such as multifactor passwordless authentication, omnichannel single sign-on and self-sovereign identity, will help companies to build a consistent user experience, protect against data breaches, and seamlessly integrate into the digital lifestyle of their users.
The need for innovative IAM products is growing rapidly, as enterprises face an increasingly complex and puzzling digital identity landscape. One of our recent pilot projects with an auto manufacturer from the Fortune 500 aimed to create a ‘Google-suite’-like experience for its vehicle owners and let them seamlessly log on with a single, password-free, decentralized identity across several web portals and mobile applications. They wanted an experience that their customers could use to not just log on to their services, but those offered by third parties as well. They wanted to be future-ready and have users be able to use this “digital key” to enable car sharing, electric vehicle charging, parking and in-car services as well.
The Remme Auth product is a great example of an app that offers a high level of decentralization, is fully independent of Remme itself, and that does not collect any personal data of its users. Remme as a company does not possess any service that can be breached or that can cause the app to stop working. All these qualities became a reality with the Remme Protocol software and REMChain economy serving as the foundational layer for Auth.
Keyhub: manage machine digital IDs
Keyhub is an integral part of the Remme ecosystem, having been designed for the purpose of managing machine identities. Built on design-oriented principles, Keyhub simplifies SSL/TLS certificate routine operations of SecOps and NetOps teams, has 3x faster adoption time, and streamlines an organization's digital transformation.
At this stage, Keyhub provides a single view for all SSL/TLS certificates used in the network. More than 100 companies from Fortune 5000 already use Keyhub real-time automatic SSL certificate discovery, certificate inventory tool, certificate monitoring dashboard with expiration date tracking and alerting, inbuilt tools like CSR and certificate generators and decoders, and much more.
Within the next couple of years, Keyhub will evolve to cover the integrations with MDM and ITSM solutions, Certificate Authorities and finally to tackle decentralized machine identity. In terms of features, the current feature set you can see in production is just the beginning of the Keyhub journey. Very soon we will expand the value proposition to cover more sources for certificate discovery, SSH key management, verification of certificate policy compliance and CSR creation, set of UI-based tools for PKI related operations (decoders, converters, generators), ACME support, and API integrations with CA issuance systems.
Having begun its journey with the goal of improving the traditional PKI world, Keyhub is now going far beyond. Similar to our Auth product, Keyhub will eventually allow its users to leverage the next-gen PKI approach. With Keyhub converging with the Remme Protocol software and REMChain economy, enterprises will be able to reissue their existing SSL/TLS certificates on blockchain and as a result, eliminate a central point of failure such as the Certificate Authority. Moreover, with Keyhub and Auth working together, users will feel the beauty of a unified experience delivered by the synergy of these products.
Conclusion
Each Remme product plays its part in fulfilling our vision of building the future of digital identity.
If you’ve kept your finger on the pulse of late, you’ll know that things have been eventful in the world of Remme. On August 12, version one of the REMChain testnet built on EOSIO went live, with community members encouraged to get to grips with it and provide feedback ahead of the mainnet. (Needless to say, there will be refinements made to the testnet as feedback accrues.) Our certificate lifecycle management solution Keyhub also released a swathe of new features, with the ability to manage machine digital IDs, and to top things off, Remme linked up with customer identity management company Ubisecure, enabling both firms to collaborate on identity solutions using the blockchain.
So, get involved! If your company is looking for a next-gen IAM solution, contact our technical sales team to see how Remme products can be adapted to suit your specific use case.
If you’re interested in developing custom PKI-enabled apps on top of our Protocol, join our community.
.png)
