The Zero Knowledge Proof (ZKP) authentication protocol is used in cryptography systems to allow a party to prove that he/she knows something (i.e. a credential), without having to transmit this credential. There are two parties involved in ZKP; the prover A and the verifier B. ZKP allows a prover A to show that they have the credential (for example, a credit card number or password), without having to give B the exact details of the credential. With Zero Knowledge Authentication there is no transmission or storage of password / credential hashes on the authentication server and the fundamental benefits of ZKP in the authentication process are as follows: • Zero-knowledge: if the statement is true, the verifier will not know anything other than that the statement is true. Information about the details of the statement will not be revealed. • Completeness: if the statement is true, the honest verifier (that is, one following the protocol properly) will be able to prove that the statement is true every time. • Soundness: if the statement is false, it is almost impossible, to an astronomically small chance, that someone could fake the result to the verifier that the statement is true.
The theft of passwords, credit card details and other personal information is a massive financial and emotional drain on society generally. It is our view that much of this data could be removed from the system once the Sedicii technology is deployed. This means there is no longer any data of any value available to hackers to steal, which would eliminate billions of euros of fraud every year. We are not convinced that the direction the market appears to be taking, biometrics, is necessarily the correct one. One needs to ask the question – Is it wise to put people’s biometric data (fingerprints, voiceprints, retina patterns etc.) into the digital domain without putting in place first the necessary security measures to ensure this data does not get stolen? We need to bear in mind that you cannot reset a fingerprint. This is one of the strongest aspects of a password in that when something goes wrong, it can be reset. With Sedicii’s technology this data could be properly protected, keeping it private and not put at risk.
The password is dead! Long live the password. Today we prove that we are who we say we are with a combination of what are known as factors of identity. These factors are “Something I know” like a PIN or a password; “Something I have” like a mobile phone or a credit card; or “Something I am” like a fingerprint or facial scan. By combining different factors we are able to prove a person’s identity according different levels of assurance. With the rush to replace the password with other, stronger forms of identification, we risk creating a whole new category of problem. For all the faults of the password, it has one massive benefit. It can be reset. With a biometric, it cannot be changed. You only have 10 fingers, 2 eyes, 1 voice, 1 face and if any of these get stolen you are in trouble because someone can now prove they are you. Sedicii’s zero knowledge process can secure your biometric data so that you never have to share or expose it ever. This makes it much safer to interact and less likely that you will fall victim to a biometric identity theft.
When a user logs in to a Sedicii enabled Authentication Service, using the ZKP protocol the authenticating server provides a series of challenges to the user’s browser, which are responded to with answers generated from a corresponding isomorphic graph that is created using the user’s private information. The user is only authenticated when all of the challenges are answered correctly and each time a login is attempted a different set of challenges are used. Once the user’s identity is authenticated, a user session is established and the user is allowed to login to the website. The same methodology can also be applied to credit card payment authorisations so that actual card details are never exposed over WIFI, or stored on a server, preventing theft and fraud.
Sedicii has looked at all our daily life interactions and created one consistent, standardised authentication solution that works the same way every time including web, phone and face to face. Furthermore, many scenarios require that an organisation also identify itself to their customer securely. When a customer visits your website or they need to talk to you on the telephone, or they need to make a secure payment Sedicii can take care of it securely without any fuss. The Sedicii service has been designed with people in mind to make things easy to do without sacrificing security for either the user or the business.
Consumers want control of their identity. They want the ability to easily see where their identity resides and then to manage and curate it. If they no longer want it stored with a particular organisation they can request deletion. If the data is old they can request it be refreshed or just left as it is. With a tick in a box they can provide a consent to allow one organisation share their information with another organisation and maybe receive a reward for doing so. The reward might be in the form of a discount, loyalty points, air miles or even a cash payment. Sedicii envisions a world where every person is at the centre of their digital universe and is empowered to make decisions that they chose to make. Sedicii is putting the consumer back in control of their identity.