Introduction

HexaEight Signature Verification is a robust system designed to provide secure authentication and integrity checks for various types of data, including photos, videos, and raw content. It offers a unique approach to digital signatures, addressing several challenges faced by traditional methods.

Current Challenges with Existing Digital Signatures

  1. Key Management: Securing private keys is crucial but challenging.
  2. Computational Overhead: Complex mathematical operations can strain system resources.
  3. Time-Consuming: Signing and verifying large amounts of data can be slow.
  4. Dependence on Trusted Third Parties: Reliance on Certificate Authorities (CAs) introduces potential vulnerabilities.
  5. Revocation Complexity: Revoking and replacing compromised keys can be difficult and time-consuming.

HexaEight's Unique Approach

HexaEight Signatures offers a completely different mechanism for verification by following a novel approach in the signature creation and verification process.

Real-World Example

To illustrate the process, consider this scenario:

  1. Bob, a private banker, needs to lend money to his friend Alice.
  2. Alice needs urgent funds for her friend Jane's hospital deposit.
  3. Bob initiates a money transfer that will take 12-24 hours to complete.
  4. Alice needs immediate proof of the transfer to assure the hospital.

The HexaEight Solution

  1. Bob records a video of the money transfer using the HexaEight Authenticator mobile app's Secure Video option.
  2. Bob sends the video to Alice via WhatsApp as a document (to prevent compression).
  3. Alice saves the video and uses the HexaEight mobile app's Secure Video feature to verify its integrity.

Technical Details

Signature Creation

HexaEight Secure Video and Secure Photo add a URL containing a JWT (JSON Web Token) to the video/photo properties (Comments, Title, or Description).

Example URL:

Copy

https://securejwt.hexaeight.com/data/b2a52920ba6ba7dc7f55218545f61973464fea0c445f3c4306322392d6968e95-4bed38893c93d87efeff089090ca4ad7527a228cfd28f5dd37b4df2aa2c6ae42.jwt

This URL contains two crucial components:

  1. Email hash of the sender: b2a52920ba6ba7dc7f55218545f61973464fea0c445f3c4306322392d6968e95
  2. Hash of the document: 4bed38893c93d87efeff089090ca4ad7527a228cfd28f5dd37b4df2aa2c6ae42

JWT Decoding and Verification

To decode the JWT, the hash of the document is required. This unique method ensures the integrity and authenticity of the document.

When decoded, the JWT contains the following information:

`{   
"SignedBy":  "users.hexaeight.com", 
"HashAlgorithm":  "SHA512", 
"Contact":  "b2a52920ba6ba7dc7f55218545f61973464fea0c445f3c4306322392d6968e95.users.hexaeight.com", 
"photobase64":  "REDACTED", 
"iss":  "users.hexaeight.com", 
"aud":  "b2a52920ba6ba7dc7f55218545f61973464fea0c445f3c4306322392d6968e95.users.hexaeight.com", 
"iat":  28784889, 
"nbf":  1727093353, 
"exp":  34040889, 
"signingkeyhash":  "Q52Lu0vw7gwA4gdCCc6kGtCVqlUqK/Kfwn/Mwcdeegm0ROFPwqVlIrG28HsoL+yFGug//5UkDB5FbbbbSrHXhg==" 
}`

Key points:

  • The JWT is signed and issued by the domain owner users.hexaeight.com.
  • The audience field contains the sender's email hash followed by the domain.
  • A base64 encoded photo (redacted for privacy) can be used to verify the sender's identity.

Verification Process

  1. The recipient can verify the sender's email by comparing the SHA256 hash of the known email address with the hash in the JWT.
  2. The document's integrity is verified using its hash.
  3. The photo in the JWT can be used for visual identity verification.

Advantages of HexaEight Signature Verification

  1. Eliminates complex key management issues.
  2. Reduces computational overhead compared to traditional digital signatures.
  3. Provides faster verification, especially for time-sensitive situations.
  4. Removes dependence on potentially vulnerable third-party Certificate Authorities.
  5. Simplifies the revocation process as it's based on individual documents rather than long-term keys.
  6. Offers a user-friendly approach to secure document verification in everyday scenarios.

Summary

HexaEight Signature Verification presents a novel and efficient approach to ensuring the authenticity and integrity of digital content. By leveraging familiar technologies like video recording and secure web links, it provides a robust yet accessible solution for various authentication needs in both personal and professional contexts.