User Authentication

Secubit secures user authentication with a direct, end-to-end link between the end-user and the Hardware Security Module (HSM). Instead of relying solely on cloud servers or application intermediaries, every critical wallet operation is cryptographically bound to the user’s device and identity.

When a user initiates an action, their device’s Secure Element or PassKey signs the request locally, often gated by biometrics such as fingerprint or Face ID. This signature travels with the transaction request all the way to the HSM. The HSM, before processing, verifies that the request was indeed authorized by the registered user device.

This architecture ensures that even if an intermediate server (e.g., a WaaS service or custody platform) is compromised, attackers cannot fabricate valid signing requests. The HSM will reject any request that lacks a genuine user-device signature.

By requiring user approval for each request, Secubit eliminates the risk of blanket approvals or silent server-side substitutions. The combination of strong device-bound authentication, biometric protection, and hardware-enforced verification creates a trust model that does not depend on network security or server integrity—only on cryptographic proof.