GKTinc Enterprise

O GuardianKey GKTinc Enterprise é um sistema para dissuasão de ataques massivos automatizados. Ele impõe desafios criptográficos para serem realizados pelo navegador que faz o acesso, dissuadindo assim ataques automatizados que consomem recursos do sistema.

GKTinc requires the browser to resolve a cryptographic challenge with each data submission to the web system, such as an attempt to authenticate to the web system.

The cryptographic challenge produces a computational cost with processing in the Javascript language, executed by the user's browser. The challenge solution must be sent together with the submitted data (username, password). This considerably increases the complexity and computational cost of executing automated attacks, such as brute-force attacks to crack credentials and credential stuffing.

GKTinc is based solely on the cryptographic challenge, not making use of intelligence bases that could compromise users' privacy.

The protected web application sends, along with the form, hidden fields that contain, minimally, a text to be used as “salt”, a single-use text (example, session), a text with the timestamp of the time and a text that it just depends on the username. These variables are used for the cryptographic challenge. Avoiding being reused when changing one of the variables.

The data submitted by the browser is used to query GKTinc, which informs the validity of the cryptographic challenge and allows the web application to continue the data processing flow, such as authentication.

GKTinc at no time requires interaction with the user, avoiding compromising the user experience.