About |
At Zerid, we are in the business of trust; therefore, security is foundational in our mission to
fight against fraud and scams. By design, every caller validation done through Zerid holds a
non-repudiation guarantee. This document how we do this and more.
Organizations can configure user authentication on Zerid either through magic links or
through Single Sign-On. We do not store any credentials. We use PropelAuth for authentication
Onboarding process
Any organization that wants to use Zerid must go through our KYB (Know Your Business)
process. Furthermore, we store a Digital Certificate (ECDSA P-384) for each onboarded
organization - this can either be issued by Zerid or by a trusted CA (in which case we only
support EV certificates). A company’s certificate is used to perform validations.
How validations work
To create a validation code, clients first generate a single-session RSA key pair and send the
public key to Zerid to obtain a code
á When the code is validated on the Zerid platform, that organization’s Digital Certificate is
encrypted using the user’s public key and signed with the organization’s private key. This
means that the validation information can only be decrypted in the same browser session
in which the code was generated
The certificate is verified and the detail of the organization are read from it.
This process guarantees that validations are non-repudiated.