The trusted default for web security
Frictionless secure access increases engagement, builds trust, and reverses customer abandonment.
Deployed in Minutes
Invisible to Users
An intelligent new approach to Passwordless Authentication for web services that's invisible and frictionless for users. The seamless experience delivers MFA in 1-step (not 2-steps) and can be fully deployed in 3-5 minutes from partner networks, or overnight by integrating the open source API. There is no technology or security risk.
The system is based on a new Decentralized Web Protocol and requires (i) no user software or setup, (ii) no change management, and (iii) no backend system changes. It supports up to 5FA and is FIDO2 compliant.
Seamless for Users
No user software or setup
No change management
No backend changes
No Code / Open Source API
No backend system changes
MasterKey meets the most advanced standards for Zero-Trust networks and Zero-Trust devices.
Organizations can deploy Passkeys (FIDO2/WebAuthn) without any system development.
MasterKey supports immense scale.
Decentralized Web Protocol (Invisible to Users)
Applied to User Authentication / Transaction Authorization
MasterKey harnesses elements unique to a mobile phone to provide user authentication or transaction authorization. It requires no user software or setup and can provide up to 5-Factors of Authentication (5FA/MFA).
The system is based on a new Decentralized Web Protocol which combines three security secrets to double-encode and encrypt information captured from the user. It works like a one-way vector: only the original webserver can decipher and use the information and only when it’s initiated by the user’s original device, and if required, other factors such as proof the use is present. The genius behind the protocol is is a two-stage process that ensures these secrets are never released by the devices and so can never come together anywhere else, to decipher and used the information if intercepted. It uses standard encryption and encoding techniques and with current technology would require billions upon billions of years to decrypt, and if successful would yield only contextless, encoded, meaningless data that could never be used.
The system requires no user software or setup. It is deployed from the front face of the organizations webserver and so is instantly accessible to all users. There are three component technologies. An encrypted invisible keyboard, an illusion which captures or generates the credentials, Passwordless Web Authentication is achieved by retrieving these credentials, MFA is achieved in 1-step (not 2 steps).
The system scales and is being deployed in markets with hundreds of millions of user. It carries no PII (Personal Identifiable Information) and is compliant with GDPR/CCPA.
MasterKey enables organizations to deploy Passkeys (FIDO2/WebAuthn) without any development.
Encrypted Invisible Keyboard
User credentials are captured (or generated) in a double-encoded and encrypted system.
The webserver harnesses the mobile phone’s browser to create the illusion (graphical proxy) of a keyboard. Cells on the screen generate encoded references that can only be interpreted by the webserver which set it up a moment earlier. No characters exist locally so the information cannot be intercepted and deciphered. Instant onboarding of new users can be facilitated by auto generating credentials so users never see a keyboard.
Passwordless Web Authentication
Credentials captured and stored by the system are retrieved to create the Passwordless experience.
The information that was captured by the Encrypted Invisible Keyboard can only be retrieved and deciphered when all elements of the original triangulation are in place, and initiated by the users mobile.
MFA in 1-Step (not 2 steps)
The credentials can only be reconstituted inside the webserver, when the original triangulation is initiated by the user’s mobile, and if WebAuthn is enabled, by the user providing their proof-of-presence. (Biometric, Screen swipe, PIN, etc.). The experience is simply invisible.
Zero Trust Networks
Zero Trust Devices
Sidestepping the Attack-Surface
99% of cyber-attacks target devices (PCs and Smartphones).The goal is identity theft to take over online accounts and steal money, redirect financial transactions or access private data. Credential are easily intercepted by keyloggers or a Man-in-the-Browser attack. MasterKey sidesteps the device, providing no attack-surface for hackers. Credentials never hit the user device or network.
Zero Trust Networks
MasterKey meets the most advanced expectations of Zero-Trust networks.
Devices capturing information from users are first encoded and the data captured is then double encoded and encrypted with AES-256, Current technology would requires billions of years to decrypt this and would only then reveal context-less meaningless encoded data.
Whether “Cloud Hosted” or “On-Prem”, nothing can intercept and decipher the information flowing through the system.
The protocol ensures that only the webserver, with the security keys it generates, can decipher the information when triangulated with the users mobile, and optionally their proof-of-presence.
At no other point within the system is there enough information to decrypt and decode, other than inside the webserver.
Zero Trust Devices
MasterKey’s security posture assumes every device is already compromised.
The system projects a security protocol that sidesteps any malware or non-malware, allowing users to authenticate themselves or authorize transactions.
It sits comfortably alongside existing monitoring and detection software on users devices without interference.
FIDO2 / WebAuthn
MasterKey is an implementation of the WebAuthn / FIDO2 standard.
It enables organizations to deploy WebAuthn overnight, without any system development or data migration.
Test Drive Your Own Website - FREE
Experience MasterKey with your own hands by unlocking access to the self-service portal. A MasterKey account is created instantly, paired with your phone and logs in. When you return, MasterKey prompt you to confirm login.
The self-service portal includes instructions on how to setup MasterKey on your organizations web portal. If you validate your email address then you can generate a secure API Key for your organization. This important cryptographic key is not transmitted.
A growing number of marketplaces now offer one-click installation into the webserver, however, the open source API can also be integrated into any webserver with 20-lines of code. The instructions are provided in the self-service portal.
MasterKey backend service hosted in the cloud by the cybersecurity innovation team at BankVault. This runs free of charge so the service can be fully tested or deployed without financial commitment. The counters reset periodically but the service can be upgraded to a paid plan which guarantees continuity for users, or add on additional authentication factors, such as Passkeys.
Test Drive and offer your users the choice of going passwordless.
Access to Strong WebSecurity
For any company caring to secure users, MasterKey is a no-brainer.
For organizations bogged down in ‘Identity and Access Management’ transformations, MasterKey can be implement immediately.
WebSecurity 101 for small businesses
A SaaS subscription and simple deployment, involving no barriers, makes MasterKey accessible even to smaller businesses that typically do not have the resources to deploy new authentication solutions.