Passwords are inherently inconvenient and insecure. Users typically use weak passwords or re-use the same passwords across different sites. The centralized list of passwords at these sites are high-value hacking targets and even the largest sites on the internet have proven to be vulnerable, leaking millions of passwords. While 2-Factor-Authentication (2FA) improves security, it is still not widely used and SMS-based 2FA is vulnerable to attacks such as SIM-card cloning. What is needed is a new authentication solution that is easy to use, much more secure and that works across both mobile apps and web sites.
Trusted Key’s multi-factor authentication meets all these requirements and also eliminates the need for a centralized repository of passwords.
Know Your Customer
A growing number of scenarios, from banking and healthcare to shared-economy transportation and accommodation services, require the user to verify their real-world identity online. These KYC systems must at the same time be secure enough to prevent fraudsters from impersonating others, while having low enough friction to minimize customer drop-offs. This is an even more difficult challenge in a world in which most service providers will primarily interact with their customers online, through a mobile device, and never meet them face-to-face. Current knowledge-based authentication systems, which depend on the user correctly answering a set of personal questions, are cumbersome for the user while being unreliable for institutions as it is easy for hackers to obtain answers to those questions on the dark web.
Trusted Key provides a frictionless, secure, reusable, and privacy-preserving way for users to bring online their real-world government issued identity documents (such as driver’s license or passport), and use them to easily and securely verify their identity to any app or service provider.
As chip based credit and debit cards have rolled out across the retail landscape, point-of-sale fraud has gone down significantly. However, the overall rate of credit card fraud is actually increasing, much of it driven by fraudulent Card Not Present (CNP) transactions. According to Javelin Strategy & Reseach, CNP fraud increased 15% last year. This is driven by the fact that CNP transactions only require the knowledge of credit-card numbers and associated user information, all of which can be acquired in bulk on the dark web. Trusted Key allows financial institutions to provision users with cryptographic credentials that they can use to reliably authenticate themselves and verify that CNP transactions are indeed initiated by the card-holder.
 Wall Street Journal – February 1, 2017
Current digital signing solutions rely upon the delivery of a link (typically via email) to a signatory which provides them the ability to view and sign the document. The only item required to electronically sign the document is access to that link. This means that these systems are vulnerable to hacking and spoofing of the intended recipient. When a digitally signed document is returned to the requestor, it is very difficult to prove who actually “signed” the document. For this reason, “wet signatures” are still required in important scenarios such as when executing a mortgage or real-estate transaction.
Trusted Key improves the effectiveness of digital signature solutions by providing users with a strong cryptographic identity based on their verified government-issued identity documents. This cryptographic identity can then be used to digitally sign documents and embed that identity into the document itself. This improves the security and effectiveness of digital signature solutions, and makes it applicable to more scenarios than previously possible.
Secure SSH Key Management
Trusted Key Secure SSH Management is a set of open source tools for managing an SSH Key together with the Trusted Key Digital Identity Wallet App. The SSH Key can be used with any existing OpenSSH environment including management of Linux-based servers, or managing Git environments with services such as Github or Bitbucket. The Trusted Key SSH Agent is a piece of software that is installed on your local machine with support for a wide range of environments and OSs. When the user attempts to use their SSH key to access a server or do a Git service, the agent will make a request to the Trusted Key App on their mobile device. The user will log into the Trusted Key App using a 6-digit passcode or biometrics, review the request, and approve. Upon approval the Trusted Key Agent on the local machine will grant the SSH user request.