Your internet security is, essentially, backwards. And hackers know it. Existing channels (e.g. SSL/TLS) are built to connect and then authenticate. This is like letting a stranger into your house and then asking for ID. Because of the “connect first” strategy, your connectivity is only truly protected by a patchwork combination of traditional identity and authentication solutions. Think about all the effort required to integrate solutions such as voice, retina, fingerprints, SMS and OTPs, hard tokens, and challenge questions. Each approach is independent of the channel it’s using. Each can and have been hacked.
To make matters worse, as these patchwork credentials move through your network, multiple tools and layers and paths are used, each of which is distinct and relatively uncoordinated with the others. Authentication of the user, the security of the channel, and access to application processes are all separate actions. Each handoff creates a gap for hackers and a vulnerability for your network.
REL-ID flips today’s channel model on its head. We are able to authenticate before connecting by using a relationship-based identity. Each side only has half of the information to authenticate, and each relationship is unique. In real life, you would only open your door for people you can recognize and have an existing relationship with. In the same way, REL-ID won’t let strangers into your network without first verifying an established trusted relationship. For your business, that means no request will touch your network without first establishing that it comes from an approved user, with an approved app, on an approved device. Hacks from connectivity paths are eliminated. REL-ID marries the best continuous authentication solutions with Software Defined Perimeter technology to deliver the most secure method of connecting your customers to you, all at IoT scale. By expanding the elements REL-ID’s innovative protocol, Uniken is building a family of products that will bring this new, more secure connectivity model from the clientside mobile app environment all the way to the server-to-server connections that drive the heart of your business. Our family of products is designed to provide secure, authenticated, and encrypted “trusted zones” of application connectivity. These zones surgically narrow the paths to only the applications the user or process should have access to, creating true app-to-app security. REL-ID just makes sense.
REL-ID is a safe, simple, and scalable security platform that, for the first-time, tightly integrates your identity, authentication, and channel security. By combining strong, “relationship” identities with our patented protocol, secure, continuously authenticated application channels can be established with blazing speed and at IoT scale. This powerful omni-channel technology enables a phenomenal user-experience with every authorization and login while dramatically reducing your attack surface.
REL-ID (short for “RELationship-IDentity”) starts with elements of the existing model of absolute identities and super-charges them. REL-ID first establishes a unique device identity, overlays an application identity, and then binds any set of absolute user-credentials (username, voice, retina, fingerprint, etc.). It also takes the device, application, and access identities at the server side of the connection and binds all of those difficult-to-spoof, mutual factors into a unique combination. This shared/mutual/relationship identity, containing elements from both the user and the enterprise, is then split. Each side of the connection is responsible for part of the identity, but neither ever has full knowledge. Like writing down a note and then tearing it in half, it is impossible to recreate that tear and to guess perfectly all the contents of the half you don’t posess.
The mathematics of the “relationship identity” (torn-note) is a true 1:1 relationship. Because of the 1:1 nature of the relationship, the two halves from the basis of our very strong key-exchange and subsequent continuously authenticated encrypted channel. By moving the key-exchange into the application layer at both ends, we keep decryption as close to the responsible parties as possible. Rather than connecting devices-to-networks, REL-ID connects apps-to-apps! You can post all of your usernames and passwords to Facebook, LinkedIn, Twitter and still be safe with REL-ID. We make the compromise of user credentials irrelevant and eliminate unauthorized entry.