What is it?

PS Key™ is the first ever decentralized two-factor security. It's also the fastest ever two-factor security. PS Key is the most advanced two-factor security. Period.

Security should feel natural, not tedious.

PS Key is a mobile application and it is the most convenient and the most secure two factor security tool there is. Unlike its major predecessors, Google Authenticator and Authy, PS Key does not require you to type a time-sensitive code each time you want to access your two-factor-protected accounts.

With PS key you just need to scan a QR code and the unlock is instantly completed...did we already say it's simple?


At a glance: decentralized two-factor security

PS Key™ is the first ever decentralized two-factor security. PS Key™ Decentralized uses no shared secrets like standard RFC 4226 (HOTP) and RFC 6238 (TOTP) two-factor implementations, and the cryptography is 1.2*10^70 times stronger.

Users have full control over their two-factor security keys and can disable or change them at will independent of any applications, websites, or services that the keys are protecting. The same keys can be safely used to protect multiple services.


DTFA-Decentralized two-factor authentication

PS Key™ has not only improved the usability of existing two factor implementations and the security of existing two-factor algorithms such as OTP and TOTP. PS Key has invented an entire new category of two-factor: Decentralized two-factor authentication. We like to call it PS Key Decentralization.
If it isn't broken, why fix it?

Decentralized two factor overcomes perhaps the greatest security hole known to exist, one that has thus far been ignored by existing two-factor implementors--shared secrets. In standard HOTP/TOTP two-factor authentication, a secret is generated by an operator and is then shared between the operator and the client user, both parties often storing this information in plain text. Man-in-the-middle attacks are generally averted due to SSL, but since the secret is known by multiple parties, the chance that it will eventually be leaked must always remain a concern. Traditionally, this risk has been regarded by operators as acceptable since two-factor is considered a secondary security measure.

If it is broken....

Using a type of one-way hashing algorithm (IE: TOTP/HOTP), evolving, consistent psuedo-random products can be achieved between a client and operator using the shared secret as an input. These products can then be verified for authenticity via comparison, but because it's not user-friendly to require clients to type in something that is truly cryptographically secure, the resulting entropy is truncated, typically to a magnitude of less than 24-bits (10^7 possible results), but can even be as low as 16-bits (a mere 65,536 possible results). Although it works at a much higher level, this behavior is not unlike deliberately breaking a psuedo-random number generator in such a way that two separate machines share a seed and the random numbers are 32-bit integers. However, the broken pseudo-random number generator would be at least 430 times stronger. Ultimately, it feels more like a hack than a solution.

Naturally, a frequent problem occurs with shared secrets when a client loses their copy. Often times, the operator will have to request additional personal information from the client so that his/her identity can be verified; since two-factor is often used in finance software and involves a lot of risk, this generally requires operators to provide human support, and as such is a long and problematic process.

PS Key decentralization is the solution?

PS Key Decentralization successfully addresses all of these problems. First, PS Key Decentralization solves the problems associated with shared secrets by eliminating shared secrets entirely and by using asymmetric cryptography (public/private key pairs). Instead of a need for the operator to be an authority on secrets, clients are the sole authority, and not just with the private keys, but the public keys as well.

How this works...

Using PS Key, a client generates a 2048-bit private key from which a public key is derived, and while only the public key is shared, it may come as a surprise that the public key is not shared directly with the operator. Instead, the public key is saved to an Alias on the Nxt blockchain, controlled by the client's own Nxt account, and only the alias ID is shared with the operator. When the operator needs to authenticate a user, the operator will query the Nxt blockchain for the user's public key.

Decentralized authentication with an operator

PS Key will generate a hash that is similar to TOTP, but it uses SHA256 for the result and all 256-bits of resulting entropy are ultimately preserved (TOTP and HOTP generally utilize less than 24 bits, which is a difference between 1.2*10^77 and 10^7 possible results--that "difference" in strength is almost unfathomable and would still look like 1.2*10^77 in notation). PS Key will then encrypt that result using the client's private key and send that encryption cipher to the operator. The operator will generate the same TOTP-esque SHA256 result, then decrypt the received encryption cipher using the client's public key as would be retrieved via querying the Nxt blockchain for the client's known alias ID. If the result matches, the client can be authenticated.

What all of this means for the user...

In this design, if the client ever loses their private key or their private key becomes compromised, he/she can simply generate a new one and update his/her alias on the blockchain with a new public key. In this way, the client has full control over his/her two-factor authentication keys, both private and public--this alias can even be safely shared with multiple operators. The operators never know any secrets or sensitive information, only an alias, and yet an almost incomprehensibly greater level of security is achieved.


Developers / operators

PS Key™ has a built-in API for any operator/developer to take advantage of the app for securing their website, application, game, or any other type of service. PS Key™ is the perfect tool for users who want to securely generate, store, and manage their keys. PS Key is also the perfect tool to use for safely authenticating a user's keys with operators. The decentralized part of the PS Key code is open-source, open to public review, and can be downloaded here.

The fastest two-factor, ever.

Never manually type in a 2Factor code again! PS Key™ allows you to unlock your account instantaneously. Simply open up the app, scan a QR code and you're in! ^_^

A beautiful, simple & fast app

The UI is responsive, quick and intuitive.

Legacy support

PS Key™ has legacy support for centralized two-factor security which uses an improved version of RFC 6238 (TOTP) for those of you who do not yet wish to reap the benefits of going fully decentralized.

Questions / press inquiries

Any curious person, business, or media/press personnel may contact us with inquiries about PS Key™ via e-mail [email protected].