30 Jul 2015 - Zero Knowledge Authentication
Posted in General by Rob Leslie - Share
Posted in General by Rob Leslie - Share
The Zero Knowledge Proof (ZKP) authentication protocol is used in cryptography to allow a party to prove that he/she knows something (e.g. a credential), without having to transmit this credential. There are two parties involved in ZKP; the prover A and the verifier B, where ZKP enables a “prover” to show that they have the credential (ie, credit card number or password), without having to give the “verifier” the credential details. With ZKP there is no transmission or storage of password /credential details on the authentication server. ZKP delivers the following benefits:
The transformation of user engagement with digital services in recent years has created significant vulnerabilities in the security and management of users’ private information. Traditional ways of authenticating a user have highlighted many flaws where a user’s private information can be stolen and exploited creating significant implications of serious financial / reputational consequences to the users and holder of this data. Much of recent data compromises have been from vulnerabilities in integrated third party systems where the password or validated process was stored or transmitted, thus highlighting the need for new authentication methods in changing digital environments. Such factors include:
The Sedicii Zero-Knowledge Authentication (ZKA) is based on the proven ZKP protocol to enable secure login without the transmission and storage of private user data. The Sedicii Authentication process is protected by US patent 8,411,854. Within the Sedicii ZKP Authentication process, the following applies:
Sedicii ZKA has benefits over other authentication systems due to the fact that there is no additional hardware required and works in a normal web client-server application. The Sedicii technology uses standard features in HTML 5, which eliminates the need for a browser plug-in. When a user logs in to a Sedicii enabled Identity Verification Server or Authentication Server, a series of mathematical challenges are sent to the user’s browser from the server that requires responses. The information is authenticated only when all of the challenges are responded to correctly by the user’s browser. A different set of challenges are presented for each new verification attempt. The same methodology can be applied to multiple types of private information such as credit card payment authorisations so that actual card details need never be transmitted over the web.
Sedicii’s new and innovative method of authenticating users without storing, sharing or exposing the users private information has won recognition with international awards from government, banking and data security organisations, including British Telecom, EY, The European Union’s Horizon 2020 program, BBVA, Swift and others.
Tags: authentication, biometrics, security, Sedicii, two factor, zero knowledge proof