Trusted Key’s Digital Identity Platform provides a secure, reusable, and privacy-preserving way for users to bring online their definitive identity documents (driver’s license, passport etc.) and turn them into Trusted Key cryptographic credentials and tokens they control. Users can then use their Trusted Key credentials and tokens to securely establish their real-world identity to any online service or app. Trusted Key credentials also enable additional high-value capabilities such as secure password-less login, cryptographic document signing, identity-fraud prevention and more. Trusted Key’s Digital Identity Platform is built using the Trusted Execution Environments found in modern mobile phones, strong cryptography and blockchain technologies.
Mobile devices are the primary way to deliver products and services to today’s consumers. The need to offer financial, peer-to-peer, and other services to mobile-first consumers creates a range of security and regulatory compliance issues for service providers. The Trusted Key Platform offers the capability to securely address these issues while increasing convenience and security for consumers at the same time.
Modern mobile devices have three key features that Trusted Key leverages to provide secure and reliable authentication and identity services to a broad range of enterprises and developers. The first is the biometric identification features (e.g. Touch ID ®). Allowing users to definitively authenticate themselves to their devices empowers service providers and developers to achieve a new level of security and/or identity verification at the start of each interaction. The second is the Trusted Execution Environments (Secure Enclave and ARM TrustZone ®) that enables hardware-based creation and storage of Trusted Key cryptographic Credentials. The third is the high resolution camera that is used during enrollment to “identity proof” the user’s physical identity document.
Trusted Key uses strong cryptography to securely identify and authenticate the user into any app or service. By cryptographically identifying a user, Trusted Key eliminates the significant risks associated with password-based authentication schemes, including the use of weak passwords that can be guessed by hackers and the cheap availability of millions of stolen login credentials on the dark web. The Trusted Key App (and associated SDK) creates a new class of multi-factor authentication combining multiple identity attributes into a frictionless enrollment and identity verification solution that can be used by any app or web service worldwide.
One of the great challenges for any identity and authentication system is how to minimize the need for the parties involved (the user as well as the service providers) to trust a third party with sensitive information or the control of credentials.
Trusted Key addresses this crucial issue by using a blockchain as an independent, immutable and definitive store of information. The Trusted Key platform uses a blockchain to record the creation of, and any subsequent changes to, user credentials and associated Trusted Key Identity Tokens (TKIT). This approach allows service providers to validate user credentials and tokens without needing to trust any third party, while leaving the user in complete control of their PII which is securely stored on their device and can only be shared by the user.
In addition, the Trusted Key platform also uses the blockchain to enable the user to manage their own credentials. Users can revoke their credentials on a particular device or transfer them from one device to another without having to trust a third party. This not only addresses common scenarios such lost, stolen or new devices, it also prevents attacks where fraudsters might use the user’s stolen PII to impersonate them and steal their identity and credentials.