Our primary mission is building secure solutions for our customers and for the world. Security is the top of mind in everything we do and guides us in product design, development, deployment, operations, support and virtually all of our day to day activities.
Cyphercor is comprised of individuals that understand security, identity and access management and scalability. Our advisors are comprised of industry pioneers and thought leaders. Our founders are responsible for some of the largest secure identity and access management, Public Key Infrastructure and Government and private sector deployments in Canada. Our team also understands scale. Team members are responsible for building large scale systems serving millions of customers (Microsoft, Hulu), and processing billions of records daily at Tagged (>300M users).
With customers in North America, Europe and Asia we take this responsibility very seriously. We are proud to have delivered at least 99.999% uptime since our founding in 2011.
Platform and Approach
All aspects of the LoginTC platform undergo strict development and operational processes:
- LoginTC API and push network status monitored and published
- Code is peer-reviewed, each check-in undergoes hundreds of continuous integration tests
- Service is hosted in ISO 27001 Level 1 certified data centers which undergo annual SOC 1/SSAE 16/ISAE 3402 audits
- LoginTC connectors do not directly store user password information, rather leverage existing infrastructure with passwords remaining within the corporate network. Meaning that a compromise of LoginTC does not translate to a compromise of your passwords.
- 1:1 correlation between user hardware and enterprise identity achieved with Push Notifications and Secure Remote Password protocol
- Dynamic fingerprinting of the user hardware further protects against device cloning
- No certificate information is stored on the user hardware, i.e. nothing to compromise / clone
LoginTC leverages the NIST CMVP validated OpenSSL module and cryptography algorithms validated under NIST CAVP. Our algorithm validations are published and available to view, HMAC FIPS 198 algorithm, DRBG SP800-90A random number generation, and finally SHA/SHS FIPS 180-2 family of hashes. Verification of the cryptography library was performed by Computer Sciences Corporation.
Product Security Advisories
Can be found here.