What are the benefits of LeverID?
LeverID has several benefits both for governments and businesses. While some of them are universal, others are specific to each.
The Universal Benefits of the LeverID solution are:
- Post-Quantum Capable Design: The advent of quantum computing brings new security challenges. With this in mind, LeverID has been tailored to feature quantum capability.
- Largely Scalable: Product design and infrastructure configuration enable vast scalability even by utilization of hundreds of millions of users.
- Attack-Tolerant and Reliable: LeverID features distributed private key implementation, ensuring no service breaks and reliable defense against threats.
- Fast Transaction Speed: Whether it’s authentication or signing, transactions speeds remain consistently swifter than any RSA-based solution.
- Ease of Integration: Being technically documented, ease of integration is enabled through API or a software development kit (SDK) for clients wishing to integrate LeverID.
- Mobile-First Design: Designed with mobile users in mind, our solution allows our users to effortlessly authenticate and sign from anywhere in the world.
Governments have very specific needs and LeverID provides them with the following additional benefits:
- Fully Customizable Approach: A modular solution with white label readiness to ensure the product can be configured to suit a specific country.
- Universal Login: Enable citizens and residents access to different digital government services via one universal login.
Businesses on the other hand are likely to be interested in the following:
- Enhanced Employee Onboarding: Providing employees from different countries with single authentication and controlled access to relevant information and documentation.
- Data Security & Ownership: Employee data is securely stored and managed in-line with GDPR regulations, and is protected from unscrupulous access.
- Flexible and Scalable: Whether your company employs 10 or 10 million, is domestic or global, our solution scales effortlessly to meet your demands.
Universal Login: Enable citizens and residents access to different digital government services via one universal login.
Solving a post-quantum cryptography problem
Although LeverID offers a long list of benefits over the other Digital Identity solutions existing in today’s marketplace, LeverID’s capability to deal with the issue of Post-Quantum Cryptography is probably the most significant.
80% of the world’s encryption is based on the RSA (Rivest–Shamir–Adleman) cryptosystem from 1977. The keys for the RSA algorithm are generated by choosing two distinct prime numbers and multiplying them.
In 1994 an American mathematician Peter Shor discovered a quantum algorithm that factors large trapdoor function numbers, something that their traditional computer counterparts were not doing as efficiently. This is one step closer to cracking RSA encryption. In other words, it is easy to have two prime numbers for example 199 and 227 multiply them and get 45173, but it is very difficult to calculate the function in reverse. However, this is not “mission impossible” for quantum computer algorithms.
Cryptography works because some problems are hard to solve. In the classic RSA examples, the problem-that-we-rely-on-as-being-hard is factoring a product of two large prime numbers. In the elliptic curve world, the problem-that-we-rely-on-as-being-hard is known as the discrete logarithm problem. This is an equation for which a special way has been developed to change the equation by any factor. But if you now remove the multiplier from the equation, but keep the answer, it becomes almost impossible to solve the puzzle. The randomness aspect of the equation also changes depending on the multiplier. Thus, it takes exponentially more time and energy to solve such an equation. The time needed is in correlation with the strength of that equation and that adds security to the platform.
LeverID is the next generation of digital authentication and signature platforms. While we are constantly working on designing a platform that is capable of utilizing standard crypto specifications that are available today, we are also investing heavily in researching post-quantum proof technologies and cryptography standards.
The LeverID platform has been designed in a way that enables us to implement multiple cryptography standards. This will include post-quantum resilient cryptography standards once they’ve been established and agreed upon, internationally.
Quantum computing is already a reality today. For example, the IBM 65 qubit computer. The reality of quantum computers brute-forcing trapdoor functions is still quite far off (around 10-15 years), which is why Levercode is already investigating possible solutions for governments and critical infrastructure clients, in order for them to secure their data for the next 25 years, even if quantum computers advance in regard to qubit volume.
Some samples of affected mission-critical industries are:
- e-Government and Trust Service providers in the field of eIDAS who rely on secure communication channels, electronic signatures, and data validation.
- The banking industry with credit and debit cards as well as (mobile) payment applications.
- Digital Health platforms that process encrypted sensitive personal information.
- The Energy sector with its remote metering and other relevant data management systems.
How does LeverID work?
The first phase of the LeverID solution is for the individual user to create a digital identity. After the user's request to create a LeverID identity is made, LeverID will validate user eligibility, either through a third party ‘Know your Customer’ (KYC) provider, or a Government Registration Authority.
The second phase of LeverID begins when a user initiates an authentication or a signing request via LeverID via a ‘Relaying Party’ (a service provider or vendor). Depending on the user’s request, either an authentication certificate or a signing certificate is validated against the LeverID database.
If eligibility is met and confirmed, LeverID initiates the process of creating an authentication and signing certificate for the user. Once this process is followed through, the user obtains valid certificates in order to authenticate and sign digitally.
The LeverID solution consists of three principal components:
- Server application and Hardware Security Module (HSM)
- Mobile Device Application
- Application Programming Interface (API) for Relaying Parties (RP)
For a higher level of security, both the user and server have independent private keys. The server and user’s mobile device both sign the document or authentication challenge independently with their private keys. These signatures are then cryptographically combined into a standard verifiable digital signature that verifies against the user’s public key certificate.
In addition, two-factor authentication is used. Both the user’s mobile device and the server use independent mechanisms to authenticate the user.
It is important to differentiate between component responsibility when talking about a state/country or a private company in terms of where the accountability of the components will lay. The critical components of LeverID digital authentication and signing platform are:
- Hardware Security Module and server application
- Mobile application
- API for relaying parties
- Registration Authority (RA)
- Certificate Authority (CA)
- Verification Authority (VA)
In the case of state/country digital identity, all six components will be under the control of the state that is responsible for the identities. The LeverID infrastructure will be configured and set up on-site and control can be handed over to responsible government institutions.
In the case of private digital identity, the accountability will lay on the LeverID certified infrastructure. In order to provide LeverID with identities, the KYC service provider’s information is used via an API. LeverID will continue to validate certificates for authentication and signing requests.
If certificates are proven to be valid, the user will be issued a challenge code through LeverID. If the challenge codes match, the user is prompted to enter their 4-digit authentication PIN or 5-digit signing PIN. If these PINs are then proven valid, authentication or signing can take place depending on the initial request.
Certificates:
LeverID is Designed to comply with the following standards in order to offer a trusted product to all our customers:
The certification process is ongoing and certificates are currently pending.