Introduction
Circle Access replaces insecure passwords with private keys created and stored in secure capsules that are bound to each device and cryptographically validated during each login. Supports a single user across devices, browsers and contexts.
Implementation Options
Circle Access provides developer and Enteprise customers with two different UX options that can be implemented in 3 ways:
Circle Access provides developer and Enteprise customers with two different UX options that can be implemented in 3 ways:
- Circle Access Mobile - as a standalone authentication solution to log into any Web site or application.
- Your Smartphone is You.
- By scanning a QR code, the end user can log-in to any Web site or application on any device (mobile, desktop/laptop device, tablets, etc.)
- Circle Access Desktop - as a standalone authentication solution for Desktops only
- Your Device is Your Login.
- User must have Circle Access Desktop installed on the device that is logging in to the Web site or application directly.
- Currently only supported on Windows - MacOS users are given Circle Access Mobile as option.
- Circle Access Lite - where the user needs no device installation.
- Browser based configuration.
Whichever you choose, all use Circle Access Cryptographic Credential-free Authentication to protect access to your Web sites and applications. If you have not already, we recommend that you read:
Device-based Cryptographic Protection
With Circle Access, there are no credentials - i.e. a user name and password, or any other method of creating and storing 'secrets' on a server that is used to authenticate a user. All such methods are deeply vulnerable to attacks. Circle Access replaces with a radically better approach that achieves authentication with 3 very strong factors:
- Something You Have. A smartphone, PC or laptop.
- Something You Are. Biometric verification, with the option to escalate to Human-in-the-loop Identity Verification with Circle-of-Trust.
- Something You Do. Validation of a cryptographic authentication that can only be done with the private key uniquely created on and bound to the endpoint device controlled by that human end user.
You can learn more about that here.
Completely Private, with Zero Attack Surface in the Cloud
While the Circle Access server does have a user concept, it only knows a User ID. All personally identifiable information (PII) - including emails and phone numbers - are stored only on the endpoint device, and only hashes of them are stored on the Circle Access server. There is no information on users that Circle Systems - or an outside or inside attacker - can gain access to on the Circle Access server.
Circle Service and Secure Capsules
Circle Service runs and manages the key on-device functionalities that Circle performs - to deliver the data security, privacy and identity verification + authentication capabilities it powers. In particular:
- Direct distributed multi-factor authentication between devices;
- On-device AES 256 encryption;
- Secure digital capsules for storing private data (such as digital signatures);
- binding of keys to the device;
- and more.
Complete Data Control & Security for Application Developers
Since Circle Service is included in the install of Circle Access, developers can leverage it to store data in private AES 256 encrypted secure digital capsules on the end user's devices inside a Circle controlled by the data owner. In the case of authentication, the data owner is your own application / Web server.
Why do users need the Circle Access App?
Circle's unrivaled security and privacy capabilities come from its unique device-based key creation and control. Circle Service must be installed and running on the endpoint device to gain these benefits.
For users of Circle Access Mobile
The Circle Access Mobile App performs multiple missions.
- It enables credential-free authentication and log-in for Web sites and applications - for both your mobile phone and desktop and laptops - with a simple scan of a QR code.
- Since Android and IOS operating systems for mobile devices, do not allow services to run in the background indefinitely, it manages Circle Service to protect the end user's data and privacy.
- When used together in Circle Access 360, it can securely communicate and authenticate with Circle Access Desktop.
For users of Circle Access Desktop
The Circle Access Desktop Thin Client:
- communicates securely with Circle Service that is installed on your desktop or laptop from your mobile device, to enable it manage secure authentication and log-in for end users, and
- manages Circle Service and any other use of Secure Capsules or Circles on end user devices.
This enables developers that implement Circle Access 360 to provide users with either:
- credential-free authentication and log-in directly on the device you are using; or
- use your smartphone to authenticate and log-in to desktops and PCs.