AI Assisted Universal Authentication And Encryption Platform Featuring an Authentication Assistant For Securing Next Generation AI Based Apps, Systems and Devices
As digital scams and false identities continue to rise, it's becoming increasingly difficult to confirm the authenticity of those we interact with online. Imagine you're having a private conversation with someone you've never met before. It's crucial to ensure that they are indeed who they claim to be. But how can you verify the other person's identity? And how can you establish secure communication with them?
Traditional authentication platforms ask: "How can we simplify the process of identity verification?" We, however, pose a different question: "Why do we even need to verify the identity of the other person? Let's establish a secure communication, and if it's successful, we have already verified the identity of the person."
Our Innovation
The Future Impact
AUTHENTICATED
ENCRYPTION
Implement our cutting-edge authentication technology to build Next generation Front End And Back-End Apps powered by AI using your favorite language.
✓ Eliminate User Registrations And Sign-Ups
✓ Integrated Authentication using AI Assistant
✓ Single-Sign-On Across Apps, Systems And Devices
✓ Protect your Apps using Application Layer Encryption
✓ Use Token-less Authentication To Protect Back-End API
✓ Enhanced Compliance And Governance Across Apps
Authenticate Any User Using Any Email Address Or Any Machine Using A Domain Name Or Resource ID
Use Our Dynamic Authorization Capability Post Authentication Or Plugin your Own Authorization Layer
Enable Application Layer Encryption As Well As Authenticated Encryption Using Our Technology Across Applications
Physically Or Virtually Verify Any User EMail Address Using Our Mobile Application To Prevent Frauds
Encrypt Information To Any User Or Machine By Fetching An Asymmetric Shared Key From Our Platform.
Stolen User And Machine Keys Cannot Be Used By Anyone To Spoof The Identity Of Another User Or Machine
Machine Keys are automatically rotated every 15 minutes and Application Keys are rotated every Month
Use Our Technology To Allow Devices To Establish Direct Secure communication even when they are offline
Enable Authentication in your Java Script App hosted on any Static Web Site
Protect your APIs using our Technology without using any API Keys for authorized access
Our Authentication solution can also protect Applications hosted on plain http protocol
Our Authentication and Token-less solution is completely
Protocol-independent
Users will need to solve an Encrypted QR Captcha before they are granted access to their Login Session.
Users do not need to type any Passwords in the Client Or Browser during login in order to provide maximum security
Cookies can be safely disabled to prevent providers from tracking you since we don't use Cookies
Data can be stored securely across sessions in the local storage using built-in functions offered by our Platform
Our Solution For Authentication
HexaEight Token Server is a comprehensive Authentication, Authorization, and Access solution designed to secure your systems, frontend applications, backend APIs, forms, and even GPT-powered apps.
It supports both Email and Face Authentication and is deployable on Linux, Windows, Mac, and Raspberry Pi devices.
Built for scalability, HexaEight Token Server can seamlessly integrate with any framework at the application layer, providing flexibility for a wide range of use cases.
You can self-host HexaEight Token Server either on-premises or in the cloud, ensuring complete control over your infrastructure.
With per-CPU licensing, HexaEight Token Server allows for unlimited authentication and authorization of users and resources.
Check out our Demos using any of the below links
HexaEight Token Server implements our Patent pending encryption technology and allows our Mobile application to fetch secure one time codes that can be used by your end users to securely login to your Application
Our AI Solution To Build GPTs
Is Available In Microsoft Azure Market Place which empowers businesses with a secure and compliant framework for building Custom AI assistants while retaining control over its actions, responses and behavior. Controlled GPT Assistants prioritize user privacy, reduce bias, provide top-quality interactions, and are feature rich with function calling capabilities and can be tailored to meet individual or organizational requirements.
Controlled GPT establishes secure communication between AI and Application Front End using HexaEight Sessions. Controlled GPT can be provisioned inside a VM in your Azure subscription that can talk to Azure Open AI / Chat GPT and comes bundled with a static Chat Application front end that implements HexaEight Core Technology.
Identity And Deep Fake Detection Solution
Our Mobile app provides a secure way to take and share photos or videos with your family, collogues, friends, and businesses. Our Technology ensures that your media is protected from tampering or alteration.
When a photo or video is captured using our Mobile Application, we automatically stamp the media using our Signature Technology that allows you to verify the media authenticity. This feature can also allow you to verify the identity of the other person.
While this feature is free for everyone, the verification of your media can only be last for first 24 hours. After that, the protection expires, and the media can no longer be verified but can still be viewed. This limitation ensures the feature remains accessible for quick and temporary use.
For those who want long-term protection, you can activate secure media for your email address. This will allow you to keep your media protected indefinitely, letting anyone verify its authenticity at any time without any time limits.
This feature is currently available on Android and will be available for iOS soon
Deep fake detection is crucial as AI-generated content becomes more advanced. Deep fakes manipulate likenesses or voices, often for malicious purposes. HexaEight Signature Verification offers an innovative approach by creating a signed JWT using a hash of the AI-generated message, allowing verification of content integrity. This method prevents deep fakes by ensuring every message generated by AI is tied to the end user and any alteration leads to failures during message verification .
How Does Our Authentication Work?
HexaEight Authenticator Is Our white-labelled Mobile App, Designed For Users, Resource Owners, System Administrators And Device Operators That Seamlessly Integrates Our Authenticated Encryption Technology.
It Allows End-Users To Scan QR Codes & Authenticate In
✓ Front-End Applications By Authorizing User Agents
✓ Across Operating Systems Using One-Time-PASSCODE
✓ External And Physical Devices like Magnetic Door-locks, as well as in Humanoids, Robots, Drones.
✓ Resource Owners Build And Authorize Front-End And Back-End Applications
✓ System Administrators Authorizes Machines And Integrate Our Plugins to Enable Authentication For End-Users Across Operating Systems
✓ Device Operators Authorizes External Devices And Build Apps Using Our SDK To Enable Authentication For End-users In External and Physical Devices.
Our Authentication Techniques
Just Authentication is a revolutionary solution that simplifies user access to your application through a one-time secure access code. By eliminating traditional user registration and password management, it enhances both security and user experience. The system leverages our HexaEight Authenticator mobile app and Token Server Technology, allowing you to build applications using any framework of your choice.
Our Solution allows you to run the application server on the same machine as our Token Server. Alternatively, you can integrate your application with any S3 provider, thus providing instant scalability for your application.
Just Authentication can integrate with any external platform that can talk to any S3 provider thus allowing you to extend and build your application on no code platforms.
Just Authentication supports both Face as well as Email authentication allow you to configure access for any email domain, including social logins, ensuring successful authentication in your application. This solution is ideal for businesses seeking robust, user-friendly authentication. with complete control, reduced costs, and the flexibility to operate even without browser access.
HexaEight Sessions Is Our Flagship Technique That Enables Authentication Using Encryption Across Web, Mobile, Systems, Devices as well as in AI powered Applications.
It Uses A Unique Concept Of Token-less Authentication, Relying On Our Patent-pending Encryption Technology To Establish The Identity Of Any User Or Machine.
In Addition, HexaEight Sessions Implements Two-factor Authentication, Using Encrypted QR Codes As An Extra Security Layer To Ensure The Highest Level Of Protection.
HexaEight Sessions can be used in both client and server applications to establish secure communication.
An end user can prove their identity by encrypting information to the server application using HexaEight Session. Similarly the server application uses HexaEight Middleware Session to verify the user's identity and also proves its own identity by sending back encrypted information back to the client application.
HexaEight Sessions Can Also Be Used For Peer To Peer Authentication Like In A Chat Application Or In A Peer To Peer Web3 or Gaming App
Our Technology allows seamless, direct communication between machines using HexaEight Machine Sessions without the need to implement any application.
Our Cloud Platform provides the encryption keys for the source and destination machines, enabling them to establish a secure and authenticated bidirectional communication channel using our cutting-edge encryption technology.
Our Core Technology
HexaEight Encryption
Standard Encryption Techniques like Public Key cryptography use a pair of keys, a public key and a private key, to encrypt and decrypt data. The Public key is used to encrypt the data, while the Private key is used to decrypt it. While this technique ensures the secrecy of the message, it cannot be used to establish the identity of the sender as the Public key can be subject to attacks during the exchange process.
To verify the identity of a user using a public key, a Certificate Authority (CA) must certify the Public key and issue a Digital Certificate. While Digital Certificates and Signatures offer message authenticity, they can be compromised if the private key is misplaced or stolen. In this case, it can be time-consuming to revalidate and issue a new Digital Certificate and Signature
Multi Party Encryption Capability
HexaEight's innovative multi-party encryption, also known as multi-path encryption, allows an entity to encrypt a message using the Asymmetric Shared Key (ASK) of multiple parties. To fully decrypt the message, the encrypted message must traverse through each party for decryption, but this can occur in any order. The last entity to decrypt the encrypted message will be able to see the original message. Our technology can be deployed by financial entities for fraud detection.
A typical use case is when a financial transaction is being performed between two or more parties for the first time. While financial entities verify Identity of the sender, they lack the capability to verify the identity of the destination. Our solution empowers Financial entities to verify any user even if the user is not a customer. This allows the Financial Entity to verify the identity of the destination user by asking them to just take a selfie using our Secure Media Technology and upload it for verification as part of the transaction.
In the initial stage of the multi-party approval process, the financial entity utilizes our Token Server to acquire the Asymmetric Shared Keys (ASK) of all transaction parties and encrypts the transaction data with a unique secret code. A key feature of this transaction is the financial entity's participation. By including itself as a party, the financial entity gains the ability to verify if the encrypted transaction can be decrypted, assuming it's the last entity to perform the decryption.
In the second stage, the encrypted message is sent to each transaction participant for approval using any medium. Participants use HexaEight mobile app to scan a QR Code that will partially decrypt the message. This partially decrypted message then circulates among the remaining participants until all have completed their decryption. Once all parties confirm their decryption completion, the financial entity can perform the final decryption for verification.
In the final phase, the financial entity decrypts the final encrypted message. If it successfully decrypts and verifies the unique secure code within the message, it confirms the transaction's digital authenticity. This is ensures that the transaction has received approval from all parties, hence can be treated as a safe transaction.
Another use case for Multi party approval is to obtain consent and maintain proof as part of DPDP Act, GDPR, HIPAA Act for data processing.
Our Platform Libraries
Our Core libraries have been used to build Token Server and Controlled GPT can be used to develop new products based on our Technology for integrating both authentication and establishing secure communication in Applications, Devices, Drones and Robots using Raspberry Pi's and can also be used in CANBUS SDK to allow electronic subsystems to authenticate and securely establish secure communication with each other.
Download Our Mobile Application
The first step before you attempt to use our solutions and products is download our Mobile Application available on the Playstore by scanning the QR Codes shown below. You will need to first create an Email digital token on your mobile by following this video tutorial. Once you have created an email digital token, you can then create and authorize new Domain or Generic resources using the mobile application for use in our solutions
HexaEight offers a unique and flexible licensing model that sets us apart from traditional providers. Unlike others, we don’t charge for authentication based on the number of Monthly or Daily Active Users.
Instead, we provide a simple, cost-effective solution by offering CPU Core Licenses for the machine running our products, such as the Token Server, which handles user authentication and authorization.
With this approach, you can authenticate an unlimited number of users without worrying about additional costs since the license fully covers the machine. For scalability and high availability, you can easily purchase additional licenses to support your growing needs, giving you complete control over your infrastructure and expenses.
Use our Support Page to easily raise tickets or connect with an expert for personalized assistance. We offer a range of support options, including Premium and Enterprise-level services, to ensure you get the help you need when you need it most. Whether troubleshooting or optimizing, our team is here to support your success.