HexaEight

Authenticated Encryption Anywhere And Everywhere

AI Assisted Universal Authentication And Encryption Platform Featuring an Authentication Assistant For Securing Next Generation AI Based Apps, Systems and Devices

What is the
Problem we are Trying to Solve?

As digital scams and false identities continue to rise, it's becoming increasingly difficult to confirm the authenticity of those we interact with online. Imagine you're having a private conversation with someone you've never met before. It's crucial to ensure that they are indeed who they claim to be. But how can you verify the other person's identity? And how can you establish secure communication with them?

Are We Just Another Authentication Platform?

Traditional authentication platforms ask: "How can we simplify the process of identity verification?"  We, however, pose a different question: "Why do we even need to verify the identity of the other person? Let's establish a secure communication, and if it's successful, we have already verified the identity of the person."

Our Innovation

Traditional authentication platforms focus on proving who someone is. We have moved beyond this problem since our Technology allows us to automatically confirm the identity of the other person, by just establishing a secure communication with them. This isn't just a better way to authenticate, it's fundamentally a new way to establish secure communication.

The Future Impact

We're not merely trying to solve the conventional authentication problem by iterating on existing security models, but we have created an entirely new one. While others focus on enhancing existing security protocols, we're challenging the very foundation of how identity verification should be conducted, simply by using secure communication.

So how do you establish a secure communication with someone you have never met using our Encryption Technology?  First, you retrieve a unique key known as the Asymmetric Shared Key (ASK) from our platform. This key is linked to the email address of the other person you wish to communicate with. You can now encrypt a message using this key, your email address, and your personal password. This encrypted message can then be sent through any communication channel.  In a similar manner, the recipient also retrieves an Asymmetric Shared Key (ASK) from our platform, that is linked to your email address. The other person uses the key, along with their email address and personal password, to decrypt the message that you have sent.  If the decryption process is successful and the recipient can validate the content of your message, their identity is automatically confirmed.  Isn't that simple?

But don't just take our word for it. Experience our technology and you'll be pleasantly surprised that it works!!

HexaEight AI based Authentication is powered by our Encryption Technology

AUTHENTICATED

Use Our Revolutionary Platform For Authenticating Unlimited Users In AI Assistants, Websites, Apps, Systems and Devices 

ENCRYPTION

Use Our Encryption Technology To Establish Secure Communication Across Sessions, Backend APIs and Resource Servers

HexaEight Provides A Revolutionary Authentication Platform That Enables Businesses To Develop Next Generation Multi-Lingual Interactive AI Assistants, Capable Of Authenticating Users Using QR Codes And Voice Interactions, Thus Eliminating The Need To Disclose User Password To The AI Application

HexaEight Platform Instant Benefits

Implement our cutting-edge authentication technology to build Next generation Front End And Back-End Apps powered by AI using your favorite language.
✓ Eliminate User Registrations And Sign-Ups
Integrated Authentication using AI Assistant
✓ Single-Sign-On Across Apps, Systems And Devices
✓ Protect your Apps using Application Layer Encryption
✓ Use Token-less Authentication To Protect Back-End API

Enhanced Compliance And Governance Across Apps

Our Platform Features

✓ Authentication

Authenticate  Any User Using  Any Email Address Or Any Machine Using A Domain Name Or Resource ID

✓ Authorization

Use Our Dynamic Authorization Capability Post Authentication Or Plugin your Own Authorization Layer

✓ Encryption

Enable Application Layer Encryption As Well As Authenticated Encryption Using Our Technology Across Applications

✓ Verification

Physically Or Virtually Verify Any User EMail Address Using Our Mobile Application To Prevent Frauds 

✓ Peer To Peer

Encrypt Information To Any User Or Machine By Fetching An Asymmetric Shared Key From Our Platform.

✓ Key Protection

Stolen User And Machine Keys Cannot Be Used By Anyone To Spoof The Identity Of Another User Or Machine

✓ Key Rotation

Machine Keys are automatically rotated every 15 minutes and Application Keys are rotated every Month

✓ Offline

Use Our Technology To Allow Devices To Establish Direct Secure communication even when they are offline

✓ Static Site Protection

Enable Authentication in your Java Script App hosted on any Static Web Site

✓ API
Protection

Protect your APIs using our Technology without using any API Keys for authorized access

✓ Non-HTTP 
Site Protection

Our Authentication solution can also protect Applications hosted on plain http protocol

✓ Protocol
Agnostic

Our Authentication and Token-less solution is completely
Protocol-independent

✓ Two Factor Authentication

Users will need to solve an Encrypted QR Captcha before they are granted access to their Login Session.

✓ Password-less Authentication

Users do not need to type any Passwords in the Client Or Browser during login in order to provide maximum security

✓ True
Privacy

Cookies can be safely disabled to prevent providers from tracking you since we don't use Cookies

✓ Data
Protection

Data can be stored securely across sessions in the local storage using built-in functions offered by our Platform

Our Solution For Authentication

HexaEight Token Server

HexaEight Token Server is a comprehensive Authentication, Authorization, and Access solution designed to secure your systems, frontend applications, backend APIs, forms, and even GPT-powered apps.

It supports both Email and Face Authentication and is deployable on Linux, Windows, Mac, and Raspberry Pi devices.

Built for scalability, HexaEight Token Server can seamlessly integrate with any framework at the application layer, providing flexibility for a wide range of use cases.

You can self-host HexaEight Token Server either on-premises or in the cloud, ensuring complete control over your infrastructure.

With per-CPU licensing, HexaEight Token Server allows for unlimited authentication and authorization of users and resources.

Check out our Demos using any of the below links

HexaEight Token Server implements our Patent pending encryption technology and allows our Mobile application to fetch secure one time codes that can be used by your end users to securely login to your Application 

Our AI Solution To Build GPTs 

Controlled GPT AI Assistant 

Is Available In Microsoft Azure Market Place which empowers businesses with a secure and compliant framework for building Custom AI assistants while retaining control over its actions, responses and behavior.  Controlled GPT Assistants prioritize user privacy, reduce bias, provide top-quality interactions, and are feature rich with function calling capabilities and can be tailored to meet individual or organizational requirements. 

Controlled GPT establishes secure communication between AI and Application Front End using HexaEight Sessions.  Controlled GPT can be provisioned inside a VM in your Azure subscription that can talk to Azure Open AI / Chat GPT and comes bundled with a static Chat Application front end that implements HexaEight Core Technology.

Identity And Deep Fake Detection Solution

Secure Media Protection (For End Users)

Our Mobile app provides a secure way to take and share photos or videos with your family, collogues, friends, and businesses. Our Technology ensures that your media is protected from tampering or alteration.

When a photo or video is captured using our Mobile Application, we automatically stamp the media using our Signature Technology that allows you to verify the media authenticity. This feature can also allow you to verify the identity of the other person.

While this feature is free for everyone, the verification of your media can only be last for first 24 hours. After that, the protection expires, and the media can no longer be verified but can still be viewed. This limitation ensures the feature remains accessible for quick and temporary use.

For those who want long-term protection, you can activate secure media for your email address. This will allow you to keep your media protected indefinitely, letting anyone verify its authenticity at any time without any time limits.

This feature is currently available on Android and will be available for iOS soon

Detecting Content Authenticity in AI

Deep fake detection is crucial as AI-generated content becomes more advanced. Deep fakes manipulate likenesses or voices, often for malicious purposes. HexaEight Signature Verification offers an innovative approach by creating a signed JWT using a hash of the AI-generated message, allowing verification of content integrity. This method prevents deep fakes by ensuring every message generated by AI is tied to the end user and any alteration leads to failures during message verification .

How Does Our Authentication Work?

HexaEight Authenticator For End-Users

HexaEight Authenticator Is Our white-labelled Mobile App, Designed For Users, Resource Owners, System Administrators And Device Operators That Seamlessly Integrates Our Authenticated Encryption Technology.

It Allows End-Users To Scan QR Codes & Authenticate In
✓  Front-End Applications By Authorizing User Agents  
✓ Across Operating Systems Using One-Time-PASSCODE
✓ External And Physical Devices like Magnetic Door-locks, as well as in Humanoids, Robots, Drones.

HexaEight Authenticator For Owners

✓ Resource Owners Build And Authorize Front-End And Back-End Applications

✓ System Administrators Authorizes Machines And Integrate Our Plugins to Enable Authentication For End-Users Across Operating Systems


✓ Device Operators Authorizes External Devices And Build Apps Using Our SDK To Enable Authentication For End-users In External and Physical Devices.

Our Authentication Techniques

Just Authentication - Any Framework

Just Authentication is a revolutionary solution that simplifies user access to your application through a one-time secure access code. By eliminating traditional user registration and password management, it enhances both security and user experience. The system leverages our HexaEight Authenticator mobile app and Token Server Technology, allowing you to build applications using any framework of your choice.

Our Solution allows you to run the application server on the same machine as our Token Server. Alternatively, you can integrate your application with any S3 provider, thus providing instant scalability for your application.

Integration With External Platforms

Just Authentication can integrate with any external platform that can talk to any S3 provider thus allowing you to extend and build your application on no code platforms.  

Just Authentication supports both Face as well as Email authentication  allow you to configure access for any email domain, including social logins, ensuring successful authentication in your application. This solution is ideal for businesses seeking robust, user-friendly authentication. with complete control, reduced costs, and the flexibility to operate even without browser access.

HexaEight Sessions

HexaEight Sessions Is Our Flagship Technique That Enables Authentication Using Encryption Across Web, Mobile, Systems, Devices as well as in AI powered Applications.
It Uses A Unique Concept Of Token-less Authentication, Relying On Our Patent-pending Encryption Technology To Establish The Identity Of Any User Or Machine.
In Addition, HexaEight Sessions Implements Two-factor Authentication, Using Encrypted QR Codes As An Extra Security Layer To Ensure The Highest Level Of Protection.

User To Machine, Services And Devices

HexaEight Sessions can be used in both client and server applications to establish secure communication.

An end user can prove their identity by encrypting information to the server application using HexaEight Session. Similarly the server application uses HexaEight Middleware Session to verify the user's identity and also proves its own identity by sending back encrypted information back to the client application.

Direct User To User Authentication and Secure Communication via Application

HexaEight Sessions Can Also Be Used For Peer To Peer Authentication Like In A Chat Application Or In A Peer To Peer Web3 or Gaming App

HexaEight Session Capabilities

Authenticate Any User

HexaEight Sessions simplifies the complex task of authenticating Email Users without the need to type a password at login prompt

Encrypt And Decrypt

HexaEight Sessions provides encryption and decryption capabilities for any destination even if the destination is not yet registered on our Platform

Protect And Decipher

HexaEight Sessions provide self encryption capabilities to protect the data stored in local Browser storage or in an untrusted environment

Secure Communication

HexaEight Sessions offers HTTP Client instances that implements authenticated encryption to secure communication with Destination APIs

Machine To Machine Communication

Our Technology allows seamless, direct communication between machines using HexaEight Machine Sessions without the need to implement any application.

Our Cloud Platform provides the encryption keys for the source and destination machines, enabling them to establish a secure and authenticated bidirectional communication channel using our cutting-edge encryption technology.

Our Core Technology
HexaEight Encryption


Standard Encryption Techniques like Public Key cryptography use a pair of keys, a public key and a private key, to encrypt and decrypt data. The Public key is used to encrypt the data, while the Private key is used to decrypt it. While this technique ensures the secrecy of the message, it cannot be used to establish the identity of the sender as the Public key can be subject to attacks during the exchange process.


To verify the identity of a user using a public key, a Certificate Authority (CA) must certify the Public key and issue a Digital Certificate. While Digital Certificates and Signatures offer message authenticity, they can be compromised if the private key is misplaced or stolen. In this case, it can be time-consuming to revalidate and issue a new Digital Certificate and Signature

HexaEight Technology combines asymmetric and symmetric encryption techniques to create a new method that can be used for both Authentication and Encryption. Our platform eliminates the need to maintain a public key infrastructure by allowing users to establish secure communication with any user or machine by simply retrieving an Asymmetric Shared Key (ASK) of the destination from our Platform. Asymmetric Shared Keys are resistant to all attacks, making our technology a secure option for use in any environment.

A Schematic Diagram Of Our Encryption And Decryption Process Used Across
Users, Applications, Machines And Devices

Multi Party Encryption Capability

What is Multi Party Encryption?

HexaEight's innovative multi-party encryption, also known as multi-path encryption, allows an entity to encrypt a message using the Asymmetric Shared Key (ASK) of multiple parties. To fully decrypt the message, the encrypted message must traverse through each party for decryption, but this can occur in any order. The last entity to decrypt the encrypted message will be able to see the original message. Our technology can be deployed by financial entities for fraud detection.

Sample Multi Party Use Case

A typical use case is when a financial transaction is being performed between two or more parties for the first time.  While financial entities verify Identity of the sender, they lack the capability to verify the identity of the destination. Our solution empowers Financial entities to verify any user even if the user is not a customer. This allows the Financial Entity to verify the identity of the destination user by asking them to just take a selfie using our Secure Media Technology and upload it for verification as part of the transaction.

Authorization Phase

In the initial stage of the multi-party approval process, the financial entity utilizes our Token Server to acquire the Asymmetric Shared Keys (ASK) of all transaction parties and encrypts the transaction data with a unique secret code. A key feature of this transaction is the financial entity's participation. By including itself as a party, the financial entity gains the ability to verify if the encrypted transaction can be decrypted, assuming it's the last entity to perform the decryption.

Approval Phase

In the second stage, the encrypted message is sent to each transaction participant for approval using any medium. Participants use HexaEight mobile app to scan a QR Code that will partially decrypt the message. This partially decrypted message then circulates among the remaining participants until all have completed their decryption. Once all parties confirm their decryption completion, the financial entity can perform the final decryption for verification.

Execution Phase

In the final phase, the financial entity decrypts the final encrypted message. If it successfully decrypts and verifies the unique secure code within the message, it confirms the transaction's digital authenticity. This is ensures that the transaction has received approval from all parties, hence can be treated as a safe transaction.
Another use case for Multi party approval is to obtain consent and maintain proof as part of DPDP Act, GDPR, HIPAA Act for data processing. 

Our Platform Libraries

Build Custom Products

Our Core libraries have been used to build Token Server and Controlled GPT can be used to develop new products based on our Technology for integrating both authentication and establishing secure communication in Applications, Devices, Drones and Robots using Raspberry Pi's and can also be used in CANBUS SDK to allow electronic subsystems to authenticate and securely establish secure communication with each other.

Download Our Mobile Application

The first step before you attempt to use our solutions and products is download our Mobile Application available on the Playstore by scanning the QR Codes shown below.  You will need to first create an Email digital token on your mobile by following this video tutorial. Once you have created an email digital token, you can then create and authorize new Domain or Generic resources using the mobile application for use in our solutions

SCAN

This QRCode

To Download Our
Mobile App From
Google Play Store

SCAN

This QRCode

To Download Our
Mobile App From
Apple Play Store

Simple Pricing for Everyone

Pricing

Our Licensing Model

HexaEight offers a unique and flexible licensing model that sets us apart from traditional providers. Unlike others, we don’t charge for authentication based on the number of Monthly or Daily Active Users.

Instead, we provide a simple, cost-effective solution by offering CPU Core Licenses for the machine running our products, such as the Token Server, which handles user authentication and authorization.

With this approach, you can authenticate an unlimited number of users without worrying about additional costs since the license fully covers the machine. For scalability and high availability, you can easily purchase additional licenses to support your growing needs, giving you complete control over your infrastructure and expenses.

Contact Us For Any Questions

Support

Submit a Ticket Or Talk to An Expert

Use our Support Page to easily raise tickets or connect with an expert for personalized assistance. We offer a range of support options, including Premium and Enterprise-level services, to ensure you get the help you need when you need it most. Whether troubleshooting or optimizing, our team is here to support your success.

Privacy Policy

Terms of Use

© Copyright 2024 HexaEight - All Rights Reserved
HexaEight Trademark is held by HexaEight. Various trademarks are held by their respective owners.