Scroll to see frequently asked questions about Haventec Authentice or navigate to a specific question from the list below:
- What is Haventec Authenticate?
- What Solutions does Haventec Authenticate enable?
- Does Haventec Authenticate rely on a bearer token to authenticate a user and their device?
- Where is Haventec Authenticate information stored on the user's device?
- Can the Haventec private key be intercepted in transit between the user's device and the Authenticate engine?
- What deployment options are available for Haventec Authenticate?
- If I use the same username for multiple applications, does that mean the Haventec Authenticate private key could also be used to access multiple applications?
- What does Haventec Authenticate use as PKI?
- What is a rolling private key?
- What are the benefits of rolling private keys versus static private keys?
What is Haventec Authenticate?
Haventec Authenticate is a decentralised authentication engine that eliminates friction and enables safe, simple and secure access for customers, citizens and employees. Haventec Authenticate is powered by an internationally patented Rolling Key technology consisting of dynamic, single-use public and private keys.
What solutions does Haventec Authenticate enable?
Haventec Authenticate enables market leading authentication solutions including Passwordless Authentication and Silent MFA. Haventec Authenticate can be also be integrated into your existing IAM or accessed through a CIAM-as-a-Service.
Does Haventec rely on a bearer token to authenticate the user and their device?
Bearer tokens are used as part of an HTTP / OAUTH2 authentication scheme. Whilst Haventec uses standard protocols such as OATH and OIDC there are some exceptions. To enhance security Haventec uses a proprietary 'AuthKey' which is cryptographically secured using a patented one-time use rolling key architecture. Similar to a bearer token, AuthKey is an opaque string that is unreadable by the user. However, unlike a bearer token, the Authkey is for one-time use and is rolled every time the user authenticates to Haventec.
Further, the Authkey presented by the user must also cryptographically match with the user's details in the Haventec system, meaning that the Authkey can not be arbitrarily used by another user.
Where is Haventec Authenticate information stored on the user's device?
For web-based applications, the information is stored in the browser's Local Storage and controlled via a Same-origin policy. This ensures only the Haventec domain can access this data in Local Storage. This is an industry-standard location for the storage of data required to be accessed by web applications.
For mobile users, the data is stored either in the Keychain for IOS, or in the Keystore for Android devices. The keychain or Keystore can be unlocked via biometrics.
Can the Haventec private key be intercepted in transit between the user's device and the Authenticate engine?
No. Haventec does not distribute either the public or the private key to the end-user or enterprise. Further, the private key is not stored by Haventec but is cryptographically recreated on a just-in-time basis at the point of authentication. Once authentication has been successfully completed, both the public key and private key pairs are destroyed and then rolled ready for the next time the user authenticates.
Therefore the key pairs are one-time use and never distributed outside the Haventec service. Furthermore, the private key is not stored but recreated when required.
What deployment options are available for Haventec Authenticate?
Haventec supports standards-based deployment options including OIDC, SAML, SDKs and RestAPIs. Typically the Haventec service is set up as an Identity Provider (IDP) and is easily integrated into most customer environments either within the existing Identity and Access Management (IAM) framework or directly into frontend/backend applications.
If I use the same username for multiple applications, does that mean the Haventec Authenticate private key could also be used to access multiple applications?
No. Each application using Haventec will create a unique, one-time use public and private key pair and an Authkey for authentication. Therefore the same Authkey cannot be used to authenticate to multiple different applications. However, the user can have the same PIN for each application, giving a Single Sign On (SSO) experience. As each PIN is salted and hashed the values are cryptographically different and therefore unique to each application, even though the original PIN may be the same. Note that Haventec never stores the user PIN, only the hashed and salted values, and Haventec never distributes the key pairs to the user or enterprise. Further, Haventec never stores the private key, but cryptographically recreates it in a just-in-time manner at the time of authentication. All keys are for one-time use only and are rolled after every successful authentication.
What does Haventec Authenticate use as PKI?
Haventec uses a combination of Elliptic Curve (EC), AES, RSA and SHA in our patented cryptographic authentication engine. The Haventec authentication engine was designed to be quantum computing resistant by allowing these cryptographic modules to be updated as new or stronger ciphers become available.
What is a rolling private key?
A rolling private key, also known as a rotating private key, is a security mechanism used to enhance security by frequently changing the private key.
In a traditional encryption system, the same private key is used to encrypt and decrypt for an extended period of time, often months or even years. This creates a potential security vulnerability, as if the private key is compromised, all information protected with that key could be accessed by an attacker. With a rolling private key system, the private key is changed frequently. This means that even if an attacker gains access to one private key, they would need to use it before the key changes.
Rolling private key systems are often used in high-security applications such as banking, healthcare, and government, where privacy is critical. By frequently rotating private keys, these organizations can help protect sensitive data from unauthorized access and mitigate the risks associated with long-term use of a single private key.
What are the benefits of rolling private keys versus static private keys
Static private keys, which are used in public-key cryptography, have several limitations.
Some of the key limitations of static private keys include:
- Vulnerability to theft: Static private keys must be kept secure and protected, as anyone who gains access to the private key can use it to decrypt sensitive information or impersonate the owner of the private key.
- Key management: Managing static private keys can be challenging, especially when dealing with large numbers of keys or complex key hierarchies. If static private keys are lost or compromised, it can be difficult or impossible to recover them.
- Lack of scalability: As the number of users and transactions increases, the management and storage of static private keys become increasingly complex and difficult to scale. This can be a significant challenge for large-scale blockchain systems and other distributed systems that rely on public-key cryptography.
In general, rolling keys are recommended for systems that require higher security, such as financial transactions or secure communications, while static keys may be suitable for less sensitive systems where security is not a primary concern.
If you would like to know more about Haventec solutions, please contact us.
