Technology

The Claveo Architecture

The Claveo system consists of three components: the client library that integrates into your secure service (e.g., your website), the Claveo server, and Claveo Mobile clients. A round-trip authentication includes the following:
  • End-to-end SSL verification
  • Authentication of your secure service against Claveo's server to prevent phishing for authorizations
  • Transactions signed by the Claveo Mobile client to prevent tampering in the case of the Claveo Server's compromise
  • New identicon sent per transaction to prevent session hijacking and spoofing (where available)

^ Top

Enrolling a Claveo Mobile Device

  1. Claveo Mobile generates a secure keypair and sends its secure device information (including public key) to the Claveo Server
  2. Claveo Mobile displays a setup code which the user types in to your secure service (this only happens once)
  3. The Claveo Library on your secure service retrieves the Mobile client's device information by querying the code from the Claveo Server
  4. The setup code is used to verify the device information's authenticity cryptographically
The Claveo System is now set up to transact secure, signed authorizations.

^ Top

Authorizing a Transaction

Authenticating using Claveo is as easy as asking a specific user account for an authorization through our Client Library. Our library and server handle all of the security and verification for you—your application just needs to wait for the response.

For example, imagine a web application authenticating their users with Claveo. This diagram illustrates what happens during every authorization.


^ Top

Claveo's Advantages

Our software is designed to give you the easiest, most seamless authentication experience possible with your existing platform while maintaining the highest level of security.
  • One-line request for authorization
  • Security and verification automatically handled
  • Client Libraries coming soon for PHP, Python, Java, Ruby, and ASP.NET
  • Identical interface regardless of who runs the Claveo Server
  • Mobile Device enrollment using generic Claveo applications (from the App Store, Android Market, etc.) automatically connect to your custom installation of the Claveo Server