|Imagine a world where user names and passwords are no longer necessary, and authentication is simple and secure.|
A system is secure if the plans for the system are public,
and the bad actors can still not break in.
The Trust Nexus is the first open-source platform for secure mobile identity:
If the problem of secure authentication is going to be solved there must be a new archetype.
The Trust Nexus presents a new archetype for authentication. Verifying identity is not a major concern in this new archetype (very counter-intuitive). What matters most is an institutional validation of the individual represented by a cryptographically secure digital credential that can be repeatedly verified in a secure and consumer friendly way.
This institutional validation represents a stamp of approval. If the stamp is cryptographically valid, the authentication can be trusted.
This new archetype presents different questions: Has the digital credential been issued in a valid institutional process? Is the user to whom the credential was issued the only person who can utilize the credential? Can the institutional validation be verified when the user presents the credential? Is the process consumer friendly? Is the process cryptographically secure?
Creating a Secure Mobile Identity Ecosystem is not about managing vast amounts of identity data; it is about managing digital credentials that represent valid institutional processes.
No organization concerned with consumers is going to institute a complicated process. No organization concerned with security is going to trust its authentication to a delegated process that depends on a user's Facebook account; however, a high level security organization like a financial institution will be willing to trust credentials issued by another financial institution if the institutional processes can be trusted and cryptographically verified.
The ability to create and secure a 4,096-bit cryptographic key on a user's mobile device makes this new archetype possible. [ref]
The essence of our process is incredibly simple: Through secure mobile identity, we completely do away with user names and passwords (and all of their weaknesses). If a credential is provisioned to a user's mobile device in a valid institutional process, then when the user presents the credential (either in person or over the network) the receiver can be certain that either the credential and the user are valid or the user gave his/her mobile device and six digit HEX pin (1/16,777,216) to someone else.
Under the Trust Nexus it truly does not matter who you are; what matters are institutional validations and the ability to verify those validations.
Most authentication schemes depend on securing private data; we focus on the ability to use credential data in a valid institutional process. The concept of verifying institutional validations rather than securing private data requires a shift in perspective. Once that mental shift occurs everyone is amazed at how simple our system is.
While the Trust Nexus may "defy conventional wisdom", we are confident our core ideas are "non-consensus and right".