Digital Identity Management Solution
History is a string of unique moments... Meet one!
The name "AxiomaticId" comes from "Axiomatic Identity". "Axiomatic" means "self-evident truth".
Identities are axiomatic! They are self-evident relationships established among trusting partners who communicate and do business together.
Axiomatic identities work based on the principle "first come, always served", that is, once a relationship between two parties has been established, those parties need never know the biometric identity of each other.
AxiomaticId is a solution for the management of digital identities. It uses digital signatures to allow people to authenticate themselves to various (online) service providers.
AxiomaticId is designed to secure a user's decisions to execute actions at various service providers. For maximum security, hardware isolation can be used to create the action requests. Hardware isolation refers, for example, to a computer which is not connected to any kind of network.
AxiomaticId allows people to protect their physical identity by substituting it with a digital one. AxiomaticId lets people create multiple digital identities which can be used in various places, over the Internet.
AxiomaticId empowers people to create digital identities which can be hidden from other people. For example, if the computer on which AxiomaticId runs, is stolen or taken by force, the hidden identities would remain hidden from the aggressor, that is, the aggressor would never know that there are hidden identities on the computer.
AxiomaticId is an open source project developed in C#.
The purpose of AxiomaticId is to allow a user to identify himself to a service provider, like a payment service, as being the owner of a specific service account. AxiomaticId has nothing to do with what the service does and how it works. AxiomaticId simply authenticates users to perform actions in their accounts.
Any service (online or offline), like a payment service, which needs to authenticate users as being the owners of their accounts, can use AxiomaticId to process the actions which users request to be executed in their accounts.
For integration details look here.
Merchants can use AxiomaticId to know for sure that their payment service tells them, using digitally signed confirmations, that a certain client has paid for his purchase. The payment service can send such confirmations through email.
An employee of the merchant can then simply load the confirmations into AxiomaticId to verify that the payment was indeed made, to see what merchandise was requested, and to see where the merchandise has to be shipped.
Organizations may get significant benefits from using group identities. A group identity simply groups the identities of several people who work for the same organization.
A group identity allows a service provider to require that in order to execute an action in a service account, all the members of the organization (or a minimum number of members) must sign the request for the execution of the action.
For example, an organization might have an account with a payment service where it keeps (some of) its money. The organization would not want any single member to have full access to this account, but rather request that the payment service executes only payments which are signed by 3 (out of 5) members of the organization. AxiomaticId can make this happen.
A group identity also allows a user of AxiomaticId to encrypt a document for the organization. It is possible to encrypt the document so that each member of the organization could decrypt the document independently, or it's possible to require (with cryptographic strength) that all members of the group be present in order to decrypt the document.
Even further, it's possible to encrypt a document in a way which requires that most members of the group be present in order to decrypt the document, but some members could miss. Moreover, it doesn't matter who is present and who misses from the decryption process. All that matters is that the minimum number of members is met.
For example, if the board of directories of the organization has 5 people, but only 3 of them are required to decrypt documents sent to the organization, AxiomaticId can make this happen.
AxiomaticId is useful not only for payment services, but also for document repositories. Consider that your company has an online service which allows your employees to download documents for reading.
If the security of the service is limited to a passphrase, if a thief gets the name and passphrase of an employee's account, he has access to all the documents which can be accessed by the employee.
However, if your company integrates AxiomaticId, every employee would be required to request a document through a digitally signed AxiomaticId document. This way, even if a thief can get a hold of an unencrypted downloaded document, he wouldn't have access to all the documents which could be downloaded by the employee.
The main purpose of AxiomaticId is to allow users to securely access the accounts they have with various service providers. Here are the steps which are taken by both sides:
Identities for individuals and for groups / organizations.
Symmetric encryption for personal privacy. Data can be encrypted to a fixed size in order to be possible to deny that there is anything but random data.
Asymmetric encryption for communication privacy.
Encryption to a group, either for each member of the group, or for all members to decrypt (with the ability to allow some members to miss from the decryption process).
Signing to authenticate a document. Using stand-alone signatures, it's possible to sign the hash of a document (in order to protect the privacy of the document). Multiple signatures are allowed in any place where there are signatures.
Signing by a group, including the ability to specify to others to accept signatures when not all group members have signed a document.
Separate asymmetric key pairs for encryption and signing.
Certifications for proving certain information to other parties. For example, the physical age of a person can be certified by certification services.
Certification powers delegations. Only some identities are allowed by AxiomaticId to validate certifications. However, using certification power delegations it's possible that the identities which are allowed by AxiomaticId to validate certifications, delegate their power to other identities (which don't even need to be in the user's AxiomaticId application).
Inheritors which can access a service account if the owner of the account doesn't access the account for a number of years. Multiple inheritors may simultaneously access an account, and each may be allowed to access only a percentage of an account's value.
Recovery identity for service account. Normally, an identity which protects a service account is generated from random data. However, if such identities and all their backups are lost, access to the accounts they protect is also lost and is absolute. In order to protect users from such a catastrophe, a recovery identity is re-generated at any time from a passphrase.
Custom authenticated information in signatures.
Ability to store different types of stand-alone signatures or certifications in a single collection of objects, like different cards are stored in a wallet.
Ready for new cryptographic algorithms.