The Tide
Foundation, in a joint research partnership with Deakin University have
validated a new security paradigm. Tide untangles the paradox of
"who's guarding the guardian?" undermining today's security dogma.
That dogma suggests that to secure something, you should fortify it heavily,
lock all entrances and place a guardian to let only the authorized people
in.
Today, it's usually the
identity system of an organization that authenticates the users and authorizes
access to their resources. This means that if this identity system, or a person
who administers it, is compromised, then every digital asset of that
organization is at risk. It's proven to be a $7tn global liability and poses
significant risk of liability and identity theft to every user.
Tide assumes the guardian may
be compromised and strips its authority so that only when combined with the
authority that each user brings with them can access be granted. The system
tells the user "Here's the key you need for this visit, but it will only
work in your hands, not mine."
"Adding more barricades to
the door when the burglar is already in the house is redundant," said
Professor Robin Doss, Director, Centre for Cyber Security Research &
Innovation Deakin University. "Tide flips the act of authentication from
just proving you're the right user, to include "bring your own
Authority" that empowers the system to use your data."
Tide's novel
Self-Sovereign-Authority technology allows the organization's IT systems to
lock critically sensitive digital assets (e.g. PII, health data, IP or
finances) with keys so secure, no one has access to them. Not even Tide, as the
technology developer, has access.
Each user's key is generated in
a zero-knowledge process across a decentralized network. Users log into the
organization using a password or multi-factor authentication through the
decentralized network. In essence, a user wishing to access a critical resource
logs in through Tide's decentralized network to transform their identity into a
digital authority for that particular asset. This capability is made possible
through Tide's breakthrough in decentralized threshold multi-party
cryptography.
"Using a decentralized
network, authority can move outside the platform, in the hands of a collective
who jointly hold the only key. It removes the need to trust anyone," said
Michael Loewy, Co-founder Tide Foundation. "But unlike the blockchain world
where users have run into challenges managing their key on their own, Tide's
authentication gives humble passwords the effective strength of a Bitcoin
wallet, but with absolutely no change to the user experience."
The collaboration between Tide
and Deakin is soon to have an industry partner, a leading global password
manager. An end user bringing their own authority keeps the password manager's
knowledge to zero from end-to-end, even though they're holding the most
sensitive secrets of their users.
Tide is already working with
global IT companies, like NTT, major ERP platforms and other technology
providers to secure themselves and their customers.