simple sdk drop-in
save your users time
works with any authentication solution
never touch users' private data
show your users some love
Improve your app’s security and user experience with Satid's simple SDK drop-in. Because your users will authenticate simply by touching their mobilevs, they’ll avoid the annoyance of strong passwords or OAuth. Because Satid uses Secure Enclave and Touch ID, the entire authentication process occurs outside of your domain. You never touch users’ sensitive data.
They retain their privacy. You minimize your liability.
how satid works
Our APIs allows Touch ID to unlock Secure Enclave so it can digitally sign session tokens for authentication. Authentication only happens when the user touches the mobile’s button.
Once Satid is installed in your app:
1
The user opens your app and presents her fingerprint
2
The user opens your app and presents her fingerprint
3
The user opens your app and presents her fingerprint
4
The user opens your app and presents her fingerprint
5
The user opens your app and presents her fingerprint
6
The user opens your app and presents her fingerprint
The public keys and signatures exposed to your application and to Satid are useless without the private key stored safely and permanently inside the Secure Enclave. Because jailbreakers can’t access the Secure Enclave, they can’t steal the private keys.
In the first login, the user will have to authenticate with a username and password. In subsequent logins, she’ll securely and uniquely re-identify with her fingerprint.
simple sdk drop-in
First, add Satid to your mobile app
Last, teach your website to recognise Satid's authentication
When you add Satid to your app, you get cryptographically proven authentication backed by one of the leading computer security shops in the world: Trail of Bits. We provide all the Ruby middleware and Objective-C client libraries you need.
that's it
There are no additional requirements. Just add the Satid SDK to your app, and you re set to focus on development.
Hosting
Satid is hosted as a service. Middleware is the go-between users and Satid. Satid maintains the valueless database of public keys to confirm successful user authentications.
Local hosting - Please contact us for details
absolute privacy guaranteed
If the Satid database were breached tomorrow, the attackers would gain nothing.
That's because Satid doesn’t store any data off of users’ devices. (Start a free trial to see our source code.) Users’ tuples stay in the Secure Enclave. Even if an attacker saw the entire Satid database, he couldn't correlate groups of login tuples to users. Satid just provides an 'authenticated/not authenticated' decision.
Satid doesn’t collect fingerprints. That’s Touch ID’s job: it collects users' fingerprints for authentication and stores them in the Secure Enclave. That’s completely opaque to Satid. By design, Satid never knows who’s logging into your app, and you never have to touch users’ login credentials.
get the Satid api now for free
And access the libraries you need to create passwordless apps
PRICING
Until January 15th, 2021
All accounts free. We will not implement billing or request limits.
After January 15th, 2022
DEVELOPER FREE
Less than 100k API calls per month
STARTER |
|
$ 39 /month/app |
| Up to 1 mil API calls |
LITE |
|
$ 59 /month/app |
| Up to 5 mil API calls |
PRODUCTION |
|
$ 79 /month/app |
Up to 10 mil API calls |
FAQ
How are you protecting my data?
Your data never leaves your system. The middleware strips out your data and passes us only the cryptographic hash and a signature for validation.
We collect the least data necessary, and make it valueless through the use of cryptography. If an attacker succeeds in hacking us, they get nothing. The credentials we store (public keys) can’t be reused like a password.
Beyond that, we used the simplest, most easily testable components possible to get the job done. Padrino+PostgreSQL on Heroku. All our code has tests and was reviewed by our Security R&D team prior to use.
How is this safer than Touch ID gated app access?
Attackers and Jailbreakers can’t grab the key from the Secure Enclave. Touch ID could be patched out from the app’s binary code.
Copyrighted 2015 Satid. All Rights Reserved.