Crypto Currencies

Keep your crypto customers safe, even when sophisticated bad guys attack them hard.

Crypto Currencies

Key Benefits

  • Keep your crypto customers safe, even when sophisticated bad guys attack them hard.
  • Prevent malware, scams, and social-engineering from exploiting your blockchain business.
  • Make secure logins, secure transactions, and secure-key-storage fast, easy, and foolproof.
  • Trust no one: CryptoPhoto's duty-separation architecture safely isolates all trust. Eradicating single-point-of-failure simultaneously blocks technical, human/social, and collusive attacks all at once.
  • Easily split your keys to keep them safely out of reach of intruders, malware, and scams.
  • Easily protect even your most vulnerable and unsophisticated customers.
  • Protect your users and staff against attacks on themselves, including phishing, social-engineering, and malware.

Crypto Currencies.

You get no second chances with cryptocurrencies.  It's real money, it's typically just one mistake away from theft, and the bad guys are after it.  They attack you, and they attack your customers.  CryptoPhoto protects both.

CryptoPhoto does 3 simple things, but it does them with the world's highest-rated security strength: NIST SP800-63-3 "AAL3" - that's 2 full assurance levels stronger than legacy ideas like 2FA and passwords, yet CryptoPhoto is fast, easy, and fool-proof.

  1. Mutual Authentication: your customers can log in safely using CryptoPhoto, with no risk of scams, phishing, impostors, social-engineers, or other modern attacks compromising their security.
  2. Transaction Signing: your customers can issue instructions, like trading, withdrawals and transfers, account detail changes etc, with no risk of malware taking their money or damaging your reputation, and again with no risk of scams, phishing, impostors, social-engineers, or other modern attacks.
  3. Cryptographic key provisioning: you, your staff, and your customers can store your most secret information safely, and redundantly, off your servers.

Authentication, signing, and key-provisioning are just part of the picture; they require secure enrolment that is fast and easy for users to set up, they require fool-proof self-service and secure handling for lost devices and end user maintenance, and they require a dedicated architecture that ensures there is no single-point-of-failure throughout.
CryptoPhoto provides it all, because there is no point having excellent security, if hackers can simply bypass it by scamming staff or users, exploiting recovery mechanisms, breaking in to your servers, or writing malware.

Mutual Authentication

In NIST terms, "Verifier Impersonation Resistance" is an absolute requirement to ensure a "very high confidence that the claimant controls authenticator(s) registered to the subscriber".

In simple terms, it means that users cannot be tricked.

CryptoPhoto accomplishes this with the world's fastest AAL3-graded user experience: your service proves it's authenticity to your users by presenting them with a one-time random photograph, and the users complete their login by tapping the matching photo on their CryptoPhoto-Device.
This is easy, requires no training, and takes on average just 2 seconds. Importantly - it means that if any kind of scam is in play, your users simply cannot be tricked: there's no way a bad guy can ask them for their login, and there's no way the customer could give it to them if they did (the one-tap sends the digitally signed EOTP authentication direct to your authentication endpoint, and never to any impostor).

Transaction Signing

Malware is everywhere, and even the world's strongest authentication is not going to stand in the way of malware, however, transaction-signing does.

CryptoPhoto provides a "one line change" upgrade to any interface you offer, which solicits real-time out-of-band confirmation direct from the real user, making it beyond clear to your users when an injected transaction or malware-altered-instruction arrives.
In addition, CryptoPhoto provides real-time no-false-positive alerting of attacks, including malware, against your system.  The instant any customer observes an attack, CryptoPhoto protects them, but also informs you immediately.
If bad guys target your users or systems, we stop them, and you'll know the instant they mount their attack

Cryptographic key provisioning

The safest place for keys to be stored, is not on your server.  CryptoPhoto provides the mechanism to store any kind of data, including wallet keys, API codes, etc, on customer devices, with clever redundancy to prevent loss, and wrapped in multiple layers of encryption to prevent their theft from either (and both) your server and your customers alike.

We additionally offer "two man rule" decryption, for extremely important keys where no single individual should own the power to use or reveal them alone.

When your servers need the keys, they make an out-of-band request which appears full-screen to the authorised operator(s), who unlock the request with their biometrics, and (if they approve), who then provision the key to your machine, typically for just one-time (if you don't store it, it cannot be stolen).

No break-in to your server can reveal any keys (they're not there).  No break-in to your staff or users can steal any keys (they're at least double encrypted - first to the user's biometrics, and second to the requesting server - and in the case of multiple signatories, they are additionally encrypted by all others.).

Countless victims, and hundreds of different crypto exchanges were hacked in 2017 alone.  CryptoPhoto eradicates all single-point-of-failure opportunities from your systems: our solution will probably stop you or your users or staff getting hacked, but if the worst somehow happens anyway [nobody can predict the next zero-day problem!], our solution will prevent loss from that event.

2FA is not enough.

Passwords alone don't work for many reasons - they're too easy to steal from users or server databases alike, they have no resistance against scams, impostors, and phishing, and you just can't trust users to get them right. 2FA codes are exactly the same - they too are just as easy to steal from users, their keys also sit on servers and are a single break-in away from complete compromise, and they too have no resistance against scams, impostors, and phishing, and you still can't trust users to secure and not lose their phones.  2FA was invented in 1984, before the web even existed - it is far too old to be trusted, and next to useless on modern connected systems.

Keys belong in your pocket, not on a server waiting to be hacked.  CryptoPhoto offers you the industry's most effective user security, but also with the industry's fastest and easiest-to-use user experience.

Core Benefits.

Protect your users and your staff against attacks on your systems and attacks on themselves, including phishing, social-engineering, and malware.

  • Comprehensive protection against human-factor risks and exploits.
  • Multi-device, multi-purpose authentication, digital signing, and secret key protection with simple backup, secure recovery, and AAL3 class security.
  • Integrated biometrics to solve friendly-fraud and lost-device risks.
  • The industry's broadest threat-eradication solution: CryptoPhoto prevents 100+ security risks and security-reducing UX issues with on clever solution.

* NIST Special Publication 800-63 Revision 3
Authenticator Assurance Level 3 (AAL3) provides very high confidence that the claimant controls authenticator(s) registered to the subscriber.  Authentication at AAL3 is based on proof of possession of a key through a cryptographic protocol.  AAL3 is like AAL2 but also requires a “hard” cryptographic authenticator that provides verifier impersonation resistance.

Who is using CryptoPhoto

Get Started