Home Overview SMIE Future Potential FAQ Test Contact
The end of user names and passwords...

Touch one button on your mobile device and you are securely signed on to your web based or mobile application.

Video, Process and Technical OverviewClick Here

PowerPoint, Secure Mobile Identity EcosystemClick Here
A system is secure if the plans for the system are public, and the bad actors can still not break in.

Announcing the first open-source platform for secure mobile identity.
  • Consumer Friendly ~ Users touch one button on their mobile device to authenticate to both web based and mobile applications.
  • Cryptographically Secure ~ Even if a user's mobile device is lost or stolen his/her credentials are secure (no password based encryption processes).
  • Protects Privacy ~ Under the Trust Nexus it is possible for users to create pseudo-identities and conduct financial transactions in complete anonymity.  Users are always in complete control.
  • Simple ~ The source code is crystal clear and easy to implement (Android and J2EE; other platforms coming soon).
  • Effective ~ We completely do away with user names and passwords (and all of their weaknesses; most significantly, identity theft, hacking, phishing, fraudulent financial transactions, and other types of online fraud are eliminated).
  • Low Cost ~ Our technology and infrastructure services will be FREE for every publicly facing website for general user authentication.  There will be nominal licensing fees for corporations and government agencies for internal authentication.
  • Not Theoretical ~ We have a functioning prototype and everything works.
While there are many new applications for mobile identity, most are simply designed to use a mobile device as a second factor in a user name and password system.  Our mobile application is a digital credential management system that completely does away with user names and passwords and enables the creation of a Secure Mobile Identity Ecosystem.

The current archetype for authentication can be summarized by the following two questions:  Can we create a collection of data that uniquely identifies an individual?  Can we enable the individual to associate to that data in a secure and consumer friendly process that allows his/her identity to be verified?

This archetype is fundamentally flawed because the management of the identity data is problematic and there currently is no process for associating to the data that is both secure and consumer friendly.  How many times each year is there a major breach of identity data?  How many new authentication architectures have failed due to lack of consumer acceptance (OpenID and OAuth being the latest)?

If the problem of secure authentication is going to be solved there must be a new archetype:  Data about the individual's identity does not matter for authentication (very counter-intuitive).  What matters is an institutional validation of the individual represented by a digital credential that can be repeatedly verified in a secure and consumer friendly way.

This new archetype presents different questions:  Has the digital credential been issued in a valid institutional process?  Is the user to whom the credential was issued the only person who can present the credential?  Can the institutional validation be verified when the user presents the credential?  Is the process consumer friendly? 

Secure authentication is not about managing vast amounts of identity data; it is about managing digital credentials that represent valid institutional processes.

No organization concerned with consumers is going to institute a complicated process.  No organization concerned with security is going to trust its authentication to a delegated process that depends on a user's Facebook account; however, a high level security organization like a financial institution will be willing to trust credentials issued by another financial institution if the institutional processes can be trusted and verified.

The ability to create and secure a private key on a user's mobile device makes this new archetype possible.

The essence of our process is incredibly simple:  If a credential is provisioned to a user's mobile device in a valid institutional process, then when the user presents the credential (either in person or over the network) the receiver can be certain that either the credential and the user are valid or the user gave his/her mobile device and six digit HEX pin (1/16,777,216) to someone else.

Video, Process and Technical OverviewClick Here

PowerPoint, Secure Mobile Identity EcosystemClick Here

General OverviewClick Here

Detailed Technical SpecificationsClick Here
© Copyright 2014 ~ Trust Nexus, Inc.
All technologies described here in are "Patent Pending".