COPYRIGHT DE FACTO DE JURE QED

 

Repository Reference in line with the Berne Convention Copyright Treaty and US Copyright Office Submission.

This submission includes annotated excerpts of the codebase for Caftcha, as deployed on November 1, 2024, on the pilot client domain xpat.to. These excerpts demonstrate the core functionalities of the software, including:

• Session management and secure server-to-server communication.
• Client-independent biometric authentication, including frontend and backend processing.
• Implementation of multi-factor authentication workflows.

The repository containing these annotated excerpts is hosted on a private GitHub repository:

• Repository Name: caftcha-usc
• Repository URL: caftcha-usc
• Version Tag: v1.11.24-usc

The repository is protected under copyright and contains:

Caftcha_Client_Code_Excerpts_Annotated.txt: Annotated excerpts of the client-side code.

Caftcha_Server_Code_Excerpts_Annotated.txt: Annotated excerpts of the server-side code.

Access to this repository is restricted to maintain the confidentiality and integrity of the codebase.

 

 

Mission and statement of principles

CaFtcha-Total Data Protection.

Completely Automated Fingerprint Test to tell Computers and Humans Apart

Technology serving-not subserviating humanity, because the internet is not a free data farm.

Embracing the ethical AI credo, our # ZeroTrust at your fingertips # mission is to reshape internet security by providing innovative solutions that protect websites, cloud and internet resources from – amongst many: data scraping, unauthorized access and web crawling, and any other form of resource exploitation, ensuring that only human-authorized traffic gains entry.

 

Fingerprint data protection:
Any fingerprint used has data its filtered and saved ONLY ON YOUR DEVICE as a mathematical representation under an encrypted biometric key.
The browser only retains a binary code used for verification. This is regulated under IANA RFC 8809 and commonly used by banking industry.
Now, through caFtcha, your data, as a website visitor or owner, benefits from the same banking security level.
Regardless of whether a passkey is stored or not on your device, caFtcha will always register visitors under a random or your chosen username.

 

 

The uniqueness of our innovation mainly consists in:

• 1. Our servers act as gateway, load-balancer, external authenticator and single source of truth
• 2. biometrics are processed multiple times, out of which: externally on our servers frontend via initial, full traffic redirect from client, then again in our servers backend, when we return only human-authorized traffic to the client’s server backend and then again upstream to its frontend.
• 3. Only healthy traffic is returned to client domains, on a temporary basis, with mandatory biometrics reauthentication to prevent session fatigue, amongst quite a few more security features.

That’s what Turing intended and today, CAFTCHA , dactylocaptcha and fingercaptcha are the best proof of personhood or humanness.

Caftcha (Completely Automated FINGERPRINT Test to Tell Computers and Humans Apart) builds on the success of its flagship product, CAFTCHA.com, an innovative system that authenticates traffic externally and returns secure, human-authorized browsing sessions.

 

 

Caftcha suite

Caftcha is a comprehensive security framework that ensures end-to-end traffic protection for websites, all internet resources and corporate data.

Our product suite includes:

• – Caftcha.com:

live since 01.11.2024 here and on a client pilot website: www.xpat.to

A groundbreaking solution that authenticates traffic through external, biometric verification with server-side processing and facilitates anonymous, temporary- 60 or 120 seconds- browsing client local sessions.

The uniqueness of this is that the entire process is validated on our servers, offloading the unauthorized traffic from the client, maintaining an independent source of truth, gateway and load-balancer. Only healthy, human-initiated traffic is returned to client.

In development

• – Fingercaptcha.com, a customized CAFTCHA for websites, offering:

1. Device-based, time-limited, alias-based (or validated-ID) registered sessions
2. Browser and session restrictions with IP geolocation.
3. Support for up to 5 concurrent sessions per authenticated device-user pair.

Designed to scale effortlessly with website traffic, this product secures access without compromising user privacy or experience.

• – Dactylocaptcha.com, a hardware-software solution for enterprises:

A multi-user biometric scanner (virtual keyboard display, 5ghz BlueTooth capable, 3meters usbB/C/lightning hardwired) embedded with CAFTCHA software for plug-and-play integration with corporate systems such as Microsoft Active Directory and Cisco ISE.

Tailored for secure access to company resources like Microsoft OneDrive, SharePoint, and ServiceNow.

 

How Caftcha Works

• Step 1: External Authentication

-All traffic to the client website (e.g., xpat.to) is redirected to a client-dedicated subdomain on our servers (e.g. xpatto.caftcha.com) for biometric frontend authentication.

-Only human-authorized, controlled and monitored traffic is returned to the client’s domain for 60-second, anonymous sessions.

• Step 2: Traffic Control

-Caftcha’s multilayered server- to- server front and backend:

Acts as a load balancer, gateway, and single source of truth.

Replacing with an entire server infrastructure external devices like hardware ring tokens/security keys-NFC or USB enbled-, authenticator apps and similar.

Filters out bots, data scrapers, and unauthorized web crawlers.

Returning, authenticated human traffic, can run safely within the session limits, ensuring data integrity and a seamless user experience.

Reauthentication at session end restarts the entire process, involving the human factor to prevent session fatigue

• Step 3: Scalability and Security

For devices without fingerprint scan capability, external backend encryption and server-side processing is applied to the device’s PIN or passphrase. The enterprise grade hardware fingerprint scanner solution is available where affordable.

SEO crawlers like Googlebot and Bingbot are granted controlled access for indexing purposes.

 

 

Why Caftcha Stands Out

1. Innovation:

Caftcha uses encrypted mathematical representations of biometrics as keys for MFA, combining advanced security with a user friendly experience. Our innovative frontend cross domain MFA approach prevents data scraping, bot accounts, and any other malicious traffic. The uniqueness is that biometrics are processed multiple times, externally on our servers frontend via initial redirect from client, then again in the backend, when we return only authorized traffic to the client.

2. Proven Technology-Real World Applications:

Currently at Technology Readiness Level 9 (TRL 9), Caftcha has been successfully deployed on the 1st of Nov 2024 at XPAT.TO as a live pilot.

3. Economic Impact:

Priced at $100/year, Caftcha is more than affordable to the existing over 400 million websites, making advanced security accessible at scale.

 

The Future of Human Internet Security

Caftcha is more than a product-it’s a paradigm shift in online security.

By protecting websites from data harvesting and unauthorized traffic, we preserve the integrity of your creativity, innovation, and intellectual property.

Copyright © 2024 caFtcha |

US Copyright: TX0009451092 / 2024-12-05
World Copyright: Berne Convention Treaty / 29-06-2024