Home Overview Future Potential FAQ Protocols Test Contact License
Under the Trust Nexus the concept of identity is fundamentally changed.  Who are you? You are the entity that has been issued a cryptographically valid digital credential.
The Trust Nexus is a technology startup located in Austin, TX.  We have created a breakthrough technology for secure authentication through mobile devices.  Our technology will eliminate all the cybersecurity problems associated with user names and passwords (identity theft, hacking, phishing, fraudulent financial transactions, and other types of online fraud).
Our technology is simple, effective, low cost, easy to implement and cryptographically secure.  Most significantly, our process is consumer friendly:  Touch one button on your mobile device and you are securely authenticated to your web based or mobile application.
In the late Seventies and early Eighties computer names were maintained by using handcrafted HOSTS.TXT files. As networks became more interconnected this process became unmanageable.  Everyone knew that something needed to be done.  When the Domain Name System (DNS) was created everyone saw it as the obvious solution.
Similarly, when the solution to cybersecurity authentication emerges, everyone will say, "Of course, this is how it had to be."
The basic question is, how can trust be established in the digital age?  If you and I have never met and I come to your website or place of business, how can you be confident that my digital credential is valid?  The Trust Nexus answers this basic question regarding the establishment of trust.
Within five to ten years all authentication will be done through digital credentials on mobile devices.  Imagine going to your local bank or corporate security desk and having a digital credential provisioned to your smart phone.  Once this or any other credential is provisioned in a valid institutional process, from then on, whenever you sign onto the institution's website (or mobile application) you simply scroll to the credential's icon on your smart phone and engage the "One Touch Sign On"™ process.
The essence of our process is incredibly simple:  Through cryptographically valid digital credentials, we completely do away with user names and passwords (and all of their weaknesses).  If a credential is provisioned to a user's mobile device in a valid institutional process, then when the user presents the credential (either in person or over the network) the receiver can be certain that either the credential and the user are valid or the user gave his/her mobile device and six digit HEX pin (1/16,777,216) to someone else.
Because the receiver can cryptographically verify that you are the person to whom the credential was issued, under the Trust Nexus it truly does not matter who you are; what matters are institutional validations and the ability to verify those validations.
Under the Trust Nexus the concept of identity is fundamentally changed.  Who are you?  You are the entity that has been issued a cryptographically valid digital credential.
Most authentication schemes depend on securing and verifying personal data; we focus on the ability to use credential data in a valid institutional process.  The concept of verifying institutional validations rather than verifying personal data requires a shift in perspective.  Once that mental shift occurs everyone is amazed at how simple our system is.
In the most basic use case, the credential provider of a web application simply wants to secure the account to the user who created the account.  Identity does not need to be established; valid authentication (from the user who created the account) simply needs to be secure and repeatable.  Under the Trust Nexus this criteria is securely met in a process that provisions a user's credential over the Internet.  In this process a user can secure access to an account without revealing anything about his/her identity.  Pseudo identities are a viable option.
The process for "Creating a Digital Credential" can also be applied in a secure setting where identity is verified (e.g., the issuance of corporate identity credentials at a security station or the issuance of financial credentials at a bank).  This secure "identity proofing" represents a high level institutional validation.  Under the Trust Nexus the user's identity is verified in a valid institutional process determined by the institution issuing the credential.
An existing Internet application provider could easily make a smooth transition to digital credentials under the Trust Nexus.  The upgrade process is as simple as providing current users an authentication code that they enter into their TNX One Touch mobile app.
An organization can maintain complete control of its authentication process under the Trust Nexus.  The source code is available for download.
Our infrastructure technology can exist as an insulated microcosm within corporations or government agencies when there is no need for third party validation of credentials (e.g., a corporation or government agency simply wants to authenticate its own users).  When third parties must rely on credentials (e.g., drivers licenses, passports, financial credentials, insurance credentials, etc.) there will be a public identity infrastructure that will be managed in cooperation with governments worldwide.
While many of our cryptographic processes are similar to the processes used in Public Key Infrastructure (PKI), we avoid the bureaucratic inconveniences and lax security inherent in PKI. [ref] [ref]  Under PKI, when a digital certificate is issued the user (or a malicious administrator or someone who can access the user's system) can simply "share" the cert with anyone.  Under the Trust Nexus it is far less likely that a user will share his/her mobile device and six digit HEX pin. 
Also, under the Trust Nexus a catastrophic security breach of the PKI, similar to the Comodo Security Breach, would have no ill effects for users.  Contrary to the proponents of PKI, a Comodo-like security breach is always a possibility, especially if you travel to a hostile foreign country or if you are a citizen under an oppressive regime.
The most significant advantage the Trust Nexus has over traditional PKI is that the public/private key pairs are generated in an asynchronous background process when the TNX One Touch mobile app is initialized and the user's private key is NEVER exposed.
Removing the need for a Trust Authority to verify billions of individual identities and manage billions of public/private keys makes a world wide system practical.
Unlike PKI, in authenticating third party credentials we are only attempting to answer a very narrow question:  Has the credential been issued in a valid institutional process by the holder of the credential provider's public key? Unlike Certificate Authorities we are not attempting to validate the legitimacy of the credential provider or establish a "chain of authority" from one trusted entity to another. If a totally bad actor attempted to create a fraudulent financial institution and then issued credentials to users who then went out to present the credentials to third parties, our completely valid assumption is that there would be other factors in the process that would render the credentials invalid.
One of the most important aspects of our technology is that we secure identity while protecting privacy.  Our technology provides a 100% privacy protection.  We do not store personal data, we simply store associations between public keys and digital credentials.  We change the mind set of authenticating using personal data; instead, we verify institutional validations.
If you are a member of the Secret Moose Lodge of Ottumwa, Iowa, your digital credential can be validated under the Trust Nexus without any detailed information about you or your organization being revealed.  We simply verify the institutional validation that was created when your credential was issued.
Under the Trust Nexus it is possible for users to create pseudo-identities and conduct financial transactions in complete anonymity.  Users are always in complete control.  They can create accounts with their "legal identity" or choose from one or more pseudo-identities that they have created for various purposes.
Under the Trust Nexus the user's credentials cannot be accessed if his/her mobile device is lost or stolen.  We have solved this problem without needing access to the secure element of the mobile device.  We do not use password based encryption so a brute force attack would not be successful.  There are no dependencies on "phone lock" OS processes; the dependencies are on independent cryptographic processes.
Additionally, under the Trust Nexus once a financial institution has provisioned a credential to a user's mobile device in a valid institutional process, the user can conduct secure financial transactions without revealing any information about the details of the financial credential or the user.  Through secure cryptographic processes the user's mobile device will receive the transaction details from the seller's web application (or retail POS terminal).  The user's financial credential UUID will be added to these transaction details which will be cryptographically signed with the user's private key and returned to the seller's web application.  The seller's web application verifies the data packet, signs the data packet with the seller's private key and sends the data packet, the user's signature block and the seller's signature block to the payment processor.  The payment processor verifies both signature blocks (with public keys on file) then sends the information to the financial institutions to processes the debits/credits.
When a financial institution receives a request for payment containing the data packet (which includes the user's financial credential UUID) and the user's signature block, the financial institution can easily verify the the legitimacy of the request because the financial institution created the original financial credential UUID (and the association with the user's UUID and public key) when the credential was provisioned to the user's mobile device in a valid institutional process.
When everything is done and the seller receives payment, the seller only knows that there is an association between the user's financial credential UUID and the user's public key.  All other information could remain private at the user's discretion.  The fact that the user's private key is secured on his/her mobile device and that the financial credential was provisioned in a valid institutional process, means that the seller, payment processor and financial institution can be certain that the financial credential and the user are valid or the user gave his/her mobile device and six digit HEX pin (1/16,777,216) to someone else.
Maintaining the associations ("users/credentials/public keys"; "sellers/financial accounts/public keys") will be the essential functionality of a worldwide identity infrastructure for financial transactions and other three party credentials (driver's licenses, passports, insurance credentials, etc.).  Paradoxically, this worldwide identity infrastructure will contain no personal data.  Our technology enables a decentralized architecture with many interdependent repositories.
Our technology goes beyond secure mobile identity.  It may be difficult to believe, but as a small startup in Austin we have solved the single sign on problem [ref]. Our technology also enables a greatly simplified identity federation process [ref].
The major limitation of this system is that there is a loss of functionality if your smart phone loses connection. However, even if there is a loss of mobile service, most home environments, most corporate environments and most retail areas have or soon will have a WiFi service that will make the credential management app operational. If both mobile service and WiFi service are down, it probably means there is a complete power failure and any services you wish to access are also down.
This is not theoretical; we have a functioning prototype and everything works.
The Trust Nexus system is simple, effective, low cost, easy to implement and cryptographically secure.
Our ultimate goal is the creation of a worldwide identity infrastructure that will be managed in cooperation with governments in a fashion similar to the management of the electric power grid.
We are creating an infrastructure that will support the rapid growth of mobile-Identity and mobile-Commerce.  In order to establish our infrastructure and generate good will, much of our technology will be licensed for a nominal fee or given away for free.  Our technology and infrastructure services will be FREE for every publicly facing website for general user authentication.  There will be licensing fees for corporations and government agencies for internal authentication (e.g., free for banking customers; a small annual fee for banking employees).
The Trust Nexus will not attempt to compete against the dozens of existing players in the identity management space.  We intend to license our authentication technology to all players for a nominal fee; this will insure a rapid and widespread implementation.
How does "One Touch Authentication" work?
The Protocols section provides details.  The flow chart below provides an overview.
There are three or four questions that every "techno-geek" asks after reviewing this flowchart; the Protocols section provides answers to these questions.
© Copyright 2017 ~ Trust Nexus, Inc.
All technologies described here in are "Patent Pending".