Privakey leverages asymmetric cryptography, device-based biometrics, and notifications to provide users contextual authentication, authorization, digital signatures and user consent.
How Privakey Works
Privakey leverages asymmetric cryptography, device-based biometrics, and notifications to provide users contextual authentication, authorization, digital signatures and user consent.
Privakey Experience
The convenience of sending Privakey challenge requests to your users iOS and Android phones is backed by strong security measures, most of which, that your customers won’t even realize are happening.
1
Secure Notification
Any service that can connect to Privakey’s API can deliver users secure, push challenge notifications. Privakey only sends notifications to users’ devices that are cryptographically bound to their account.
2
Context Rich Message
Upon receiving a challenge, users will be presented with a context rich message that clearly communicates a required response. Content can include HTML, documents and forms. In this example, it’s a simple yes/no question for identity verification.
3
Biometric Identity Verification
Privakey streamlines high risk and high value interactions. All it requires from a user is the assertion of their intent and a biometric on their device. Privakey’s mobile libraries then access bound private keys and sign the users’ response, ensuring the integrity and non-repudiation.
4
Challenge Response Sent
The user’s response is encrypted, digitally signed and returned to the initiating service. The entire process only takes a few seconds, so the customer can enjoy their day and you’ll have a strong, non-repudiated confirmation of your user’s intent.
Four Simple Components
Device
Privakey’s underlying technology works by turning users’ mobile phones into a powerful tool for authentication and authorization. This is done by binding user accounts to their phones and tokenizing those devices with asymmetric cryptography.
Biometrics
Biometrics like fingerprint and face ID are used as a second factor to verify who exactly is responding to the challenge. Using biometrics to approve challenges enhances the customer experience of interactions that typically would involve passwords, KBA, OTPs, or signatures.
Challenge
With the backing of MFA, services can send unique, interactive messages to their users without worrying about security. Most of the security features are going on in the background so the user experience isn’t inhibited by cumbersome security actions.
Digital Signature
The challenge and response is encrypted, digitally signed, and returned to the service. This provides a very high degree of assurance that the action was not tampered with and eliminates most man-in-the-middle and phishing threats.
Enrolling in Privakey is Easy
Once a service has enabled Privakey, the user experience in getting started takes less than a minute.