Auth is a secure identity and access management (IAM) solution developed by Remme. It enables businesses and their customers to authenticate to websites and apps without the need for a password. How does Auth achieve this? Read on to find out what occurs underneath the hood, so to speak, every time you authenticate to a platform using Auth.
How public key authentication works
Public key authentication provides a cryptographically provable mechanism for IAM. A password can be guessed or given out to anyone, but with public key authentication, you need to have the corresponding private key in your control – without it, all attempts to authenticate will be rejected. The concept of using key pairs to sign messages and establish digital identity on the web – without the need to reveal your human identity – isn’t new. In fact it can be traced back to the development of asymmetric cryptography algorithms that involve using key pairs, one public and the other private.
The public key is typically stored on a server and can be viewed (or “read”) by anyone. Only one person controls the corresponding private key, however, and they use this to prove their digital identity. This capability underpins everything from IAM solutions to sending and receiving funds on the Bitcoin network, and it’s at the heart of Auth’s design. But with Auth, we’ve taken this cryptographic capability and made significant improvements to ensure it meets the demands of a modern IAM solution.
How Auth overcomes PKI pitfalls
Public key infrastructure (PKI) describes the process by which public keys are managed to protect business infrastructure. While key pairs are cryptographically strong and virtually impossible to brute force provided a strong algorithm is used, that doesn’t mean they can’t be compromised. Stories of certificate authority root certificates and website certificates being accessed by hackers abound, and they invariably involve the certificate authority being infiltrated in some way. Reliance on a trusted third party entails a point of weakness that is a target for hackers.
To solve this problem, Auth uses a blockchain-based design that eliminates traditional PKI attack vectors – i.e. centralized databases. Information can be timestamped, hashed, and stored on-chain, providing a clear record of who has done what and when. The code cannot be altered by unauthorized third parties as a hacker would need to change every record on the blockchain, which is stored on multiple servers controlled by separate entities.
In short, a blockchain overcomes many of the security issues that are inherent to PKI, providing the benefits of public key cryptography without the drawbacks that threaten its value proposition.
Remme Protocol is an open source next-gen PKI protocol we’ve developed that uses blockchain technology to replace conventional Public Key Infrastructure solutions with a decentralized Network of Trust. It serves as the foundational layer for decentralized identities and key management on which Auth is built.
Public key authentication using Auth
Auth provides key-based authentication that’s based on the public key cryptography model we’ve outlined in this article. Here’s how it works:
- The private key, known only to the owner, is generated on the user’s device and stored on a Trusted Platform Module (secure enclave in the case of iOS). The user’s private key grants the authentication.
- The paired public key, which can be openly distributed, is stored on REMChain, our public blockchain.
When you install the Auth mobile app and set up your digital identity, here’s what occurs:
- Upon installing the Auth app a private key is generated on the user’s device.
- A paired public key is simultaneously generated and stored on REMChain.
- When you login with the Auth mobile app, Auth Service receives a request with login parameters from the service provider.
- To confirm the login, the private key stored on the user’s device signs login data and sends it back to Auth Service.
- Auth Service checks that the public key isn’t revoked and verifies the data with paired private key. If it matches, login to the service is performed.
Why Auth is an IAM game-changer
Remme Protocol provides a transparent system for key management that utilizes the trusted storage and transaction processing capabilities that are inherent to blockchains. Auth uses this framework to provide hardware-based security in which private keys are isolated from the operating system.
Compatible with third party IAM systems like Auth0 and Ubisecure and easy to integrate, Auth uses industry standard protocols like OAuth and OpenID Connect. It delivers omnichannel single sign-on and self-sovereign identity for logging into websites and apps.
Auth abstracts away the complexity of key management and blockchain protocols, presenting the user with an intuitive app that’s easy to use, quicker, and more secure than entering passwords. Crucially, Auth is also free of the vulnerabilities that are associated with key storage on central servers.
Join the waitlist
We believe that Auth is the future of digital identity, but don’t take our word for it: try it for yourself and see whether you think it beats current IAM solutions. To be the first to use the beta app, we invite you to submit your details below to join the Auth beta waitlist. The release will be going live very soon and we’d love you to give it a go.
After experiencing Auth in action, we’re confident you’ll never go back. It’s a game-changer for digital identity and access management.