LEARNING

What to Know Before You Start with Circle Access

Implementation Options

Circle Access provides developer and Enteprise customers with two different UX options that can be implemented in 3 ways:

  1. Circle Access Mobile - as a standalone authentication solution to log into any Web site or application.
    • Your Smartphone is You.
    • By scanning a QR code, the end user can log-in to any Web site or application on any device (mobile, desktop/laptop device, tablets, etc.)
  2. Circle Access Desktop - as a standalone authentication solution for Desktops only
    • Your Device is Your Login.
    • User must have Circle Access Desktop installed on the device that is logging in to the Web site or application directly.
    • Currently only supported on Windows - MacOS users are given Circle Access Mobile as option.
  3. Circle Access 360 - where both UX options are available.
    • The end user can select and manage what they prefer.
    • The developer must implement the UI options that enable the end user to do this.

Whichever you choose, all use Circle Access Cryptographic Credential-free Authentication to protect access to your Web sites and applications. If you have not already, we recommend that you read:

Using Circle Guard to Implement Credential-free Authentication

It is also possible to implement and integrate Circle Guard together with the Identity and Access Management systems - whether that is the back-end of a Web site or application, or an integration partner of Circle such as Auth0, Forgerock, Ping Identity and others. In this case, the role of Circle is restricted to protecting data used for authentication purpses in Secure Capsules that are controlled by the Web server / application or IAM platform. This is a very different approach which requires development expertise, resources and the functional capabilities of such systems. There are many benefits and capabilities of Circle Secure Capsules that go far beyond storing authentication data and can be leveraged in this implementation approach. If you are interested in this, we suggest that you contact us for a free consultation before starting.

What Is Cryptographic, Credential Free Authentication?

With Circle Access, there are no credentials - i.e. a user name and password, or any other method of creating and storing 'secrets' on a server that is used to authenticate a user. All such methods are deeply vulnerable to attacks. Circle Access replaces with a radically better approach that achieves authentication with 3 very strong factors:

  1. Something You Have. A smartphone, PC or laptop.
  2. Something You Are. Biometric verification, with the option to escalate to Human-in-the-loop Identity Verification with Circle-of-Trust.
  3. Something You Do. Validation of a cryptographic authentication that can only be done with the private key uniquely created on and bound to the endpoint device controlled by that human end user.

You can learn more about that here.

While the Circle Access server does have a user concept, it only knows a User ID.   All personally identifiable information (PII) - including emails and phone numbers - are stored only on the endpoint device, and only hashes of them are stored on the Circle Access server.  There is no information on users that Circle Systems - or an outside or inside attacker - can gain access to on the Circle Access server.