2024/06/26

Internet isn't a free creativity data farm...

Fingerprint-capable devices, at registration, store a mathematical representation of your physical fingerprint(s)-most devices can store more than just one. One of these is then used by various apps, of which the most eloquent, frequently-used examples are mobile banking apps. The actual pattern of the lines and ridges that form a human fingerprint is not scanned or stored by any device. Devices incapable of fingerprint scan will use the same concept behind a security pin/passphrase.

 

OUR PROCESS

We’ve elevated this device built-in technology into a multi-layered security product packaged in the form of a captcha sitting at the front of your website. Although the complexity of the product warrants its own server, the process still takes just as long as opening a banking app and assuredly more secure. 

 

Speed:We timed our captcha at 3 seconds: showing a notification to perform fingerprint authentication, the actual finger tap and redirect. The product is not hosted, it lives alone on a dedicated cloud server and the code execution time is under 300ms.  

This product lives on our server, a server that we will hire to you at a transparent cost + 1$ or 3$ month. (more on pricing below).  Along with the server, we will grant you free copyright to use our product name as a subdomain and, depending on the version chosen, will look like:

" fingercaptcha.yourdomain.com" or "dactylocaptcha.yourdomain.com"

Therefore, the captcha on subdomain will filter all traffic requests before they reach your server, acting as a multi-factor authenticator, gateway and load-balancer.

The product is designed to forward all authorized visitors and traffic to your website whilst at the same time any unauthorized visitors and traffic will be automatically redirected to perform our captcha. This allows reinforcing with security access lists between our server’s IP and yours.

None of the pages of your website will be reachable if the finger/dactylo captcha has not been performed = DATA INTEGRITY

A time limit exists for the captcha’s validity and even authorized visitors will be asked to re-authenticate using their fingerprint. A browser restriction is applied, so if during an authorized visit, another page is accessed with a different browser, visitors will be asked to re-authenticate using their fingerprint/pin/passphrase.

Special allowances for SEO purposes are made for bingbot and googlebot, to allow website indexing for search optimization. Unfortunately, they’re the only bots that we allow through our server to yours and that through a complex domain mapping proprietary code.

2024/06/25

Bots, data scrapers, web crawlers: show them the finger.

FINGERCAPTCHA

~ hosted on independent server acting as MFA, gateway and load-balancer

~ free copyrights for subdomain product name

~ encrypted authentication: ECDSA algorithm with P-256 curve and SHA-256

~ visitors registered as ‘generic123’

~ timed browsing session

~ browser restriction per authenticated session

# ELIMINATED ATTACK VECTOR:  even if you don’t need your visitors to use classic credentials login, ensure they’re humans by assigning a generic nickname matched against unique private key stored on server 

~ monthly pricing at cost: our server’s cloud provider current monthly price will be published for the last month and we will add 1$ (one US dollar) to that on our invoice to you. 

 

DACTYLOCAPTCHA

~ hosted on independent server acting as MFA, gateway and load-balancer

~ free copyrights for subdomain product name

~ encrypted authentication: ECDSA using secp256k1 curve and SHA-256

~ visitors registered with their chosen nickname: privacy and authentication

~ up to 5 registered devices per user

~ timed browsing session

~ browser restriction per authenticated session on paired device and nickname

~ redirection restricted to registered device(s) and nickname

~ concurrent sessions only allowed up to max number of registered devices per user.

# ELIMINATED ATTACK VECTOR:  replacing classic credentials login by pairing nickname with device(s) and matched against unique private key stored on server 

~ monthly pricing at cost: our server’s cloud provider current monthly price will be published for the last month and we will add 3$ (three US dollars) to that on our invoice to you. 

.

Server IP: 10.70.0.122

Request IP: 18.118.195.30