The trusted default for web security
Invisible Passwordless Authentication
Seamless for Users
Instant Deployment
MasterKey is an intelligent new approach to Passwordless Authentication for Web Services. It is invisible and frictionless for users. The seamless experience provides MFA (in 1-step) and enables instant onboarding at scale (10-100x faster than competitors) with no technology or security risk. The system is based on a new Decentralized Web Protocol which requires (i) No user software or setup, (ii) No change management, and (iii) No backend system changes It supports up to 5FA with FIDO2/WebAuthn compliance.
Seamless User Experience
No user software or setup
No change management
No backend changes
Instant Deployment, Immediate ROI
Open Source API - Self Service Portal
MasterKey meets the most advanced standards for Zero-Trust networks and Zero-Trust devices.
It implements the WebAuthn/FIDO2 standard without any system development.
Decentralized Web Protocol (Invisible to Users)
User Authentication and Transaction Authorization
The genius of MasterKey is a new protocol which is invisible to users requiring no client software or user setup. The decentralized system is deployed from an organizations webserver and instantly accessible to all users. It activates the webserver’s intelligence to co-create a unique triangulation formed between the webserver, user, and mobile by combining temporary security secrets from physically different machines. It secures the input, storage and recall of credentials along with other factors to authenticate users, or authorize transactions.
There are three component technologies: (i) Encrypted Invisible Keyboard to either capture (or generate) user credentials, (ii) Passwordless Web Authentication is achieved by retrieving these along with other factors, (iii) MFA in 1-step (not 2 steps).
The system can scale to hundreds of millions of user devices. There is no PII (Personal Identifiable Information) and is compliant with GDPR/CCPA.
MasterKey provides FIDO2/WebAuthn allowing organizations to deploy this without development. It has up to 5-factors of authentication.
Encrypted Invisible Keyboard
User credentials are captured (or generated) in a double-encoded and encrypted system.
The webserver harnesses the mobile phone’s browser to create the illusion (graphical proxy) of a keyboard. Cells on the screen generate encoded references that can only be interpreted by the webserver which set it up a moment earlier. No characters exist locally so the information cannot be intercepted and deciphered. Instant onboarding of new users can be facilitated by auto generating credentials so users never see a keyboard.
Passwordless Web Authentication
Credentials captured and stored by the system are retrieved to create the Passwordless experience.
The information that was captured by the Encrypted Invisible Keyboard can only be retrieved and deciphered when all elements of the original triangulation are in place, and initiated by the users mobile.
MFA in 1-Step (not 2 steps)
The credentials can only be reconstituted inside the webserver, when the original triangulation is initiated by the user’s mobile, and if WebAuthn is enabled, by the user providing their proof-of-presence. (Biometric, Screen swipe, PIN, etc.). The experience is simply invisible.
Zero Trust Networks
Zero Trust Devices
Sidestepping the Attack-Surface
99% of cyber-attacks target devices (PCs and Smartphones).The goal is identity theft to take over online accounts and steal money, redirect financial transactions or access private data. Credential are easily intercepted by keyloggers or a Man-in-the-Browser attack. MasterKey sidesteps the device, providing no attack-surface for hackers. Credentials never hit the user device or network.
Zero Trust Networks
MasterKey meets the most advanced expectations of Zero-Trust networks.
Devices capturing information from users are first encoded and the data captured is then double encoded and encrypted with AES-256, Current technology would requires billions of years to decrypt this and would only then reveal context-less meaningless encoded data.
Whether “Cloud Hosted” or “On-Prem”, nothing can intercept and decipher the information flowing through the system.
The protocol ensures that only the webserver, with the security keys it generates, can decipher the information when triangulated with the users mobile, and optionally their proof-of-presence.
At no other point within the system is there enough information to decrypt and decode, other than inside the webserver.
Zero Trust Devices
MasterKey’s security posture assumes every device is already compromised.
The system projects a security protocol that sidesteps any malware or non-malware, allowing users to authenticate themselves or authorize transactions.
It sits comfortably alongside existing monitoring and detection software on users devices without interference.
FIDO2 / WebAuthn
MasterKey is an implementation of the WebAuthn / FIDO2 standard.
It enables organizations to deploy WebAuthn overnight, without any system development or data migration.
The Danger Of Not Taking Action
Users are scared of Identity Theft and minimize their engagement with businesses that do not protect them. Companies that care to protect their users are trusted and rewarded with greater engagement. Companies that fail to provide essential WebSecurity fall. Their reputation tanks. Users flee. MasterKey provides strong WebSecurity and involves virtually no expertise and time to deploy. It delivers the ultimate Passwordless experience. Smooth and Intuitive.
You could be running a WebSecure business by the end of the week.
What’s holding you back?
Access to Strong WebSecurity
For any company caring to secure users, MasterKey is a no-brainer.
Point Solution
for IAM
For organizations bogged down in ‘Identity and Access Management’ transformations, MasterKey can be implement immediately.
WebSecurity 101 for small businesses
A SaaS subscription and simple deployment, involving no barriers, makes MasterKey accessible even to smaller businesses that typically do not have the resources to deploy new Authentication solutions.
