Home/Products/Phantom Gate™

Authentication without credentials.

No passwords. No tokens. No stored private keys. Phantom Gate™ replaces credentials with ephemeral, hardware-bound authentication, built on Zero Trust Networking principles.

The Problem

Every authentication system stores something.

  • Password hashes: phishable, breachable
  • API keys: long-lived, high-value targets
  • FIDO credentials: device-bound but stored
  • Session tokens: replayable, stealable

Which means phishing works. Replay attacks work. Breaches expose credentials. Even modern systems still rely on persistent secrets.

What Phantom Gate™ eliminates

  • Phishing: nothing to capture
  • Replay attacks: nothing reusable
  • Credential databases: nothing stored
  • Provider access risk: nothing to retrieve
  • Session hijacking: key destroyed after use

How It Works

The Phantom Gate™ Approach

Phantom Gate™ replaces credentials with on-demand key reconstruction. Keys are built only during authentication, require mutual attestation, reconstructed inside secure hardware, and destroyed immediately after use.

1

Mutual Recognition Initiated

Client and server mutually verify each other's identity. Neither trusts the other by default.

2

Threshold Reconstruction

Both client and server contribute to a threshold reconstruction. Neither party alone can complete it.

3

Key Created in Secure Element

The authentication key is created inside the Toughkey™ secure element, never exposed to software.

4

Authentication Performed

The cryptographic authentication operation completes and access is granted ephemerally, with nothing persisted.

5

Key Destroyed

The key is immediately destroyed. No credential exists before or after the session.

Key Capabilities

Mutual recognition and hardware attestation

Mutual Attestation

Both client and server prove who they are before any data moves. No connection is trusted by default.

Hardware-Bound Auth

Authentication keys never exist outside certified secure hardware. Cannot be extracted or replicated.

Ephemeral WebAuthn

Next-generation WebAuthn augmentation that eliminates stored credentials from the equation.

Tokenless DevOps

CI/CD pipelines and DevOps workflows authenticate without long-lived API tokens or SSH keys.

Sovereign Identity

Identity enforcement that you control, with no dependency on third-party identity providers.

Enterprise Integration

Integrates with existing enterprise identity infrastructure. Complements rather than replaces.

Where It Wins

Built for the environments that need it most.

Enterprise Authentication

Augment password-based and MFA systems with hardware-bound ephemeral authentication for your entire workforce.

Banking & Regulated Access

Meet the strictest regulatory requirements for financial systems without the attack surface of stored credentials.

DevOps & CI/CD Security

Eliminate long-lived tokens from your pipelines. Every authentication event is ephemeral and policy-governed.

Workforce Identity

Zero credential databases means zero credential databases to breach. Eliminate the most common attack vector in enterprise.

Lokblok® Zero Trust Ecosystem architecture overview

Phantom Gate™ in the Lokblok® ecosystem

Phantom Secrets™, Lokblok® zero-persistence key reconstruction modulePhantom Secrets™Secure Terminal™, Lokblok® hardware execution layerSecure Terminal™ToughID™, Lokblok® hardware-bound identity attestation deviceToughID™Toughkey™, Lokblok® cryptographic hardware keyToughkey™

Related Features & Solutions

Zero Standing SecretsHierarchical SignaturesBanking & FinancePayments

No credentials. No compromise.

Get In TouchView Solutions