Peter Kolarov, CEO
Today, owing to the ever-evolving threat of cyberattacks, businesses across all industry sectors are deploying next-gen cybersecurity measures to protect their data and counter breaches. Particularly in the data security space, the pursuit of building an infrastructure that is impervious to cyberattacks has led organisations in the direction of multi-factor authentication. Even so, due to the lack of a standard authentication process, companies deployed multi-factor authentication in a variety of ways, which, in most cases, left loopholes for phishing that could lead to data breaches. Fortunately, the new FIDO Alliance has developed an authentication protocol based on free and open standards (CTAP, W3C WebAuthn) gathered from across the business ecosystem to enable companies in employing fast, secure, and password-less user experiences. However, as the FIDO based password-less authentication is not yet integrated with existing enterprise login workflows, most of the firms are struggling to build an effective and easy-to-use password-less authentication. Addressing this challenge with its unique KeyVault solution that simplifies the process of creating password-less authentication for both individual and enterprise-level use is the Netherlands-based Crayonic. “As our KeyVault uses FIDO standards, it allows users to register and authenticate without the need to install additional software or drivers on their devices,” says Peter Kolarov, founder and CEO at Crayonic.
Founded in 2015, Crayonic’s original product, the Crayonic Pen, was developed to help users e-sign documents with ease, while ensuring that their identities were verified and secured with behavioral biometrics. To achieve this, the company issues an identity certificate prior to authentication and tracks handwriting biometrics to recognise the user. Today, Crayonic is beta-testing its new flagship product, the Crayonic KeyVault, which is specially designed to deliver an easy-to-use, password-less, step-up biometric authentication solution. “In most cases, if multi-factor authentication product ensures high security, it compromises on usability, which hinders enterprises from reaping the overall benefits of their deployment,” adds Kolarov.
The Crayonic KeyVault is a decentralised identity wallet that allows users and enterprises to secure their identities, data, and high-value cloud transactions with ease and efficiency
Keeping this in mind, Kolarov and his team have built KeyVault with a highly flexible and scalable architecture that allows it to run on a wide range of devices and operating systems. At the same time, the solution enables users to add an extra level of authentication beyond the initial static biometrics (fingerprint). This additional authentication is an on-device biometric PIN (either hand-written or spoken) enhancing standard FIDO required user verification.
Further discussing the flexibility of the KeyVault offering, Kolarov elaborates, “Our product not only supports all the standards for password-less authentication but also allows integration with legacy systems to aid users that are deeply-rooted in using their existing authentication infrastructure,” states Kolarov. And in cases where a user does not even have a legacy system in place, Crayonic assists them in building a security posture around FIDO protocols and provides integration support to create a final infrastructure using Crayonic Gateway that is 100 percent compatible with its KeyVault solution. Above all, the Crayonic Gateway enables additional use cases for Crayonic KeyVault such as: non-custodial digital identity and cryptocurrency wallet, eSigning documents using X509 certificates and even KeyVault recovery feature for users who have lost or damaged their KeyVaults.
One of the more interesting differentiators of the Crayonic KeyVault is its unique Proof-of-Free-Will concept, which enables the device to recognise instances where a user is authentication under duress or without intent, thereby ensuring effective security at all times for the most sensitive transactions. Concurrently, the company’s emphasis on using FIDO protocols also helps users in leveraging the KeyVault to perform high-value blockchain and cryptocurrency transactions in the Cloud without worrying about security of their private keys.
Looking ahead, the company aims to complete the beta-testing of KeyVault and Gateway and launch it by the end of 2020. To conclude, Kolarov reiterates the ethos of his company, “We want to continue building solutions that deliver high security as well as unparalleled usability and become the go-to solution provider for decentralised authentication and privacy preserving identity storage.”