Critical Infrastructure
Your pen-testers and red-teams already know:
Social-Engineering Works.
So block it.
CryptoPhoto is purpose-built to prevent human-factor exploits, and there's a huge number -
more than 50 different kinds and variations - and we block them all. We also block more than 50 other cyber attack techniques -
that's more than double the number of threats that are addressed by all our competitors combined.
CryptoPhoto does 3 important things, all compliant with the world's highest-rated security strength: NIST SP800-63-3 "AAL3".
- Mutual Authentication: your staff, and (where appropriate) contractors, 3rd parties, or even customers can log-in safely, to any of your systems, with no risk of scams,
phishing, impostors, social-engineers, or other modern attacks compromising their authentication security.
Mutual authentication also blocks telephone and in-person scams, as well a a wide range of other credential-related risks.
- Transaction Signing: authorized users can safely issue instructions, like machinery control, facility access, and bespoke transactions,
with no risk of malware taking hold, and again with no risk of scams, phishing, impostors, social-engineers, or other modern attacks.
CryptoPhoto also provides full non-repudiable action-history logging, strong biometric multifactor mutual-auth protection, and multi-operator approval support.
- Cryptographic key provisioning: Store your most critically sensitive information safely, and redundantly, outside your systems. Encryption keys, unlock codes, API credentials,
access tokens, etc: if you don't put it on your machines, it's not there to get compromised, and cannot be misused.
Use our multiple-operator security for hypercritial protection, with "N out of M must approve, but not if X out of Y deny" logic for the ultimate in security reassurance.
Learn more about Mutual-Authentication, Signing, and Key-provisioning on our Crypto-Currencies page.
* NIST Special Publication 800-63 Revision 3
Authenticator Assurance Level 3 (AAL3) provides very high confidence that the claimant controls authenticator(s) registered to the subscriber.
Authentication at AAL3 is based on proof of possession of a key through a cryptographic protocol. AAL3 is like AAL2 but also requires a “hard” cryptographic authenticator
that provides verifier impersonation resistance.