Vouch Identity Trust Platform
The Vouch Identity Trust Platform is a decentralized Identity and Access Management (dIAM) system that complements existing IAM systems to secure employee, customer and device identities from hacking. Vouch is offered as a SaaS product offering available with monthly subscription.
Vouch makes any application or process more secure and intelligent enabling identity assertion (login), permissions, and authenticity enforcement with a mobile-first, completely frictionless biometrics-based user experience.
Vouch stores user credentials in a decentralized blockchain vs. the centralized systems password-based system that are commonly used, and compromised today. Vouch solves the problem of massive password-based security breaches experienced at Capital One, Yahoo, Equifax, Marriott and others.
Vouch eliminates the needs for passwords completely – instead using the biometrics from a user’s phone to login and authenticate to enterprise systems, websites, SaaS software services, platforms and devices.
User biometrics are used as a username, to unlock the private keys stored in the secure enclave on the user’s mobile device. Vouch never distributes the biometrics, or the user’s private keys, only public keys are stored on the decentralized blockchain, protected with high-strength cryptography. Using biometrics, Vouch can report with certainty, that the user is who they say they are, not just someone with the user’s credentials.
"One, individual Vouch user credential, is more highly secured and protected, than most enterprises’ entire user credential database."
Vouch Breakthrough Capabilities
Vouch provides a breakthrough for human and device identities in these areas:
Who Are You
User credential theft,
Multi-factor identity credentials stored in the blockchain eliminate identity theft. Biometrics eliminate passwords. There is no data or PII to steal.
What permissions do you have?
Centralized security processes that slow permission management, sign-offs and approvals
Project teams use Vouch ID’s to “vouch:” permissions and sign-offs within the team, effectively decentralizing approvals enabled by Vouch smart contracts engine.
What did you do and when?
Low confidence in data used to support compliance, regulatory and audit functions
Vouch identities maintain tamper-proof chain-of-custody data anytime they are asserted, delivering high confidence “who did what and when” compliance data.
The Vouch Identity Engine enables the creation of digital identities that are used to authenticate people and devices. In simple terms, to confirm “Who are you?”. These digital ID’s are stored across decentralized blockchain nodes, so they are highly secure compared to centralized security infrastructure that is commonplace today. This solves two problems:
- Theft and hacking of user credentials and passwords that we read about with ever-increasing frequency, and
- The high cost to the enterprise and the related user frustration of constantly resetting passwords.
Vouch interfaces with the IAM systems in place today to substitute the password challenge in the authentication flow with Vouch’s Blockchain-based credentials and biometrics-based authentication.
Identity Engine Benefits Summary
- Gets rid of passwords
- Eliminates security issues with centralized security infrastructure
- Provides an amazingly simple user experience – replacing frustrating and costly username + passwords security approaches with an identity that is dramatically more secure
Smart Policy Engine
The Vouch Smart Policy equips traditional IAM systems with breakthrough security and intelligence by reinventing apps and processes with automated privilege, permissions, and condition enforcement using Vouch Smart Policies.
Policies and permissions can be applied to any Vouch Identity. In simple terms, this is used to create and enforce, “Who can do what?” conditions, in a highly decentralized and secure manner.
Rich permissions examples include:
- Programmable conditions that allow a person or a device to perform an action, such as to operate a vehicle, enter a building, upload new firmware, or arm a weapon
- Powerful digital replacements for physical objects used today – such as a digital car key that uses your mobile phone to control a vehicle and set permissions for the different drivers in your family or that you lend your car to. (see Personas below)
Group approvals permission example:
- The group of employees of a company that are required to make an approval, receive an SMS on their phone, and to approve the transaction those users simply open the message on their phone and supply a biometric (Face ID or Touch ID) to make the approval, greatly speeding up group approval processes. (see Quorums below)
For IOT devices:
- Smart policies enable devices to be highly sophisticated in their operation, for example, to be able to confirm the legitimacy of a firmware update, before the update is applied, so that rogue/hacked software can’t be installed on the device.
"Imagine the confidence that your business would have if it could trust that the devices running your business every day were truly secure."
Smart Policy Engine Benefits Summary
The Smart Policy Engine enabling human and device identities to take a giant leap forward – to become more secure – and more powerful using the Vouch Identity Trust Platform’s programmatic policies and permissions.
The Vouch Audit Engine maintains tamper-proof chain-of-custody data anytime a Vouch Identity is asserted – delivering high confidence “Who, did what, when?” compliance data.
In today’s world, assembling an irrefutable chain-of-custody is typically impossible, due to:
- The data being fragmented across systems (email, text, enterprise systems)
- Data accuracy and completeness, whether it’s been tampered or modified, etc. are impossible to prove
- The cost, effort and time required to build compliance records is exorbitant
This fragmented state-of-affairs that most enterprises experience results in those organizations having low trust in the data used to support their compliance, regulatory and audit functions.
Vouch maintains an immutable transaction record for any transaction involving a Vouch identity assertion. Each user’s mobile device(s) and the crypto public keys that represent the users’ biometric identities are used to digitally sign a transaction and the transaction details are published to the Vouch Blockchain Network.
Audit trail data from can be easily accessed by permissioned administrators, providing unequivocal data for a wide range of functions including internal and external audits, compliance and regulatory requirements.
Audit Engine Benefits Summary
- The Audit Engine enables enterprises to have high confidence in the data used for audit, compliance and regulatory purposes.
- The Vouch API engine enables easy integration of audit data into your enterprise systems.
Extending human-digital identities with permissions.
Beyond system logins, the next step in leveraging Vouch identities for higher value and security is to enable these identities with the ability to prescribe, monitor and enforce permissions across the enterprises’ technology ecosystem. Vouch enables this capability through Personas.
Personas encapsulate the rules for how trust, in the form of permissions, are attached to identities. Persona rules are expressed through programmable smart contracts in the Vouch Smart Policy Engine and contain:
To enable a “device administrator” persona (permission) to be added to a human identity
A human identity permission that enables the creation of new device identities in an IOT manufacturing plant
A minimum of two quorum members of the persona type “administrator” are required to create a new identity of the persona type “device administrator”
The quorum members must be physically based in the US (as determined by IP address)
Decentralized access and enforcement of security.
In keeping with Vouch’s decentralized design, a key aspect of leveraging identities for higher value and security is the ability to easily create and incorporate Quorums (or groups) of approvers into corporate processes in a simple and highly decentralized fashion.
The processes for today’s enterprise for extending trust through centralized certificate authority private keys are slow and complicated and are frequently side-stepped by project leaders in the pursuit of achieving project timelines, defeating any goals of achieving an irrefutable chain of custody. The cost of compliance, is simply too high.
By contrast, Vouch Quorums are a foundational capability of the Vouch Platform enabling humans to easily extend trust by “Vouching” for other humans or devices, simplifying the process (itself) of extending trust to make a positive impact on security.
Vouch Quorums work in concert with Vouch Personas and the Vouch Smart Policy Engine to specify and enforce policy conditions, applied any approval or sign-off of any type of transaction.
An example approval could be sign-off for the promotion of software through a certain stage of the software release process, or an approval of a purchase – each requiring a quorum of people to achieve the approval.
Using Vouch Quorums
Transaction approval processes are built in the Vouch Identity Trust Platform by designated personnel using the Vouch Smart Policy Engine. The identities and personas of the approvers are selected, along with the approval requirements (all quorum members, subset of members, minimum of persona types, etc.).
Current Enterprise Approach
A transaction approval message is delivered through the Vouch app or the Vouch SDK in client apps.
An email notification is sent to the approvers.
For approvers, an approval request message is sent via SMS message to their mobile device. The user clicks “approve” on the SMS message, and submits biometric approval.
Approvers must click on the email link, and then log in to an approval system, navigating multiple screens.
Approval systems frequently require off-network users to be logged in to VPN.
Lack of friction and simple interaction makes approval chains fast.
Crowded email inboxes and high-friction processes commonly introduce days or weeks into the approval process.
Request a Demo
Would you like to learn more about the future of blockchain identity-based security and how we solve it?
Fill out this form and we’ll be in touch within 24 hours