What to Know Before You Start with Circle Access

Implementation Options

Circle Access provides developer and Enterprise customers with two different UX options that can be implemented in 3 ways:

  1. Circle Access Mobile - as a standalone authentication solution to log into any Web site or application.
    • Your Smartphone is You.
    • By scanning a QR code, the end user can log-in to any Web site or application on any device (mobile, desktop/laptop device, tablets, etc.)
  2. Circle Access Desktop - as a standalone authentication solution for Desktops only
    • Your Device is Your Login.
    • User must have Circle Access Desktop installed on the device that is logging in to the Web site or application directly.
    • Currently only supported on Windows - MacOS users are given Circle Access Mobile as option.
  3. Circle Access Lite - which requires no installation on endpoint device.
    • The browser provides the information of the end user with the help of authenticator.
    • The authenticator then sends the bio-metric information or other authorization gestures from the user and sends the assertions to Circle server where its validated

Whichever you choose all use Circle Access Cryptographic Credential-free Authentication to protect access to your websites and applications. If you have not already, we recommend that you read:

Using Circle End-to-End Data Protection to Implement Credential-free Authentication

It is also possible to implement CFA with Circle End -to-End Data Protection by integrating with Identity and Access Management systems - whether that is the back end of a website or application, or an integration partner of Circle such as Auth0, ForgeRock, Ping Identity and others. In this case, the role of Circle is restricted to protecting data used for authentication purposes in Secure Capsules that are controlled by the Web server / application or IAM platform. This is a very different approach which requires development expertise, resources and the functional capabilities of such systems. There are many benefits and capabilities of Circle Secure Capsules that go far beyond storing authentication data and can be leveraged in this implementation approach. If you are interested in this, we suggest that you contact us for a free consultation before starting.

What Is Cryptographic, Credential Free Authentication?

With Circle Access, there are no credentials - i.e., a username and password, or any other method of creating and storing 'secrets' on a server that is used to authenticate a user. All such methods are deeply vulnerable to attacks. Circle Access replaces with a radically better approach that achieves authentication with 3 very strong factors:

  1. Something You Have. A smartphone, PC or laptop.
  2. Something You Are. Biometric verification, with the option to escalate to Human-in-the-loop Identity Verification with Circle-of-Trust.
  3. Something You Do. Validation of a cryptographic authentication that can only be done with the private key uniquely created on and bound to the endpoint device controlled by that human end user.

You can learn more about that here.

While the Circle Access server does have a user concept, it only knows a User ID. All personally identifiable information (PII) - including emails and phone numbers - are stored only on the endpoint device, and only hashes of them are stored on the Circle Access server. There is no information on users that Circle Systems - or an outside or inside attacker - can gain access to on the Circle Access server.