UR-IRaA
Identity Request Authorisation & Authentication
Decentralised, Consent-Driven Digital Identity — Powered by URCASH OpenBanking
The Identity Problem We Solve
Current Pain Points
- Billions of passwords stolen in data breaches every year
- Fragmented logins across hundreds of services per user
- Opaque consent — users don't know what data is shared
- No portable, bank-grade identity layer for digital services
- Identity silos make cross-border access cumbersome
- Weak authentication leads to account takeover fraud
- KYC repeatedly duplicated across every platform
- No user-controlled revocation of authorisation grants
UR-IRaA Solution
- Bank-verified identity replaces passwords entirely
- Single UR-IRaA credential works across all integrated services
- Granular, explicit consent approved per-request on device
- OpenBanking-anchored identity — bank-level assurance
- Portable credential valid across 85+ countries
- Device-to-device multi-factor authentication by default
- One-time KYC, shared securely with user consent
- Instant consent revocation from the URCASH dashboard
Core Value Propositions
Portable Digital Identity
One UR-IRaA credential, verified once through your bank, recognised by every integrated service globally — no more repetitive sign-up forms or document uploads.
Zero-Password Security
Cryptographic device-bound authentication eliminates password databases as an attack surface. Every login is biometric + device-possession verified.
Explicit Consent Flows
Every authorisation request is pushed to your registered device in plain language. Approve, deny, or scope-limit each consent with a single tap — full transparency always.
Bank-Grade Assurance
Identity is anchored to your verified bank account through URCASH OpenBanking APIs, delivering a LoA3-equivalent assurance level trusted by regulated institutions.
Cross-Border & Multi-Currency
UR-IRaA works across 85+ countries and currency zones. One identity travels with you — no per-country re-verification, no fragmented digital presence.
Instant Revocation Control
Users can revoke any issued authorisation token in real time from the URCASH dashboard — immediate, auditable, and fully user-controlled at all times.
How UR-IRaA Works
1
Create UR-IRaA Identity
Download the URCASH app, link your bank account via OpenBanking, and complete a single KYC to generate your cryptographic UR-IRaA credential
2
Service Sends Request
Any UR-IRaA-integrated service sends a structured authorisation request to your UR-IRaA credential instead of asking for a username and password
3
Push Notification
Your device receives a clear, plain-language push notification showing exactly what the service is requesting access to and why
4
Biometric Approval
Authenticate with biometrics or device PIN to approve the specific scoped consent — your private key never leaves your device
5
Token Issued
A time-limited, scoped authorisation token is issued to the service — providing only the data consented to, nothing more
6
Monitor & Revoke
View all active authorisation grants across every service in your URCASH dashboard and revoke any instantly with a single tap
Authentication Architecture
End-to-end flow from identity claim to authorisation token — no passwords, no shared secrets.
User Device
Biometric + device-bound private key. Credential never leaves the device.
→
UR-IRaA Request
Service sends a signed, scoped authorisation request via URCASH API.
→
OpenBanking Anchor
Identity assertion verified against bank-confirmed account ownership.
→
Consent Engine
User approves on-device; scoped token minted and time-bounded.
→
Authorisation Token
JWT / OAuth2-compatible token delivered to the requesting service.
Key Use Cases
Regulated Financial Services
KYC-verified identity shared on consent for onboarding at banks, brokerages, and lending platforms — one verification, many relationships.
Healthcare & Medical Records
Patients grant scoped, revocable access to medical records for practitioners — full audit trail, no password vulnerabilities.
Education & Credential Verification
Students and professionals share verifiable credentials and qualifications with institutions or employers via signed UR-IRaA tokens.
E-Commerce Age & Identity Verification
Merchants confirm age or residency without storing sensitive personal data — GDPR-compliant, instant, frictionless.
Enterprise SSO & Access Control
Replace corporate password vaults with bank-anchored identity for employee and contractor access to internal systems.
Cross-Border Digital Services
Individuals accessing services across 85+ country zones present a single portable UR-IRaA credential without repeated onboarding.
Integration & Standards Compliance
UR-IRaA is designed to slot into existing authentication and identity ecosystems — no proprietary lock-in.
OAuth 2.0 / OIDC
Fully compatible with OpenID Connect flows, enabling drop-in integration with any OIDC-aware application or IdP.
FIDO2 / WebAuthn
Device-bound private key authentication aligns with FIDO2 standards for passkey-grade security on every platform.
UK & EU OpenBanking
Identity anchored via PSD2/PSD3-compliant OpenBanking APIs — bank-verified, real-time, and regulator-recognised.
UK GDPR & eIDAS
Consent model and data minimisation principles are designed to be compliant with UK GDPR, EU GDPR, and eIDAS 2.0 regulations.
REST API & SDK
Developer-friendly REST APIs with Java, JavaScript, and Python SDKs for rapid integration into any platform or microservice.
Verifiable Credentials (W3C)
UR-IRaA tokens are structured as W3C Verifiable Credentials, enabling interoperability with decentralised identity ecosystems.
Market Opportunity
The global digital identity market is projected to exceed $49 billion by 2030, driven by regulatory mandates, the collapse of password-based security, and the rapid digitisation of financial and public services. UR-IRaA positions URCASH at the intersection of OpenBanking, decentralised identity, and consent management — three of the fastest-growing segments in fintech infrastructure.
Competitive Advantages
UR-IRaA uniquely combines OpenBanking-anchored identity assurance with user-controlled consent and zero-password authentication — delivering bank-grade trust without the complexity of traditional PKI or the privacy risks of federated social login.
Bank-Anchored Trust
Unlike social login or email verification, UR-IRaA identity is anchored to a real, regulated bank account — the highest commercially available assurance level.
No Central Identity Store
URCASH does not hold a central database of user credentials or personal data — private keys live on devices, eliminating the single-point-of-compromise risk.
Instant Cross-Platform Reach
Any service integrating URCASH OpenBanking APIs gains instant access to a growing global base of pre-verified UR-IRaA identities across 85+ countries.
Build with UR-IRaA
UR-IRaA represents the next generation of digital identity — bank-verified, consent-first, and globally portable. We are seeking strategic integration partners, early enterprise adopters, and investors to scale the world's most trusted passwordless identity layer.