SciTransfer
ReCRED · Project

Your Phone Becomes the Master Key to All Your Digital Accounts — Securely

digitalPilotedTRL 7
recred.eu

Imagine carrying one master key that unlocks every door in your life — your office, your bank, your online shopping — but if someone steals it, it stops working for them instantly. That's what ReCRED built for the digital world. They turned your smartphone into a single secure gateway for all your online accounts and services, using things like your face, your typing pattern, and encrypted credentials so no one else can pretend to be you. They tested it across 4 real-world pilots with 13 organizations across Europe.

By the numbers
4,997,242
EUR in EU funding for development
13
consortium partners across Europe
8
countries represented in the consortium
4
large-scale pilots in real-world environments
7
industry partners (54% industry ratio)
24
total project deliverables
The business problem

What needed solving

Companies today force users to juggle dozens of passwords and authentication methods across different services, leading to security breaches, customer drop-off, and expensive IT support overhead. At the same time, businesses need stronger identity verification without making the user experience worse — a problem that gets harder as regulations like GDPR demand better privacy protection.

The solution

What was built

ReCRED built an operative identity consolidator portal with automatic identity crawlers for major social networks, probabilistic identity matching algorithms, and smartphone/laptop applications for acquiring physical identity attributes. Across 24 deliverables, the project delivered a complete mobile-based unified authentication system with attribute-based access control and multi-factor authentication using behavioral and physiological signatures.

Audience

Who needs this

Digital banks and fintech companies needing seamless multi-factor authenticationE-commerce platforms losing revenue to checkout friction and password fatigueEnterprise IT departments managing employee access across dozens of cloud servicesIdentity verification providers looking to add device-centric authenticationGovernment digital services moving toward mobile-first citizen authentication
Business applications

Who can put this to work

Banking & Financial Services
enterprise
Target: Digital banking platforms and fintech companies

If you are a digital bank dealing with customer friction from managing dozens of passwords and repeated identity checks — this project developed a mobile-based unified authentication system that consolidates all user credentials into one device. With 4 large-scale pilots proving TRL7 readiness, it combines biometric and behavioral authentication to reduce fraud while making login seamless for customers.

E-commerce & Retail
mid-size
Target: Online marketplaces and retail platforms

If you are an e-commerce platform losing customers at checkout because of clunky login flows and password fatigue — this project built an identity consolidator that lets shoppers authenticate once on their phone and access any connected service. The system was tested with 13 partners across 8 countries, proving it works across different regulatory environments and user bases.

Enterprise IT & Cybersecurity
enterprise
Target: Companies managing employee access across multiple systems

If you are an IT security team struggling with employee access management across cloud apps, on-premise systems, and partner portals — this project created attribute-based access control that runs from the user's device. It supports multi-factor authentication using behavioral signatures not bound to any single device, meaning a stolen laptop doesn't mean a stolen identity.

Frequently asked

Quick answers

What would it cost to implement this technology?

The project received EUR 4,997,242 in EU funding across 13 partners over 3 years, giving a sense of the R&D investment behind it. Licensing or integration costs would depend on negotiations with the consortium partners. Based on available project data, no commercial pricing model was published.

Can this scale to millions of users?

The project conducted 4 large-scale realistic pilots in real-world operational environments across 8 countries. The architecture was designed for extensibility in supported services — from local access control to online service access — suggesting it was built with scale in mind. However, exact user volume numbers from the pilots are not available in the project data.

Who owns the IP and how can I license it?

The consortium of 13 partners — including 7 industry players and 3 SMEs — jointly developed 24 deliverables. IP ownership typically follows Horizon 2020 rules where each partner owns what they created. The University of Piraeus Research Center coordinated the project and would be the first point of contact for licensing discussions.

Does this comply with GDPR and European data protection rules?

Privacy preservation is a core design principle — the system hides credential complexity inside the user's device and controls exposure of user data to third-party service providers. The project explicitly addresses data protection through attribute-based credentials that minimize what personal information gets shared. The project ran from 2015-2018, overlapping with GDPR preparation.

How long would integration take?

The project was designed for incremental deployment — you don't have to replace your existing authentication system all at once. It supports widely established identity management standards plus extensions. Based on available project data, the 4 pilots demonstrated integration of all developed components in operational environments.

What authentication methods does it actually support?

The system combines traditional authentication with behavioral and physiological user signatures — things like typing patterns, facial recognition, and device-based credentials. It also supports advanced cryptographic attribute-based access control, meaning users can prove they have certain properties (like being over 18 or being an employee) without revealing their full identity.

What happens if the user loses their phone?

The project specifically addressed resilience to device loss, theft, and impersonation. It combines local user-to-device authentication with remote device-to-service mechanisms, and uses biometric signatures that are not bound to any single device. This means a lost phone doesn't automatically mean compromised accounts.

Consortium

Who built it

The ReCRED consortium is strongly industry-oriented with 7 out of 13 partners coming from industry (54% ratio), complemented by 4 universities and 1 research organization. With 3 SMEs in the mix and partners spread across 8 countries (Belgium, Cyprus, Greece, Spain, Italy, Netherlands, Romania, UK), the project had the commercial DNA needed to move beyond pure research. The coordinator, University of Piraeus Research Center in Greece, managed a nearly EUR 5 million budget. The high industry ratio and multi-country spread suggest the technology was validated across different markets and regulatory contexts — a good sign for anyone considering adoption.

How to reach the team

University of Piraeus Research Center (Greece) — contact via CORDIS or project website

Order a report on this consortiumSee UNIVERSITY OF PIRAEUS RESEARCH CENTER profile →
Next steps

Talk to the team behind this work.

Want an introduction to the ReCRED team to explore licensing or integration? SciTransfer connects businesses with EU research teams. Contact us for a tailored briefing.

Order a report on this topicMore in Digital & ICT
More in Digital & ICT
See all Digital & ICT projects
Affordable Satellite Communication Modules That Give SMEs Direct Access to Space Data
InnoSpaceComm
Open →
Home Dining Marketplace Connecting Travelers with Local Hosts Across Europe
ECINPERSON
Open →
AI-Powered 3D Art Creation That Cuts Production Time for Game and Film Studios
ArtomatixSuite
Open →