ZKX Helix:
Continually verify access with superior MFA.
Security technologies need to be better. That’s why we developed Helix’s powerful MFA that shields user data from attacks, enhances password authentication, and minimizes existing and emergent attack surfaces in your network.
Helix Key Benefits:
- Enables enforcement of access policies at macro and micro scales
- Patented MFA simultaneously validates users and their devices for improved security and network access visibility
- User/Device pairs are continually authenticated in a process transparent to the end user
- Unrivaled security: security is upheld even when user credentials are phished, leaked, or otherwise compromised
Maximize MFA security with user-device pairing
Helix MFA achieves superior security by destroying private authentication keys and scattering their pieces between the user and their device. This decentralizes the client-side security responsibility, and binds the user and device together as one entity.
When a user enrolls with Helix, a series of private keys is generated. The user’s MFA credentials (e.g., PIN, RFID card, etc.) are then used to destroy the private keys in a specific fashion. These destroyed keys, called key fragments, are stored on the device.
Later, when this user/device pair needs to authenticate, the user produces some or all of the same MFA credentials they enrolled with. These credentials are processed by Helix and are used with the device’s key fragments to temporarily reconstruct the original private keys.
This arrangement requires both the user and their device to produce accurate data, resulting in unrivaled binding between users and their specific devices. As such, a lost device alone does not compromise security, nor does a lost ID card or phished password.
Preserve data privacy with zero-knowledge proofs (ZKPs)
Simply preventing the storage of private keys is not enough to offer “superior security”. That’s why Helix MFA utilizes ZKPs to ensure authentication data is secure in-use and in-transit, not just at rest.
Once a user (and their device) successfully recreate their private keys, those keys are then used to sign ZKP authentication challenges, built from that user/device pair’s public data, and issued by a Helix MFA server.
ZKPs are used to ensure that even though the private keys are participating in the transaction, they are never transmitted over the network.
Furthermore, ZKPs are random each time they are conducted, meaning private keys and user credentials are concealed, even when they’re being used 100 times a day.
This enables Helix to know if a user’s MFA credentials are legitimate without revealing them to the server in any form or fashion. This arrangement thwarts any brute-force attack threat, and even adversaries sophisticated enough to impersonate a Helix MFA server.
Continual and transparent authentication
Once authenticated with Helix, users can enjoy automated, transparent sessions – continual, cryptographically-rigid attestations of their (and their device’s) verified identity.
This enables the user to navigate the network without needing to interact with an MFA app or service: they automatically reauthenticate as they transverse the network. These sessions, like Helix MFA, are enabled by ZKPs, so the operational security benefits are maintained even with an exponential spike in usability.
How ZKX Helix Works
Download the PDF
During account setup, private keys are created for the user and device identity.
User MFA credentials are processed by Helix, generating totally unique outputs.
Processed credential data is used to destroy the private keys in a specific fashion. The resulting pieces are called key fragments.
Key fragments are stored on the device, and pose no security risk if lost, leaked, or stolen.
During authentication, user MFA credentials are reprocessed by Helix, generating the same unique outputs.
These outputs and the key fragments are used to temporarily reconstruct the original keys, which are then used to sign ZKP authentication challenges.
The private keys are destroyed, leaving only the key fragments behind.
This system ensures no entity, not even the Helix MFA server, can learn what the user’s private key data is, even if MFA credentials are successfully phished.