Claveo Architecture

The Claveo Protocol Phase 1


The Claveo Architecture is built upon 4 principles:
  • The authorization request is routed to the mobile phone,
  • User examines the request, and approves or disapproves it,
  • The communication between all parties are SSL-encrypted,
  • The Claveo Server never keeps sensitive information.

These principles formed the building blocks of the protocol in which personal information is not accessible to third parties and there is no need for all-time or one-time passwords, or even trusted third parties. The Claveo Protocol Phase 1 has 4 stages, with Authorization Request starting from the Service, and the Final Response returning back there.

The Claveo Protocol Phase 1 assumes only one type of participating device. This original idea is now significantly modified during Phase 2, and the new protocol includes several types of participants with varying properties.

The Claveo Protocol Phase 2


The Claveo Protocol Phase 2 has several new principles:
  • Essentially there are two types of participants: Active and Passive:
    • A mobile phone with an operating system and Internet connection is an active participant
    • A Bluetooth tracker or an NFC card or an USB token is considered a passive participant
  • During the execution of the protocol only a subset of the participants are assumed to be present
  • Additional properties of the participants have different purposes and uses, which include:
    • Presence (on network)
    • Nearness (geographical)
    • Cryptographic Engine

These principles led us to build a much more sophisticated and complex protocol, for which we are applying for several US patents. The communication security among the active participants, the Claveo Server and the resource is still a must, however, the passive participants need not have Internet or SSL capability. Furthermore, the Claveo Protocol Phase 2 relaxes user participation, and making it more spontaneous.