Ideem
Ideem Technical Briefing
Published April 14, 2026
Supported by Brale , The Stable Coin Company and Refract Ventures
Overview
Ideem CEO Toby Rush walks through how modern cryptography can deliver invisible possession-factor authentication for banks, neobanks, and agentic-commerce flows. The briefing covers Ideem's FIDO + multi-party-computation "chip in software" model, device-plus-passkey binding on the same challenge, and a live Android demo of app-to-app bridging where a merchant webview verifies trust with a previously enrolled Yes Bank app via a silent push and an encrypted local channel — with no human in the loop.
0:00 Introduction to Ideem
Toby Rush introduces Ideem's work with a large global bank on modern cryptography for possession-factor authentication. The three factors — something you know, are, and have — and why generative AI weakens all three except hardware-bound "have".
1:03 The chip-in-software thesis
How credit-card EMV chips drove card-present fraud toward zero via a private key in the chip. Ideem puts the equivalent inside software — native apps on iOS/Android, browsers, embedded webviews — using the FIDO protocol with a multi-party-computation key split between device and server.
2:11 Invisible MPC authentication
The runtime flow: Ideem's SDK pulls a challenge from the relying party, signs it via MPC on the device, and returns it for validation. Two simple calls — authenticate and validate — with no public-key infrastructure required on the integrator.
3:03 First-time device enrollment
Enrolling a device into the "zero-trust secure module" on a browser (works identically on native apps). Post-enrollment, signing a long one-time passcode takes ~500ms with no user interaction.
4:21 Device + user binding with passkeys
Layering a FIDO passkey (biometric) on top of the device key so both the device and the user are verified. The two FIDO keys sign the same challenge and are cryptographically linked — fully auditable by regulators.
6:05 Bridging across apps on one phone
Solving first-time-on-device trust: an embedded webview in a merchant app asks the trusted bank app "am I on a trusted device?" via a silent push, the native app wakes, signs a FIDO challenge, and opens a local port for an encrypted app-to-app bridge.
7:49 Android demo: Yes Bank to merchant
Enrolling "Yes Bank" with Ideem's SDK, then paying inside a separate merchant app. The webview bridges to the native bank app (port 60766 in the log), proving same-device origin with PKI and no user interaction beyond tapping pay.
9:35 Agentic commerce implications
Every agent-commerce proposal — Visa, Mastercard, Stripe, Google, OpenAI — reduces to public/private keys for user identification, consent signing, and downstream auditable authorization. Ideem's primitives map directly onto that control plane.
Presented by Toby Rush — Ideem · LinkedIn · website
Topics:
