Identity Store Introduction

Early Access

Introduction

The TrustX Identity Store serves as a comprehensive repository of User Identities and their associated information, including biometric data and passkeys. Each Identity Store serves as a directory for organizing Users into logical groupings based on authentication requirements.

Currently, access to the Identity Store feature is provided on an invite-only basis. Access is on an invite-only basis in order to solicit feedback during this early access phase. Full access will be provided to all tenants once the feedback phase has been completed. Contact support@daon.com to request access.

Configuration Guides

Already familiar with Identity Store and authentication concepts? See the following guides to get started.

Managing Identity Stores

Click here to get started and create an Identity Store in the Backoffice.

Managing Identity Stores
Managing Users

Click here learn how to manage Identity Store Users.


Managing Users
Managing Policies

Click here learn how to manage Identity Store Policies.

Managing Policies

Biometrics

Biometrics are measurable physiological and behavioral characteristics that uniquely identify a person. Examples include facial images, voice prints, fingerprints, and DNA. Biometric authentication is the process of recognizing someone from their biometric samples and is something we humans do every day. Every time we answer the phone to a friend we subconsciously compare the sound of the voice to our memory of our friend’s voice. Even when we walk down the street, we compare the faces we see against our internal database of faces of people we know.

Computer based biometric authentication is performing this same process; gathering biometric samples and comparing them to stored records of samples and granting access to computer systems on the basis of positive authentication. One of the key benefits of biometric authentication is that the authentication process does not rely on the User doing anything more than being themselves —no passwords to remember or tokens to carry.

Since a biometric is an authentication factor that is tied to an individual person, it cannot be shared or stolen—unlike other factors such as passwords and tokens. As a result, Biometric technology has proven itself to be very useful in preventing fraud where Users may traditionally share passwords or tokens.

TrustX supports biometric authentication through face authentication. A face can be associated with a User of an Identity Store and compared against a live captured image.

Authentication

Authentication is the process of confirming the identity of a person. Traditionally the security industry divides the different methods used to authenticate people into three broad categories:

  • What you know – examples of this would include passwords and PINs.
  • What you have – examples of this would be smart cards or passport.
  • What you are – measurable characteristics that make a person unique – biometrics.

Each factor has unique characteristics and combining these factors together can provide even stronger forms of authentication than what can be achieved by a single factor alone.

For the past decade, the de facto high security solution for most systems has been a combination of passwords and out-of-band tokens such as those based on SMS text messages. However, even specialized tokens are not immune to attacks, as compromises for several popular solutions have been published.

More recently, interest has begun to focus on biometrics as a technique to enhance the security and convenience of systems without imposing increased burdens on the users of those systems. TrustX provides three authentication methods for authenticating Users: biometrics (face) and passkeys.

See the following guides for information on authentication via passkeys and face biometrics.

Policies

A policy defines the method and rules for registration and authentication, which is used to verify the identity of a person. TrustX currently supports one policy method:

  • Passkey Policy - Utilizes FIDO2 protocol for authentication. For more information, see the Passkeys section below.
  • Appkey Policy - Utilizes FIDO UAF protocol for authentication. For more information, see the Identity Store Introduction

Each policy can be defined separately per Identity Store and is configurable from the Backoffice application.

Users

In the context of the Identity Store, a User contains biometrics and methods of authentication of an end-user that has been added to an Identity Store.

The data saved for each User includes:

  • User Information - Contains general information about a User such as location, time zone, first name, last name, and date of birth.
  • Registered Passkeys - A collection of passkeys associated with the User.
  • Registered Biometrics - Contains registered biometric data about the User. Currently only face biometrics are supported.
  • Authentications - A list of authentications associated with the user. Authentications are divided by authentication type, including, passkey, and face matches.

Passkeys

Passkeys provide FIDO2 (Fast Identity Online) WebAuthn for a stronger authentication solution than passwords alone.

Passkeys work by using a public key cryptography system, where the user's device generates a public-private key pair. The private key is stored securely on the device, while the public key is registered with the online service. When the user wants to authenticate themselves, they simply need to provide a signature using their private key, which can be verified by the online service using the registered public key.

One of the key benefits of passkeys is that they are resistant to phishing attacks, since the user's private key is never transmitted over the network. This means that even if an attacker is able to intercept the authentication request, they will not be able to use the user's Pass Key to authenticate themselves to the service.

Passkeys provide a secure and convenient way for users to authenticate themselves to online services, without the need for passwords or other traditional authentication methods.

Learn more about creating passkey Policies here.

Appkeys

Appkeys utilize the FIDO Universal Authentication Framework (UAF) specification that provides a passwordless solution to registration and authentication where an identity is bound to only one device or biometric profile without the need for passwords or QR codes.

Appkeys can be implemented using a Device Binding or Biometric Binding solution.

  • Device Binding - A method of silent registration and authentication where the record is bound to the device.
  • Biometric Binding - The authentication is bound to a single biometric, for example, a fingerprint.
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Managing Identity Stores
Edit on GitHub
On This Page
Identity Store IntroductionIntroductionConfiguration GuidesBiometricsAuthenticationPoliciesUsersPasskeysAppkeys