Introduction

Principle

User email at the heart of the system

All over the Internet, a user's inbox is deemed reliable and confidential. This is the reason why almost all Internet services rely on users email addresses to register, to reset their accounts or to perform any sensitive operation.

RemAuth shares the same hypothesis and systematically relies on user inbox or any other media certified by user email address such as the RemAuth Control application.

For each authentication request, a single-use and limited lifetime message is sent to the required media. Using this link from a reliable source (e.g. email inbox) represents the act of authentication.

Depending on service requirements, the default authentication process can be strengthen with:

  • biometric checking,
  • checking of additional physical factors (September 2017).

Functioning overview

HTTP API and Control Applications

The diagram below summarizes the general operation of the RemAuth service with its three main components:

  • The API server is the core of the RemAuth service: It provides authentication and related adminstration services to customer systems as well as it manages exchanges with authentication sources of end users.
  • The Customer Center is a web dashboard for service providers to define authentication services and to retrieve all the operation data.
  • The RemAuth Control application is intended for end users. It provides both a real-time remote control of RemAuth-authenticated services and a dashboard for managing their accounts and services.