Home Overview Future Potential FAQ Protocols Test Contact License
The end of user names and passwords...

Touch one button on your mobile device and you are securely signed on to your web based or mobile application.
Imagine a world where user names and passwords are no longer necessary, and authentication is simple and secure.
A system is secure if the plans for the system are public, and the bad actors can still not break in.

The Trust Nexus is the first open-source platform for secure mobile identity:
  • Consumer Friendly ~ Users touch one button on their mobile device to authenticate to both web based and mobile applications.
  • Cryptographically Secure ~ Even if a user's mobile device is lost or stolen his/her credentials are secure (no password based encryption processes; no dependency on "phone lock" OS processes).
  • Simple ~ The source code is crystal clear and easy to implement (Android and Java EE; other platforms coming soon).
  • Effective ~ We completely do away with user names and passwords and all of their weaknesses.
  • Low Cost ~ Our technology and infrastructure services are FREE for every publicly facing website for general user authentication.  There is a nominal licensing fee for corporations and government agencies for internal authentication (e.g., free for banking customers; a small annual fee for banking employees).
  • Also secures three party credentials (passports, driver's licenses, insurance and financial credentials).
  • Eliminates fraudulent financial transactions.
  • Easy Upgrade Path ~ Any web or mobile application that is currently depending on user names and passwords can make an easy upgrade.
The Trust Nexus offers Identity as a Service (IaaS) or the complete source code so that organizations can run their own system as an independent microcosm.
How is our solution unique?
Under the Trust Nexus the concept of identity is fundamentally changed.  Who are you?  You are the entity that has been issued a cryptographically valid digital credential.
Think digital certificates on a mobile device with the convenience of One Touch Authentication™ and significantly less overhead than traditional PKI.
Think of the convenience of not vetting users when cryptographic keys are issued (the vetting takes place in the credential provisioning processes). The TNX One Touch mobile app generates a 4,096 bit public/private key pair and secures the private key on the mobile device (truly secure; no password based encryption processes; no dependency on "phone lock" OS processes).
Think of your smart phone as a security device for your private key.
Think of Identity and Authentication Management in terms of referencing cryptographically valid digital credentials, not in terms of managing and verifying certificate chains of authority, or even worse, managing and validating vast amounts of personal or biometric data.  Think of the past when the king's seal represented a stamp of approval; your identity did not matter, all that mattered was the validity of the king's seal and that you were the rightful holder of the credential.
How can you trust a digital credential?
Two questions must be answered:
Can you verify that the credential was issued in a valid institutional process (no counterfeit credentials)?
Can you verify that the person to whom the credential was issued is the person presenting the credential (no fraud in the authentication process)?
These questions can be answered with transparent cryptographic processes.
See for yourself.
The prototype of the TNX One Touch mobile app is available at the Google Play Store.
Install the app then click on "Test" in the menu bar above.
When you test the authentication process you will see near real time server logs of the cryptographic processes.
A New Archetype
The essence of our process is incredibly simple:  Through cryptographically valid digital credentials, we completely do away with user names and passwords (and all of their weaknesses).  If a credential is provisioned to a user's mobile device in a valid institutional process (which could be as simple as an upgrade from usernames and passwords), then when the user presents the credential (either in person or over the network) the receiver can be certain that either the credential and the user are valid or the user gave his/her mobile device and six digit HEX pin (1/16,777,216) to someone else.
What is a valid institutional process?
It can be anything the institution defines and controls, from the very simple to the highly secure.  In the most basic use case, the credential provider of a web application simply wants to secure the account to the user who created the account. Identity attributes do not need to be verified; valid authentication (from the user who created the account) simply needs to be secure and repeatable.  Digital credentials can also be issued under the Trust Nexus in a highly secure setting (e.g., a corporate security office or a bank branch office).
Currently, most strong authentication schemes rely on some type of Multi-factor authentication (MFA).
"Multi-factor authentication (MFA) is a method of computer access control in which a user is only granted access after successfully presenting several separate pieces of evidence to an authentication mechanism - typically at least two of the following categories: knowledge (something they know); possession (something they have), and inherence (something they are)." [ref]
This archetype based on validating pieces of information is fundamentally flawed in practice.  There is currently no multi-factor authentication process that is both secure and consumer friendly.  In recent years there have been numerous failures of new authentication architectures due to lack of consumer acceptance (OpenID and OAuth being the latest; the most recent "flavor of the month", the FIDO alliance, has gained little consumer traction).
This failure of multi-factor authentication has lead to a general reliance on user names and passwords.  As a secondary enhancement, many major service providers use text messaging to a mobile device (SMS) as a second factor; however, this process has recently been deprecated by the National Institute of Standards and Technology (NIST). [ref]
The Trust Nexus presents a new archetype for authentication based on cryptographically valid digital credentials.  In this new archetype what matters most is an institutional validation of the individual represented by a cryptographically valid digital credential that can be verified in a secure and consumer friendly way (One Touch Authentication™).
This institutional validation, captured in the cryptographic processes when the credential is issued, represents a stamp of approval.  If the stamp is cryptographically valid, the authentication can be trusted.
This new archetype presents different questions:  Has the digital credential been issued in a valid institutional process?  Is the user to whom the credential was issued the only person who can utilize the credential?  Can the institutional validation be verified when the user presents the credential?  Is the process consumer friendly?  Is the process cryptographically secure?  The Trust Nexus answers all of these questions.
Creating a Secure Mobile Identity Ecosystem is not about managing vast amounts of personal data; it is about managing cryptographically valid digital credentials that represent valid institutional processes.
No organization concerned with consumers is going to institute a complicated process.  No organization concerned with security is going to trust its authentication to a delegated process that depends on a user's Facebook account; however, a high level security organization like a financial institution will be willing to trust credentials issued by another financial institution if the institutional processes can be trusted and cryptographically verified.
The ability to create and secure a 4,096-bit cryptographic key on a user's mobile device makes this new archetype possible. [ref]
Because the receiver can cryptographically verify that you are the person to whom the credential was issued, under the Trust Nexus it truly does not matter who you are; what matters are institutional validations and the ability to verify those validations.
Most authentication schemes depend on securing and verifying personal data; we focus on the ability to use credential data in a valid institutional process.  The concept of verifying institutional validations rather than verifying personal data requires a shift in perspective.  Once that mental shift occurs everyone is amazed at how simple our system is.
While the Trust Nexus may "defy conventional wisdom", we are confident our core ideas are "non-consensus and right".
© Copyright 2017 ~ Trust Nexus, Inc.
All technologies described here in are "Patent Pending".