Beyond Identity: Secure Enclaves and Authenticating Clients Rather Than Servers

Our current lock-down is showing cracks in our digital infrastructure, and there’s no greater crack than the usage of passwords. The simple user name and password is really just a legacy of the old main frame world, and possibly has no place in this world of knowing your user. Recently Microsoft defined at over 99% of identity theft could be overcome by simply enabling multifactor authentication (MFA).

Now a startup — Beyond Identity — aims to provide an identity solution which integrates an on-device personal certificate authority. In this way there is no need for the complexities of cerificate authorities, and where devices need to store the public keys of trust authorities. The signing process is then done within a secure enclave on the device. A device could then be registered as it’s own “server” domain, and be trusted to prove the user and the actions of the device.

If you have ever used Let’s Encrypt, you will know that they use a smart method of authenticating the Web server, and where they use the ACME protocol to securely install a digital certificate. The Beyond Identity aims to create a similar approach, but by authenticating clients rather than a servers.

One of the key features is the Beyond Identity aims to integrate with many of the existing…