A few cents
Here at ZofToken, we aim to remove all the challenges preventing organizations from using secure authentication methods for all their users and we believe one of the main barriers is related to cost, hence our licencisng model was designed to be 'virtually free' for organizations.
That is why the annual cost (USD 0.50 per token per year) is not only guaranteed forever but also because it's so immaterial that it could even be transferred invisibly to the end user (e.g. as part of rounding in a service fee), having no financial impact at all whether it's an implementation for thousands or millons of users.
If your organization is a nonprofit or provides any type of social service, please contact us and we can discuss alternatives that adjust to your needs.
Quick and easy adoption
Our solution is based on the use of smartphones by the end users. Even though each implementation can be different according to the client's needs, our reference app supports an unlimited amount of tokens (potentially from different organizations) and it implements a very simple model for users, similar to the one they already know with their ATM card, which simplifies onboarding.
Adapting to different clients
In the case of existing or bespoke applications, our SDK provides all the elements and examples required to implement the user experience of choice for our clients, including the support of biometric scanning, one-time passwords or any other means of 2FA authentication that better suits each particular use case.
No need of a large data center to support millions of users
Our networking protocol between the server and the apps is low-latency and high performance.
Our central cryptographic primitive for authentication was selected because of its high security and efficency.
Load tests indicate that with inexpensive hardware (F2s from Azure) , our solution can support more than 10 million users operating at a reasonable frequency for a standard use case, such as a Home Banking service, or health related portals.
Easy to manage
ZofToken supports multiple enrolling methods (deeplinks, QR codes, one-time codes), and also simplifies the blocking, deleting and re-enrolling of users when necessary, in order to simplify administrative processes.
Easy to integrate
We provide a standard API for our backend, extensively documented and without any additional dependencies to other layers that might add complexity. This makes ZofToken trivial to connect with both modern and legacy systems.
Tokens for users can be segmented into multiple services with independent configurations and access levels, offering a high level of adaptability to each particular need (e.g. an organization might issue tokens for internal employees and also external clients on the same instance).
The status of each token can be requested by polling the API but also through webhooks, allowing multiple integration methods and enabling the usage of said tokens within existing systems and processes.
Industry standard cryptography
There is no secret sauce, ZofToken implements standard industry practices for cryptography, leveraging both native platform solutions and proven libraries.
Authentication secret protection in smartphones
Depending on the selected implementation for the app that integrates with ZofToken Server the secret can be protected with the functions offered by the SDK and/or stored within the device's secure storage.
It enables the user to open a token in a special state, which is indistinguishable from the app, allowing the organization to proceed according to established protocols.
Both the backend and the webhooks feature operate under TLS to protect all traffic.
Protected API functions
Each API endpoint within the API is protected by secrets (authkeys) which support whatever granularity level is required for the implementation.
Every webhook supports configurable secrets, to guarantee their validation by the receiving system.