Cryptographic continuous passive authentication

Relock is a high-frequency cryptographic key rotation server that authenticates each individual request using ephemeral secrets. This enables digital platforms to implement continuous passive authentication with no user friction.

By leveraging rapid, per-request key changes, Relock ensures every interaction is independently verified, enhancing security posture while maintaining a seamless user experience. The service is designed to scale effortlessly, making it ideal for use cases requiring both high performance and uncompromised trust.

• Tutorials
  • Run pre-built demo app
    • Set up storage
    • Start Relock service
    • Create local hostname record
    • Create self-signed certificate
    • Set up demo app storage
    • Start demo app container
  • Run demo app from source
    • Set up storage
    • Start Relock service
    • Create local hostname record
    • Create self-signed certificate
    • Set up demo app storage
    • Clone demo repository
    • Start Python virtual enviroment
    • Install app dependencies
    • Install Relock Python SDK
    • Configure environment variables
    • Run demo app
• System architecture
  • Communication flow
  • Availability and scalability
• Storage
• Relock TCP server
  • Server start
  • Connecting to storage
  • Docker deployment
  • Observability
    • OpenTelemetry
    • CAEP Shared Signals
  • TCP endpoints
    • after
    • before
    • check
    • clear
    • close
    • confirm
    • exchange
    • expose
    • members
    • missing
    • nonce
    • open
    • protected
    • revoke
    • screen
    • sign
    • token
    • user_accessed
    • user_logged_in
    • user_logged_out
    • validate
    • verify
    • xsid
  • Server configuration
    • General settings
    • Time-to-live (TTL) settings
    • Storage and caching settings
    • Behavior settings
    • Key rotation settings
    • JavaScript client settings
    • Cookie settings
    • Observability settings
• Backend integration
  • Request validation flow
    • Participants
    • Sequence of events
  • TCP client
    • Service discovery and load balancing
  • Message formatting
  • Message length
  • Request authentication
    • Before the request
    • After the request
    • Key rotation control
  • Required HTTP routes
    • /relock/relock.js
    • /relock/open
    • /relock/close
    • /relock/clean
    • /relock/clear
    • /relock/exchange
    • /relock/validate
• Frontend integration
  • Fetch API requests
  • Relock events
    • Key established event (XKeyEstablished)
    • Rekeying events (XReKeying and X-Key-Rekeying-Done)
    • View change events (beforeunload and x-close)
  • Exposed properties and methods
    • Properties
    • Methods
• Reference
  • Status codes
    • 200 - OK
    • 400 - Bad Request
    • 401 - Unauthorized
    • 403 - Forbidden
    • 404 - Not Found
    • 406 - Not Acceptable
    • 409 - Conflict
    • 410 - Gone
    • 417 - Expectation Failed
    • 423 - Locked
    • 426 - Upgrade Required
    • 451 - Unavailable For Legal Reasons
    • 503 - Service Unavailable
• Security architecture
  • Mechanism
    • Advanced session verification
      • Established clients
      • New clients
    • Continuous verification
  • Key properties
    • Interdependent client and server
    • Triple verification of the client
    • Real-time threat mitigation
    • Configurable robust security controls
    • Detailed, deterministic threat alerts