ZKX Helix:

MFA that does more.

Cybersecurity needs to be better. That’s why we developed Helix’s powerful MFA that shields user data from attacks, enhances password authentication, and eliminates existing and emergent attack surfaces in your network.

Helix Key Benefits:

  • Unrivaled security: security is upheld even when user credentials are phished, leaked, or otherwise compromised
  • Enables enforcement of access policies at macro and micro scales
  • Patented MFA simultaneously validates users and their devices for improved security and network access visibility
  • User/Device pairs are continually authenticated in a process transparent to the end user

Maximize MFA security with user-device pairing

Helix MFA achieves superior security by destroying private authentication keys and scattering their pieces between the user and their device. This decentralizes the client-side security responsibility, and binds the user and device together as one entity.

When a user enrolls with Helix, a series of private keys is generated. The user’s MFA credentials (e.g., PIN, RFID card, etc.) are then used to destroy the private keys in a specific fashion. These destroyed keys, called key fragments, are stored on the device.

Later, when this user/device pair needs to authenticate, the user produces some or all of the same MFA credentials they enrolled with. These credentials are processed by Helix and are used with the device’s key fragments to temporarily reconstruct the original private keys.

This arrangement requires both the user and their device to produce exactly correct data, resulting in unrivaled binding between users and their specific devices. As such, a lost device alone does not compromise security, nor does a lost ID card or phished password.

Preserve data privacy with zero-knowledge proofs (ZKPs)

Simply preventing the storage of private keys is not enough to offer “superior security”. That’s why Helix MFA utilizes ZKPs to ensure authentication data is secure in-use and in-transit, not just at rest.

Once a user (and their device) successfully recreate their private keys, those keys are then used to sign ZKP authentication challenges. These identity based challenges are built from that user/device pair’s public data, and issued by a Helix MFA server.

ZKPs are used to ensure that even though the private keys are participating in the transaction, they are never transmitted over the network.

Furthermore, ZKPs are random each time they are conducted, meaning private keys and user credentials are concealed, even when they’re being used 100 times a day.

This enables Helix to cryptographically validate if a user’s MFA credentials are legitimate without revealing them to the server. This arrangement thwarts any brute-force attack threat, and even adversaries sophisticated enough to impersonate a Helix MFA server.

Continual and transparent authentication

Once authenticated with Helix, users can enjoy automated, transparent sessions – continual, cryptographically-rigid attestations of their (and their device’s) verified identity.

This enables the user to navigate the network without needing to interact with an MFA app or service: they automatically reauthenticate as they transverse the network. These sessions, like Helix MFA, are enabled by ZKPs, so the operational security benefits are maintained even with an exponential spike in usability.

Continual Authentication