The traditional method for authenticating a person is to ask for "something someone knows", a password or a pin, but what happens if this information it's compromised? It's a problem, then we understood that was time to evolve and we started to ask "something that the user always have", for example a bank token or an OTP generator, but these devices are not user friendly and I often lose them.

We need to change the paradigm, instead of asking something "I know" or something that "is in my possession" we want to use a trusted smartphone that is always with the final user and in a transparent and automatic way we query its position and see if the user is authorized to authenticate from that position, for example you want to withdraw money from an ATM, then we verify that you are really in front of the ATM and not someone else who cloned your credit card, we think this approach is better in so many levels that this model will become the standard in future.

A smartphone is the authentication box where we can make all the tests that we need for our scope, we can ask for confirmation or notify the user, we can query location requests (GPS / Galileo / GLONASS / Compass-Beidou), and use other geolocation options as fail over for example we can query the GSM position (HLR / VLR / SGSN) and in exceptional cases we can use biometrics and more, basically a smartphone today is capable to do everything that we need to authenticate someone!

AuthLand aim to become a third entity that verify the identity of the user testing if meets all the parameters requested for authorization, using the last example if I withdraw from an ATM the backend of the bank application query our API to calculate a trust score using the app that is installed in the customer's phone and we verify that the user is physically near to the ATM, the device's GPS answer with the results, and using this data we can approve or negate the authentication, if the user is paranoid he can request that AuthLand shows a prompt to confirm what he is doing or perform a biometric verification (Ex. new Samsung's tablets came with retina and fingerprint readers), the user is free to set the value of its trust score to authorize its authentication for every identity.

The business model is simple, those who want to integrate our solution into their backend (using our API) pay a monthly fee per user to protect their customers. This is an authentication as a service startup, we will provide simple APIs that will simplify the life of the developer and will help avoid potential fraud among their users.

What are doing other players in the authentication sector? MasterCard ask to make a "selfie pay" to verify the intention of the user, we think this won't work because the final user is lazy, solutions must be transparent, like a magic trick, also in the Google I/O was introduced Abacus AKA Trust API a Google project that makes behavior profiling for authentication purposes, they get all my data, where I go, what I buy and everything and based on this data the system understand when something is wrong, AuthLand respect your privacy and let you choose the level of trustness of your score.

AuthLand is an outsourced service that uses GNSS to authenticate the final user in any kind login scheme that support our API, with AuthLand your smartphone becomes your key manager but only works if you are in right place at the right moment!

AuthLand: Authentication as a Service!

Share this project: