Beyond Identity came out of relative stealth mode recently, with the announcement of a $30 million series A investment from Koch Technologies and New Enterprise Associates. They are focusing on the age old issue of password management – “Eliminating passwords completely is the only answer – not using stronger passwords, password managers, or adding friction with multi-factor authentication. But eliminating passwords is just the beginning”.
Quick Facts
- Founded – February 2019
- HQ – New York, USA (with other offices in Miami and Dallas)
- Founders – James Clark (Chairman), Thomas Jermoluk (CEO)
- Board – James Clark, Thomas Jermoluk, Forest Baskett, Byron Knight, Hilarie Koplow-McAdams
- No Employees – < 50
- Total Funding – $30 million
Source: https://www.crunchbase.com/organization/beyond-identity#section-overview
The history of the founders (especially the likes of James Clark) is deep and respected, having founded the likes of Netscape with their roots within the Internet browsing and SSL space. They will be highly networked and able to open doors commercially with some of the world’s biggest organisations.
Solution Description
Our mission is to empower the next generation of secure digital business. By replacing passwords and creating a fundamentally secure Chain of Trust™, our customers are able to increase business velocity, implement new business models, and reduce operating costs.
Company Mission Statement – https://www.beyondidentity.com/company
- Focus on eliminating passwords for general authentication scenarios against on premise and cloud services
- Is focused on an employee/workforce environment for corporate enablement with an SDK option available for consumer based use cases
- A client is involved that is downloaded on to the desktop via an enrolment/invitation email
- Client generates an asymmetric key pair on the device – it seems this is a self signed key pair and no CA is needed – with the operating system trusted platform module being used to store the private key
- The interaction between the client device the the Beyond Identity service, claims to also contain device meta information and user identity (assuming there is some sort of authentication pre-step before the user is sent the invitation email)
- The client device performs a JWT based challenge/response authentication dance to the Beyond Identity service – which in turn becomes an SSO identity provider to connected apps.
- An existing trusted device can be used to on-board other devices, via the generation of a QR code
- The example demo video uses Expensify as a consumer of passwordless authentication. The details of the integration are not described, but Expensify supports SAML2 based SSO, so Beyond Identity could be acting as a SAML2 identity provider, with the trusted device, where the client software is running, is performing passwordless authentication to this IDP, which generates the necessary assertions to downstream applications
NB – Post updated to reflect correct founding date of Feb 2019 and details relating to founders – Editor April 29th 2020.