What is REL-ID?

REL-ID is a safe, simple, and scalable security platform that, for the first-time, tightly integrates your identity, authentication, and channel security. By combining strong "relative" identities with our patented protocol, secure application tunnels can be established with blazing speed and at IoT scale, enabling a phenomenal user-experience with every authorization and login.

Traditional identity and authentication approaches such as voice, retina, fingerprints, hard tokens, and challenge questions provide what can be best be described as a patchwork approach to security because they are not tightly integrated into the channel. Individually, each can and have been hacked.

You can post all of your usernames and passwords to Facebook, LinkedIn, and Twitter and still be safe with REL-ID.

What is a relative identity? REL-ID, short for "RELative-IDentity," starts with elements of the existing model of absolute identities and super-charges them. REL-ID first establishes a unique device identity, overlays an application identity, and then binds any set of absolute user-credentials (username, voice, retina, fingerprint, etc.). It also takes the device, application, and access identities at the server side of the connection and binds all of those difficult-to-spoof, mutual factors into a unique combination. This shared/mutual/relative identity, containing elements from both the user and the enterprise, is then split. Each side of the connection is responsible for part of the identity, but neither ever has full knowledge. Like writing down a note and then tearing it in half, it is impossible to recreate that tear and to guess perfectly all the contents of the half you don't posess.

Because the mathematics of the "relative identity" (torn-note) is a true 1:1 relationship, it is the basis of our very strong key-exchange and subsequent encrypted channel. By moving the key-exchange into the application layer at both ends, we keep decryption as close to the responsible parties as possible. Rather than connecting devices-to-networks, REL-ID connects apps-to-apps! You can post all of your usernames and passwords to Facebook, LinkedIn, Twitter and still be safe with REL-ID. We make the compromise of user credentials irrelevant and eliminate unauthorized entry.

Is the Tech Real?

If you showed an iphone to a teenager from 1977, they'd think it was magic. So we're not surpised when prospective customers and critics are incredulous about the power of REL-ID. A generational leap in technology like REL-ID looks like magic - in fact, the last time someone innovated as deeply in the security stack as we did was 1977.

But we are real. We have 2 U.S. patents and have had some of the world's best cryptographers and security specialists in banking and the military review our product. Almost all become customers after seeing it in action.

Many in the cryptographry community refuse to use any unpublished crypto. And so do we. Thankfully, REL-ID does not create any new crypto. It is an integration and enhancement of the identity model and key exchange only. We support all industry standard cryptography (AES, etc.). We will soon publish the first version of our key-exchange, once our second version is out of R&D. We know that Relative Mutual Authentication and Key Exchange (RMAK) will become an industry standard protocol within the next 3 years.

We've also seens some pretty incredible growth over the last couple of years...

28 Implementations Worldwide
4 Million Users
8.8 Million Devices Secured
3 Global Innovation Awards
Top Startup, Next Bank Silicon Valley 2016, USA
Top Emerging Company, IE20 2016, India
Best Growth Startup, Fintech Finals 2016, Hong Kong
2 Major Conference Presentations
JPMorgan Global TMT Conference, Nov 2015, Hong Kong
TEDx "Hacked" Cybersecurity Salon, Nov 2015, Hong Kong

CAN I GET RID OF MY TOKENS?

Please do. Because REL-ID incorporates knowledge from both ends of the connection (i.e. Mutual Factors), regulators have been looking to REL-ID as a stronger, better way to authenticate. Soft tokens can go away entirely. We admit that hard tokens do add another physical element away from your device that must also be "stolen," but the user experience is so poor that most users don't keep the token handy and rely on customer service calls. In addition, the cost to maintain physical tokens is far greater than cost of REL-ID for an enterprise, not including the significant reduction in fraud and call-center activity that REL-ID can help you achieve.

We are confident that our solution will remove the need for hard-tokens in jurisdictions where multi-factor authentication is required by financial services regulators.

CAN I GET RID OF MY VPN?

There are many types of VPNs, and they are used for a wide variety of needs. Unlike a VPN that exposes all of a device's malware and traffic to your network, REL-ID creates application-specific channels without relying on an entirely open network layer. This reduces the attack surface and enhances your BYOD capabilities.

The downside of application-specific channeling is that it can be laborious to support every legacy application on your network. So for VPN systems that connect 20-30 thick/thin client applications on a desktop, REL-ID might not be the right choice for a VPN replacement. There are still other ways to secure your network with REL-ID like REL-IDzero.

On the other hand... if your applications are all web-based or proxy-enabled, then REL-ID can certainly take the place of your existing VPN architecture. In addition, it can provide Single-Sign-On (SSO) capabilities to all of your web services.

The real benefits of replacing a VPN with REL-ID is the reduction in bandwidth overhead, administrative costs, and lag. While traditional VPN technologies start to breakdown after a few thousand concurrent sessions, requiring mesh-networks and other complex work-arounds or expensive hardware, REL-ID is built for IoT-scale. Replace your VPN mesh with REL-ID and see instantly better speed for web-apps, remote desktops, etc.

What about SSL?

The entire web is based on SSL/TLS for encryption and server-side authentication. We're not going to change that overnight. But from an architectural persepctive, we think REL-ID and our protocol, RMAK, is better and more complete.

SSL's a priori information is outside your control. SSL IS TRUST YOU RELY ON.

RMAK's a priori information is entirely in your control. RMAK IS TRUST YOU OWN.

SSL sends the PreMaster key over the channel to the other party.

RMAK never sends the key over the channel to the other party or stores it on the device. Keys are formed simultaneously at each end.

SSL is a sequential process.

RMAK is a truly simultaneous process.

Until everyone speaks RMAK, our products will always run perfectly in conjunction with the SSL/TLS infrastructure. REL-ID works alongside your SSL infrastructure. But if you want to know more about the problems we see with the architecture of SSL/TLS, take a look at the following resources:

  • Root CAs are not trustworthy. In September of 2015, Google’s Security Blog reported finding several Symantec issued certificates for google.com and www.google.com, that were issued without request or permission of Google itself. After further investigation, 76 domains and 2,458 certificates had been issued falsely by Symantec – indicating a serious process failure. Read more...
  • Root CAs can be hacked. In July of 2011, Dutch Root CA DigiNotar was broken into by an Iranian hacker. Fake certificates were quickly generated for some of the most common sites like google.com and for generic certs like *.*.com that give almost unlimited ability to sniff and decrypt packets, rendering SSL security useless for weeks until patches could be made. Read more...
  • Root CAs have not scaled appropriately. Internet certification authorities (CAs) are charged with the task of vouching for the identities of secure web servers. However, if CAs don’t validate the identities of the sites they vouch for, the whole system breaks down. The Electronic Frontier Foundation found 37,000 unqualified names with valid certificates, indicating a significant breakdown in the vetting process of certificate generation. Read more...
  • Governments undermine the Root CA model. In 2013, the French cybersecurity agency ANSSI was caught having minted intermediate certificates for sites it did not own, ostensibly to inspect traffic on their own network. The fact that a government entity may issue fake certificates for businesses or foreign entities without the their permission points to a serious structural flaw. Read more...
  • Certificates can not be their own A Priori validation. Recent attack types like Triple Handshake and DROWN use the mere presence of the certificate as a priori knowledge – constituting a logical loop and fallacy in TLS. This structural flaw creates vulnerabilities where the same certificate is being issued over insecure SSL protocols, making newer TLS protocols vulnerable. Read more...
  • SSL Pinning is one way assertion. Two-Way SSL is complexity with limited added security. SSL pinning only resolves the security of an application connecting to the right server. It does not, however, resolve the single point of failure of that server-side private key, nor does it provide any confidence about the maliciousness of the client application or the validity of the user credentials. It is a one-way solution only. Similarly, two-way SSL, if relying on PKI, is still subject to the same Root CA and a priori vulnerabilities mentioned above. Self-signed certificates require significant key management overhead and do not typically resolve the server-side private-key single point of failure. Read more...

Who's on the Team?

Bimal Gandhi

Chief Executive Officer

Robert Levine

VP of Business Development

James Villarrubia

VP of Product

Tejas Limaye

VP of Engineering

Julie Suter

VP of Marketing Communications

Who are the Investors

PRODUCTS

core

The REL-ID API-SDK available as a C library. All other implementations use this with wrappers or raw. The code base is common across all agents.

gateway

The REL-ID gateway server, with 4 unique runtime components, each individually scalable. The REL-IDgateway is delivered as a soft appliance.

mobile

The REL-IDcore wrapped in a mobile app. This mobile agent provides a base HTML/CSS/JS framework for UI/UX while maintaining the security of REL-ID.

desktop

The REL-IDcore wrapped in a desktop installable. This desktop agent provides a base HTML/CSS/JS framework for UI/UX while maintaining the security of REL-ID.

zero

The REL-ID authentication and verification solution, bringing mobile, in-band verification and scalable risk assessment. REL-IDzero is ideal for logins from untrusted computers and 100% transaction verification/non-repudiation.

Common Questions

Is your solution scalable?

Yes. Our REL-IDgateway has been scaled across millions of users by large financial institutions over the past two years. We’ve built it for performance and for Internet and IoT scale deployments.

Does your solution really close out the SSL vulnerabilities?

Yes. TLS/SSL has structural issues, typically around the third-party authorities in the certificate trust chain. Even with a perfect implentation of SSL, these vulnerabilities cannot be avoided. Self-signed certificates have become one alternative to third-party a priori trust, but the mechanisms of certificate delivery and diversity are still subject to scaling issues. REL-ID resolves both the structural problems of SSL while also creating the two-way uniqueness that two-way, self-signed SSL implementations have been attempting for years and have yet to easily deliver. Moreover, the way that REL-ID connections are established makes the protocol itself equivalent to or faster than SSL.

Is your solution difficult to implement in our environment?

No. REL-ID currently operates with applications connecting to gateway servers that sit in your enterprise DMZ. APIs are exposed from the REL-IDgateway Integration Server that can make any enterprise-side application into a REL-ID “aware” application, using the appropriate authentication, keys, and scopes for that application. Should an enterprise not want to use the default identity store inside the REL-IDgateway, the gateway server also exposes an LDAP BIND capability for bringing existing identity stores like ActiveDirectory into the REL-ID authentication process.

Is your solution too complicated for developers?

REL-ID has been built from the ground up with developers in mind. The Uniken engineers have created an endian-neutral, ANSI-C library of all the core functionality of REL-ID. They then built wrappers for each platform in order to do best-of-breed device fingerprinting for each type of device. Developers can take these device-aware SDKs and build them into any mobile or desktop application with a common set of API definitions and functions. Moreover, REL-IDmobile and REL-IDdesktop are being offered as open-source, javascript-based reference applications using the same REL-ID core libraries that we offer to our clients and their developer teams. We didn’t just build a secure communications SDK -- we built an open-source product around it. With ReactNative and Electron as the UI/UX frameworks, the time-to-market for new products with REL-ID security comes down from months to weeks.

Will your solution work well with other security tools and investments we have made?

Our REL-IDcore (the SDK) was built to provide absolute flexibility for clientside integrations and toolkits. We have already integrated many authentication toolkits into the REL-ID framework and are enhancing that list with the best-of-breed biometrics, set to be rolled out in the next REL-ID release. We are also planning to roll out a FIDO integration of REL-ID, in order to standardize the way that third-party toolkits can operate with the REL-ID SDK.

The REL-IDgateway has been built to provide flexibility with regard to both identity storage, like ActiveDirectory, as well as secure application connectivity inside your enterprise. We have identified a shift towards SaaS integrations and are building specific SAML/OAuth2/OpenID Connect capabilities into the REL-IDgateway. With this new flexibility, REL-ID can provide secure authentication from any device, as well as a Single-Sign-On experience with any third party application, all inside the REL-ID secure channel.

Solutions

RETAIL MOBILE BANKING
WHAT’S HAPPENING
The client, a large international bank, intended to launch a mobile-banking application for their retail customer base. Due to compliance and security issues, they struggled to realign their existing OEM. The failure to launch a mobile app became a significant detractor for retail customers.
ISSUES
  • Mobile banking offered a large attack surface.
  • Spoofed banking apps were popping up on AppStore & PlayStore
  • The existing app sent unencrypted traffic to the SSL library.
  • The SSL solution was still prone to a variety of attacks.
  • Mobile phones were constantly infected with malware.
WHY THEY USED REL-ID INSTEAD
  • Application is hosted behind REL-ID gateway, limiting access to only whitelisted devices.
  • Only whitelisted processes can access the app, so malware cannot intercept data.
  • Simultaneous and mutual authentication prevents phishing and MITM attacks.
  • REL-ID has inherent multifactor authentication (MFA).
  • REL-ID is available on Android, iOS, and WindowsPhone.
RESULTS WITH REL-ID
Using REL-ID, the Client was able to launch mobile banking services within a span of 3 months. Due to a shared user experience across multiple platforms, end-users were exceedingly satisfied, resulting in a 400% increase in mobile banking app usage in the first 6 months.
SECURE MOBILE PAYMENTS
WHAT’S HAPPENING
The Client, one of the largest Mobile Payment Solutions in South Asia, was authorized by it's central banking regulatory authority to set up semi-closed payment system in India. Users of this service can pay mobile and DTH recharge, utility bills, purchase goods, etc. at click of a button through their app.
ISSUES
  • The existing app was prone to MITM attacks.
  • The client wanted enhanced security of the data in motion (between application and server).
  • Customers were downloading fake apps and becoming victimized by spoofed purchasing with their stolen PII.
WHY THEY USED REL-ID INSTEAD
  • REL-ID API SDK integrates seamlessly with their existing app without impacting the user experience.
  • Relative identity and true mutual authentication provides complete protection against MITM attacks.
  • The new application could connect to the server using an App-to-App tunnel with end-to-end encryption, securing their data in motion.
RESULTS WITH REL-ID
REL-ID not only helped protect against MITM threat vectors, it did so without impacting the user experience, scalability, and performance of the app.
SECURE CRM ACCESS
WHAT’S HAPPENING
The Client, a large, Israeli, security integrator, was using a web VPN product to provide secure access over the internet to its sales team and their Microsoft Dynamic CRM portal. The user experience and speed were poor, pushing management to look at different solutions.
ISSUES
  • The web-VPN secure access for the Microsoft Dynamic CRM faced scalability and usability issues.
  • SSL is structurally reliant on 3rd parties or subject to MITM attacks, an increased danger for employees accounts.
  • VPN is slow and cumbersome to manage and roll out.
WHY THEY USED REL-ID INSTEAD
  • Compliance – The REL-ID agent provides better than traditional multifactor authentication.
  • Usability – REL-ID provides an easy to access, secure web-portal with Windows Single Sign On but without the hassle of VPN.
  • Simplicity – with REL-ID, you can present one dashboard with single-click access to all employee applications.
RESULTS WITH REL-ID
REL-ID replaced their existing VPN solution and improved the productivity of remotely working employees. The enhanced user experience of REL-ID helped to speed up the adoption of the technology as well as simplify the on-boarding of new applications/multiple portals.
SECURE MAIL & SAP ACCESS
WHAT’S HAPPENING
The Client, a large retail lifestyle firm, faced significant risk of directly exposing enterprise applications like SAP and Lotus Notes email to internet and intranet. Client needed a solution for secure access along with multifactor authentication for their employees to access these applications from home/field.
ISSUES
  • Remote access posed risk of exposing the apps & devices over public internet.
  • There was a loss of efficiency & productivity as employees were not able to access applications from home/field.
  • A poor digital experience lead to lower adoption of existing technology. Delays in service delivery at client location were due to cumbersome access process.
WHY THEY USED REL-ID INSTEAD
  • REL-ID offers secure access to all enterprise apps from a single dashboard.
  • REL-ID offers secure access to enterprise apps from own devices without risking the brand.
  • Inbuilt 2FA using device fingerprinting & binding avoids vulnerabilities due to loss/sharing of login credentials.
  • The architeture of REL-ID reduces internet footprint significantly.
RESULTS WITH REL-ID
REL-ID deployment provided a multifactor secure access to SAP and email applications to employees anywhere, anytime. It resulted in increased productivity & efficiency. As the applications were hidden behind REL-ID gateway the attack surface was significantly reduced.

Let's Get in Touch

Locations
7 World Trade Center
250 Greenwich St
New York, NY 10007
466 Southern Blvd
Chatham Township, NJ 07928
Teerth Technospace
S. No. 103
Mumbai Banglore Highway
Baner, Pune
Maharashtra 411045, India
Phone Numbers
US:
+1 212 520 2557
+1 844 33-RELID
+1 844 337-3543
Hong Kong:
+852 6417 4790
Pune:
+91 20 6725 3900