xorkeeauth

is a new generation authentication server that rides on the highly innovative xorkee service. Employing time-tested cryptographic techniques alongside the most recent advances in mobile technology and user interfaces, xorkeeauth is the best solution for secure authentication available anywhere in the world today. It is also the need of the hour when most existing techniques have failed or on their way to failure owing to the strides AI has made. It is safe to say that most current authentication devices would need to be replaced within the next half decade.

One Time Passwords(OTP) of every kind have proven vulnerable to attackers through various side channels. Biometrics have never been a strong authentication factor except in immediate proximity of the verifiers – certainly not on the internet. Internet and the attackers have shown that if an authentication factor could be stolen, it will be eventually stolen regardless of other protections. xorkeeauth relies on keys that are generated in a secure hardware which could never be taken out even by the user making them theft proof.

xorkeeauth uses public keys to authenticate the end users and obtain their approval for transactions. xorkeeauth breaks the myth that public keys are difficult to implement for the service providers and cumbersome to create, maintain and use for the end users. It facilitates the service providers to accept Certifying Authority issued digital certificates as well as raw public keys with equal ease and trust. The service providers may also choose to restrict their users to use only digital certificates or only raw public keys, as needed by their application.

It makes for strong digital identities that are immune to compromise even from the most sophisticated attack techniques.

-The Servings

When used as SaaS, applications access the xorkeeauth service using a simple REST API. Leveraging the xorkee framework, xorkeeauth connects to the user and obtains his consent by way of a digital signature using his exclusively held private key. xorkeeauth verifies the signature and returns the result as well as the signature to the calling application. xorkeeauth is hosted from multiple data centres ensuring availability.

The users register with xorkee service and tender their xorkee handle to the application once and the application enrolls the handle into the xorkeeauth service. The key lifecycle management is handled by the xorkee framework for the user and the applications are completely relieved of the burden.

A user can enroll his handle with as many applications as he desires.

xorkeeauth in its in-premises deployment, is built on Odyssey’s time tested Snorkel architecture. Otherwise the xorkee based Snorkel and xorkeeauth behave identically from the point of the application as well as the end users.

Advantages

Ease of use

xorkeeauth's simplified user interface makes user education redundant. With a seamless enrollment process and easy navigation, users can authenticate from anywhere just with the access to the internet, improving their current experience. Users also have a wide array of choices when it comes to authentication devices - iPhones, iPad, Android phones and tablets, cryptographic tokens on Windows, iOS or ubuntu and the list goes on.

Compromise-proof credentials

xorkeeauth uses public keys for authentication. The corresponding private keys are created and held in secure hardware partitions of the mobile phone or specialized crypto tokens making it impossible for the user to compromise himself or for the phisher to trick the user to do so.

Accessibility - need only internet

No more waiting for that elusive OTP to arrive. No more squinting at that delivered OTP to memorize and then to enter in the transaction page. Or seriously undermine your security by letting the service apps read your entire SMS list.

xorkeeauth needs only internet connectivity which is a pre-requisite for your transactions anyway. xorkeeauth makes life simple and uncluttered.

Evidence for transactions

OTP is an ephemeral evidence like leaves in a strong wind - you have to be there to see it. Signatures on the other hand are like the rings on a tree, permanently attesting to its age and the climatic changes it went through.

Multi-service usability

A user accesses 20-30 services on an average in the course of her work day. Her personal and social needs add an equal number. Each of these services requires her to use a particular type or factor of authentication. The result is any number of authentication devices, identity documents and passwords leading to user fatigue and then apathy and eventually security compromises.

xorkeeauth enables the user to use a single factor with every service she encounters simultaneously offering separate secure spaces for each of the services. She finds that life has suddenly become a lot simpler and a lot more secure.

Transactional Privacy and Integrity

Payload encryption and signing ensure that the user data stays protected both from prying eyes and from unintended modifications even in the face of SSL interceptions by organizations and national agencies and even by rogue software all of which are becoming increasingly common.

Reduced cost

xorkeeauth is available both as a SaaS as well as an in-premises server. Our in-premises is a most cost effective solution to acquire and deploy for banks, insurance companies, other financial institutions and the like. The SaaS model further trims the cost making the capital expenditure for the service provider close to zero.

Minimal maintenance overhead

The credential management being commonly handled by xorkee infrastructure, service providers using xorkeeauth need to attend only to the processes relevant to their business. The simplicity of the service and the user interface common across services reduces the support cost for individual services drastically. Device changes are also managed by xorkee - seamless for service providers where crypto token is used it is usually procured by the user himself removing the responsibility from the service provider.

When it comes to maintenance, xorkeeauth is not a white elephant!

Content assurance - he signs what he sees

Authentication solutions do not usually handle authorization well. A OTP carries no intrinsic information about the context in which it was obtained and used. Passwords and biometrics are also not content specific.

On the other hand xorkeeauth lets the user sign the contextual data of the transaction or access event. This serves to establish the authenticity of the transaction and the transactor long after the event.

Respect user dignity

xorkeeauth treats the user as a user and not as a product.

xorkeeauth binds the user identity with his public key and his public key only. It has no need to study the user environment , habits, contacts, activities or geographic location to arrive at the probability that he is the right user. xorkeeauth works on the certainty that if it is his key and his signature, it is him.

This also gives your user the assurance that he will not be productized by commercially exploiting such peripheral data that is collected by many authentication software.

The wonder of public key authentication

xorkeeauth does not need or store any sensitive credentials of users like passwords, OTP seeds, biometrics - nothing a hacker will benefit from and nothing that will be harmful to the service providers or the users if exposed.

With xorkeeauth you can afford to heartily laugh at the would-be hackers.