Overview

Passwordless CryptPeer™ allows you to access your account without entering your password during authentication.

This authentication method relies on the CryptPeer™ and EviSKMS™ trust ecosystem to associate a digital identity, user certificate, trusted device and secure runtime environment.

EviSKMS™ Technology

Passwordless CryptPeer™ is based on EviSKMS™ — Evidense Segmented Key Management System — a sovereign trust technology enabling the secure management of identities, certificates, cryptographic policies and associated governance mechanisms.

The objective is simple:

  • simplify the user experience;
  • reduce password-related risks;
  • strengthen access security;
  • maintain control over digital identity;
  • ensure complete identity and certificate lifecycle governance.

Passwordless CryptPeer™ is the recommended authentication method.

A Different Approach

Passwordless CryptPeer™ is not based solely on a certificate or on simply removing the password.

Authentication is built on a complete trust chain that combines:

  • the user's trusted identity;
  • the CryptPeer™ certificate;
  • the trusted device;
  • the integrity of the runtime environment;
  • the organization's security policies.

Good to Know

No browser extension, no agent, no Passkey, no FIDO device and no third-party identity management service are required.

The user retains full control over their digital identity, certificate and trusted environment within the CryptPeer™ ecosystem.

First Use

Account Creation

During registration:

  1. Choose your CryptPeer™ username.
  2. Choose your initial password.
  3. Generate your CryptPeer™ certificate.
  4. Install the certificate on your device.

Your request is then validated according to your organization's governance policies.

Certificate Installation

Install your CryptPeer™ certificate on your device:

  • Windows;
  • macOS;
  • Linux;
  • Android;
  • iPhone / iPad.

This operation is performed only once per device.

First Login

  1. Log in with your username and password.
  2. Enter your TOTP code if you use one.
  3. CryptPeer™ automatically prepares your environment for Passwordless authentication.

No additional configuration is required.

Using Passwordless CryptPeer™

When your environment is ready, the following status appears:

READY

You can then select:

Passwordless CryptPeer™ Recommended

You only need to enter your CryptPeer™ username. Your password is no longer required.

Trust Principle

Passwordless authentication relies on consistency between your digital identity, your certificate, your trusted device and your organization's security policies.

Service Status

READY

Your environment meets the security requirements defined by CryptPeer™.

Passwordless CryptPeer™ is available.

NOT READY

Your environment does not yet meet the required conditions.

Possible causes:

  • certificate missing;
  • certificate expired;
  • certificate revoked;
  • device changed;
  • browser changed;
  • Trust Identity inactive;
  • security event detected.

If the Status is NOT READY

Temporarily use a traditional authentication method: username + password, or username + password + TOTP.

Security

Passwordless CryptPeer™ relies on multiple trust mechanisms integrated into the CryptPeer™ and EviSKMS™ ecosystem.

This approach enhances traceability, auditability and access governance in accordance with applicable security policies.

Trust Foundations

Passwordless CryptPeer™ relies on:

  • EviSKMS™ Trust Identity;
  • CryptPeer Runtime SSL;
  • Runtime Integrity;
  • Certificate Binding;
  • lifecycle governance;
  • PQC post-quantum cryptography;
  • ADN — Adaptive Digital Network;
  • IDEAS — Identity, Device, Environment & Access Security.

Trust-Based Authentication

During Passwordless authentication, CryptPeer™ simultaneously verifies:

  • the user's trusted identity;
  • the validity of the certificate being used;
  • the consistency of the trusted device;
  • the integrity of the secure runtime;
  • the identity lifecycle status;
  • the certificate lifecycle status;
  • revocation mechanisms;
  • renewal mechanisms.

Key Protection

No private key is exposed to the browser.

Cryptographic operations are performed within the secure CryptPeer™ and EviSKMS™ environment according to applicable security policies.

Cryptographic Mode

PQC

Passwordless CryptPeer™ relies on the post-quantum cryptographic mechanisms integrated into EviSKMS™.

Displayed Security Information

The security panel may display the following information:

  • Status: READY or NOT READY;
  • Cryptographic Mode: PQC;
  • Trusted Device: CryptPeer Runtime SSL;
  • Trust Identity: ACTIVE;
  • Lifecycle: ACTIVE;
  • Revocation: SUPPORTED;
  • Renewal: SUPPORTED;
  • Multi-Device: SUPPORTED;
  • Interoperability: X.509, PKCS#12, DSS, eIDAS.

Device Trust Level

CryptPeer™ may display a device trust level.

STANDARD

Standard software protection.

ENHANCED

Hardware protection available:

  • TPM;
  • Secure Enclave;
  • Android Keystore.

DEFENSE

Enhanced hardware protection with available attestation mechanisms.

Additional Indicator

This level is an additional indicator and is not required to use Passwordless CryptPeer™.

Available Authentication Methods

CryptPeer™ supports:

  • username + password;
  • username + password + TOTP;
  • username + password + certificate;
  • username + password + TOTP + certificate;
  • Passwordless CryptPeer™ Recommended.

Enabling TOTP remains strongly recommended but is not mandatory to use Passwordless CryptPeer™.

Changing Device

If you change your computer, smartphone or tablet:

  1. Install your CryptPeer™ certificate on the new device.
  2. Log in normally.
  3. CryptPeer™ automatically prepares the environment for Passwordless authentication.

Revocation and Renewal

CryptPeer™ supports:

  • certificate revocation;
  • certificate renewal;
  • identity revocation;
  • trusted identity renewal.

These mechanisms contribute to lifecycle governance for identities and access management.

Privacy

Passwordless CryptPeer™ never transmits your password during a Passwordless authentication process.

Private keys remain protected within the device security mechanisms and the CryptPeer™ infrastructure.

No private key is exposed to the browser.

Summary

Passwordless CryptPeer™ combines:

  • EviSKMS™ Trust Identity;
  • PQC post-quantum cryptography;
  • Runtime SSL;
  • Runtime Integrity;
  • Certificate Binding;
  • ADN;
  • IDEAS;
  • lifecycle governance;
  • revocation;
  • renewal;
  • EviSKMS™ technologies developed by Freemindtronic®.

Executive Summary

This approach provides sovereign passwordless authentication based on a trusted chain combining digital identity, certificate, trusted device, runtime integrity and cryptographic governance.