How it works

Explore the technology behind DGMV-ID

Passwordless authentication

Web2 environments commonly use basic forms of authentication – such as usernames and passwords – with extra layers of security, such as 2FA, token authentication, biometrics, computer recognition, CAPTCHA and single sign-on.

The challenges and complexity of these methods lead to both careless password creation and improper use. Even when used correctly, there is evidence to suggest that strong passwords with multi-factor authentication are still vulnerable to hacking – whether that’s due to inadequate safeguarding by the user or the organization.

We know that users don’t like using passwords. They understand the need for unique, complicated credentials, but many struggle to remember them without writing them down, and often need to reset them due to forgetting.

As a result, many websites and services are implementing passwordless, decentralized login systems. Because while centralization is convenient, it often creates dependencies and lowers security – which is exactly why DGMV-ID is decentralized by design.

DGMV-ID provides passwordless entry to websites, platforms and services in Web3 environments, using multi-factor authentication (MFA) comprising QR codes and biometrics. This challenge-response technique is based on the DigiByte Blockchain wallet, and provides complete protection from account takeovers for both users and service providers thanks to key exchange and digitally signed messages. In mobile web environments all you need to do is tap the QR code – no need to use the browser extension or scan the code.

Password and two-factor authentication (2FA) generator

As well as Web3 passwordless authentication, DGMV-ID also provides security for traditional Web2 environments with its Password Generator and 2FA TOTP (Time-Based One-Time Password) feature.

The DGMV-ID app generates unique, complicated passwords for all websites and platforms with password and username based login systems. All generated passwords are strong, deterministic and impossible to break with brute force. While current password managers might create secure passwords, they usually store them, which creates an attack vector. DGMV-ID prevents this by generating new passwords for every login, so there’s no need to store them anywhere – not in the app or in the backend servers.

The DMGV-ID desktop browser extension transmits the password using ultra-secure one-time pad (OTP) encryption technology. To use the password generator, all you need is the DGMV-ID mobile app and desktop browser extension. Service providers don’t need to change anything in their backend or websites.

In mobile web environments all you need to do is tap the QR code – no need to use the browser extension or scan the code, simply select the DGMV-ID app on the mobile webform.

To use the DGMV-ID app to log in to websites or platforms on your mobile device, you’ll need to enable autofill.

A white label solution

The DGMV-ID app is multi-tenant, which means you can white label it – customizing the branding, interfaces and features to match your needs and brand. This means we can give lots of customers a tailored experience, without the need for separate infrastructure. It’s all about streamlining maintenance, updates and scalability, while maximizing data security and privacy.

DigiByte blockchain technology

DigiByte is a public, open-source blockchain that was launched in January 2014, making it one of the longest-running UTXO blockchains in the world.

This innovative blockchain is fueled by a community of enthusiastic volunteers, and can be used to create and secure digital assets and smart contracts, run decentralized applications and provide secure authentication. It’s 40 times faster than the Bitcoin chain, and is completely decentralized – having never held an ICO.

Right now, we use the DigiByte blockchain to run our core product, DGMV-ID, which enables digital fingerprints – also known as hashes – to be stored.

This creates an immutable, tamper-proof source of truth, with no reliance on third-parties. DGMV-ID builds on robust DigiByte blockchain wallet technology, leveraging advanced mathematics, cryptography, and nonces to enhance security.

The DGMV-ID browser extension

The DGMV-ID Browser Extension displays QR codes that enable the creation of unique credentials for each individual webform. You must have it installed to use the Password Generator effectively on a desktop browser.

Underpinned by transport layer security (TLS), the extension communicates with a relay server to obtain the right credentials.

The browser also generates a one-time pad, which can then cryptographically derive multiple private keys, ensuring no third party can view sensitive information, and that only your extension and app share the encryption keys.

The autofill function will then seamlessly complete the webform. Supported browsers: Chrome, Safari, Brave, Mozilla and Edge.

The DGMV-ID Enterprise Dashboard

The Enterprise Dashboard allows you to monitor and control the access and security measures of your workforce devices as they use the Password Generator.

As an admin, you’ll have a complete overview of installed devices and active seed phrase licenses. You’ll also be able to invite other admins and users on board.

In future, we will enhance the dashboard to include features such as specific roles and authorizations.

While consumer DGMV-ID licenses connect the password generator browser extension with a public endpoint, enterprises license connect to private endpoints, allowing admins from each specific organization to manage use.

Enterprise entry to the dashboard requires a decentralized endpoint that’s unique to your business. You must have a valid enterprise license key, which will be activated following a successful registration process.

Once your license is installed, the dashboard will show a clear picture of how many seed phrases are in use and how many devices are protected with DGMV products.

DGMV-ID passwordless backend integration

DGMV-ID is a Web3 entry solution designed to help consumers and businesses access websites, platforms and services securely through passwordless, username-free authentication.

The solution allows you to authenticate yourself effortlessly by scanning a QR code and confirming your identity with biometrics – establishing strong multi-factor authentication (MFA).

Built on the DigiByte blockchain key exchange, and digitally signed messages, this technique protects both user and service provider from the risk of account takeover.

Implementing DGMV-ID is simple for service providers. All it requires is a small backed adjustment to link a QR code and public key information to your account database.

By integrating our Identity Server, DGMV-ID can also seamlessly become part of a single sign-on solution (SSO) through OpenID Connect (OAuth 2.0). For websites and services, integrating DGMV-ID comes with a DGMV-ID SOAP API V3, which allows you to facilitate authentication through the DGMV-ID app in any programming language.

SOAP has several advantages compared to REST. It faciliates:

• Language, platform, and transport independence

• Private API development, especially for large enterprises

• The transfer in a decentralized, distributed environment

• A variety of web security mechanisms, which make it ideal for enterprise solutions

• Stateful calls, which means the server stores client information and uses it over a series of requests or chain of operations

• Independence from an underlying transport protocol, so HTTP is not essential

• Multiple possibilities for API server infrastructure deployment from on-premises to cloud and decentralized cloud

DGMV-ID identity server (support for OIDC)

DigiCorp is developing an identity server to enable secure, passwordless authentication methods with DGMV for OpenID Connect (OAuth 2.0). This will support a number of potential functions, such as using DGMV-ID with OKTA or AzureAD, performing website logins supporting SSO OpenID connect, and more.

We are translating the DGMV-ID challenge-response system into a form that can be conveyed through the standard OIDC authentication flow can communicate by registering users (public keys) and connecting with verified identities in the IdP directory (like OKTA or AzureAD).