dopeIN® is a patented authentication method that uses dynamic tasks and codes for maximum security. dopeIN® stands for the individualisation of security fragments in authentication procedures.

dopeIN® is a method for improving security in authentication processes. In authentication processes protected with dopeIN®, the (secret) code is not entered directly by the user. The code to be entered is the result of a dynamically generated task for which the user has previously defined the rules. Only the user knows the code, rules and appearance of security fragments!

The dopeIN® method describes a principle of communication between humans and machines that emphasises the skills and experience of the user, i.e. the individual human being. This is the novelty of the dopeIN® authentication process and at the same time the innovative power that emanates from dopeIN®.

The dopeIN® method builds on existing knowledge and addresses the limits of previously applied techniques. Its problem-solving expertise is the unique selling point (USP). dopeIN® can be implemented in existing technical authentication and security systems and used within technical authentication systems. At the same time, underlying variability is guaranteed, allowing future cryptographic security techniques, procedures and extensions to be flexibly integrated. 

The innovative power of dopeIN® at a glance:

• dopeIN® clearly differentiates itself from the increasing dependence on devices in security processes and puts people and their experiences back at the centre of authentication processes. 
• dopeIN® enables people and machines to initiate secure communication without one side having to present unencrypted security fragments.
• dopeIN® resolves the 1:1 relationship between authentication input (input code) and the actual, secret authentication code. This makes authentication processes more secure against spying.
• dopeIN® enables the implicit legitimisation query: "Is the system even authorised to ask me the authentication query?" The dopeIN® user can recognise that the authentication request presented to him by the machine has been made in the context of his individually selected security fragments and is therefore trustworthy or not.

Individuality is a top priority with dopeIN®: dopeIN® offers protection for users and administrations who want to individually control their security requirements in authentication processes. With dopeIN®, increasing security requirements can be addressed in a targeted manner and protection mechanisms can be set to a desired level. dopeIN® is a patented process on a human scale. The user's individual requirements and experience determine the authentication process.

Biometric data is unchangeable and harbours data protection risks. dopeIN® is based on dynamic, flexible input and emphasises that the mind also defines who we are. Biometrics can be used as a supplement, but is not absolutely necessary. This opt-in model ensures that every user can decide for themselves if and when biometric data is added.

Biometric technologies such as fingerprint, facial or voice recognition, iris or retina scans, gait or typing behaviour analyses are already frequently used for authentication - from unlocking smartphones to border controls. While these technologies offer a high degree of user-friendliness, security and efficiency due to the uniqueness of biometric features, they also harbour risks and challenges, particularly in terms of data security, data protection, inclusion and ethical considerations.

• For example, false positive or false negative identifications can have serious consequences, such as unauthorised persons gaining access to sensitive information or legitimate users being excluded.
• The collection of biometric data can be perceived as an encroachment on personal freedom and undermine trust in technologies and institutions.
• Unlike passwords, biometric data cannot be changed. A data leak can therefore cause irreversible damage such as identity theft.
• It is also important to bear in mind that not all people can use all types of biometric systems, which can lead to exclusion.

The processing of biometric data is subject to strict legal framework conditions in Germany and within the European Union, mainly defined by the General Data Protection Regulation (GDPR). According to Article 9 of the GDPR, biometric data that are processed to uniquely identify a natural person are considered a special category of personal data. Processing of such data is generally prohibited unless one of the explicit exceptions applies. Institutions and companies wishing to use biometric authentication procedures must carry out a comprehensive data protection impact assessment and ensure that they comply with the principles of data minimisation, purpose limitation, transparency and data security.

Not all sections of the public are convinced by authentication with biometric data. The balance between security, convenience and the protection of personal freedoms is and will therefore remain an ongoing challenge. 

The dopeIN® method deliberately avoids the mandatory use of biometric data and biometric technologies. In contrast to biometric systems, which are associated with risks such as data leaks and falsifiability, dopeIN® offers an approach that relies on the experience of its users. This can reduce the risk of identity theft as the information cannot be easily intercepted or replicated.

Since no biometric data is collected or stored, dopeIN® avoids some of the privacy concerns associated with the collection and storage of personal characteristics. This meets a growing need for data protection and could increase acceptance among users who are concerned about their privacy.

Avoiding biometric data also eliminates ethical concerns regarding the monitoring and misuse of this sensitive information. This is a positive development as it gives users more control over their data and how it is used.

dopeIN® relies on dynamic, not static, input, thus achieving an unrivalled level of security. The need for security is one of the most important collective needs. Security can be established in very different ways. In times of increasing cybercrime, dopeIN® relies on personalised security processes to prevent third parties from spying on login processes, password, PIN or code entries. To this end, dopeIN® puts people back at the centre of human-machine authentication and fully integrates users and their experiences into the authentication process. In procedures protected with dopeIN®, the input and authentication codes are not identical. All procedures are defined by the users themselves. 

The authentication code and authentication procedures are only known to the users.

This makes it possible for users to directly recognise whether the machine is authorised to send them an authentication request. It is not least this protection mechanism, especially for avoiding phishing, that clearly sets dopeIN® apart from many conventional procedures. The following graphic shows the advantages of dopeIN® in comparison with other authentication methods.

With dopeIN®, protection against third parties spying on passwords, PINs or codes is the number one priority. This is achieved by integrating the experience of the user, i.e. the human being, into the authentication process. dopeIN® simultaneously addresses several security aspects in the interaction between humans and machines and thus improves the individual protection of the user against spying by unauthorised third parties:

• Knowledge of the user's secret authentication code is not sufficient for attackers to successfully carry out authentication. This is because the input code and authentication code are not identical in procedures protected with dopeIN®.
• Even knowledge of a single security fragment is not sufficient to gain unauthorised access to a system within procedures protected with dopeIN®.
• In procedures protected with dopeIN®, several security fragments are combined with each other (dopeIN® algorithm). Users have defined these individually for the internal calculation process. These rules for solving the task are not externally recognisable to attackers.
• Attackers would not only need to know the user's secret authentication code, but also the dopeIN® algorithm and all the security fragments it combines in order to successfully authenticate themselves. As these are not purely machine-based processes, but rather humans play a decisive role as part of the security chain, the hurdles for attackers are particularly high. 
• Attackers would have to reengineer the dopeIN algorithm in order to understand which security fragments are used at which point and with which content in the authentication process and how they relate to each other. In addition, attackers would have to be able to execute a corrupted algorithm on a target system in order to identify and spy on individual security fragments.

dopeIN® combines static and dynamic security fragments that are only correctly interpreted and verified at the moment of authentication. Successful authentication requires the correct combination, plausibility check and verification of all security fragments. This dynamic procedure provides reliable protection against quantum attacks, among other things because only static elements and direct assignments are missing.

Yes, dopeIN® is flexible and open to new standards. It can be adapted to changing security requirements and new cryptographic standards without compromising the existing security functions.

dopeIN® enables direct asymmetric encryption in communication between humans and machines. This is the novelty of dopeIN® and the innovative power of the patented process.

In many well-known authentication procedures, users pass their authentication code 1:1 to a machine. This standard procedure has major weaknesses. It has therefore been expanded to include additional security aspects. With two-factor authentication (2FA), a second temporary authentication code is sent to a registered user device (e.g. smartphone) after the first authentication request. Users transmit this temporary authentication code to the machine in order to continue their authentication process. Multifactor authentication (MFA) offers further options. Each additional factor increases the security of the authentication process, but the respective authentication code is still entered directly 1:1 for each integrated factor. 

The dopeIN® method deliberately distinguishes itself from this as a human-machine authentication procedure: In contrast to the named authentication methods, the authentication code is already encrypted when it is entered with dopeIN®. The key factor is the user, i.e. the person with their individual experiences.

In procedures protected by dopeIN®, users do not enter their authentication code 1:1 into a machine. The input is the result of a task for which users have previously defined the rules. Users are therefore actively involved in the creation of the individual procedure and are therefore able to customise and control security processes.  Users are not just users, but a decisive component in the authentication process. When users evaluate an authentication request from a machine as valid and trustworthy, they do not just repeat their knowledge by reproducing a memorised authentication code, as is the case with known authentication procedures. dopeIN® users proactively apply their experience.

The stages of encryption:

• In authentication procedures protected by dopeIN®, the machine does not ask the user for an authentication code, but gives the user a task. If this task does not comply with the rules that the user has defined for the authentication procedure, the user already knows at this point that the request is not legitimate (e.g. phishing). This can be regarded as the first stage of encryption.
• If the request is justified, the user combines the security fragments known to him and transmits his solution, i.e. the temporarily determined security fragment, to the machine. The underlying knowledge can be evaluated as the second level of encryption.
• As the temporary input code does not correspond to the actual authentication code, this input can in turn be regarded as encrypted by third parties. This represents a third level of encryption. 
• Only when the machine combines all the individual security fragments can it resolve the temporary authentication request and thus grant or deny the user access. This creates a fourth level of encryption. 

dopeIN® has a number of protective mechanisms that make phishing easier for the user to recognise. The individual processes and rules defined by the users in the dopeIN® algorithm, which only the users know, make external attacks much more difficult.

• Attackers must first lure the selected victim to a website that is visually identical to the target system. As users can customise their interface with dopeIN®, this is the first hurdle for attackers.
• Attackers would have to recreate a corrupted dopeIN® algorithm that behaves identically to the target system. To do this, attackers would need to know all the security fragments that dopeIN® users have individually selected and combined.
• Since the temporary dopeIN® input code changes with every request on the real target system, attackers would have to carry out a reengineering process for each authentication request in order to gain illegal access to the target system.

dopeIN® is an independent, patented procedure for carrying out an authentication process by an individual system user. However, dopeIN® can also be used to combine different security procedures in order to fulfil the security requirements of each individual user. dopeIN® actively integrates people back into the safety chain and enables asymmetric encryption for access to safety-critical processes directly at the interface between humans and machines.

The dopeIN® method can be integrated into known technologies and also into future technologies and developments. dopeIN® can be individually scaled and addressed throughout the entire security process.

If risk-based and / or adaptive security fragments are added to the composition of the individual dopeIN® algorithm and thus integrated into the security process, this raises overall security to a new level.

No, dopeIN® describes a patented method and can be integrated into existing systems without additional hardware. It utilises the user's cognitive abilities and dynamic security fragments as a protection mechanism.

No. The dopeIN® algorithm is a separate security fragment. It contains the rules as to which security fragments selected by the user (e.g. dopeIN calculation rule, dopeIN pattern etc.) must be combined in which form in order to calculate and compare a missing security fragment, but not the secret value of the security fragments themselves (e.g. the secret authentication code).

The authentication check at dopeIN® is an interaction between man and machine, in which the secret authentication code is never visible to the outside world.

In the dopeIN method, the input code and authentication code are not identical. There is no 1:1 relationship between the two. The input code is the result of a task that the user has to solve based on his or her previously defined individual rules. The user transmits the input code to the machine as an independent temporary security fragment. The machine passes this to the individual dopeIN® algorithm as an input parameter. The machine then calculates the authentication code and compares it with the stored secret authentication code.

The authentication code is not visible to the outside world, neither in the user's input process nor in the machine's computing process: 

• The person knows their secret authentication code and the rules for solving the task within the dopeIN® method. The input process is a cognitive effort on the part of the user. 
• The authentication code is only available as a calculation result when the dopeIN® algorithm is executed automatically within the machine. 
• The result of the calculation is immediately encrypted and can thus be compared as a hash value with the hash value of the secret authentication code stored in the system. 
• If both hash values are identical, the machine can grant access. If this is not the case, the machine rejects access.

In the context of dopeIN®, technical systems represent technical components (e.g. computers, microprocessors, machines, devices, components, etc.) in a larger unit (e.g. computer network, plant, building, device, machine, etc.) that interact for human-machine authentication with regard to their input and output variables.

In the context of dopeIN®, security fragments are used for authentication checks. They can be created and / or checked as input and output variables within a single technical component in the technical system as well as distributed, created and / or checked in a network of different technical components in technical systems.

In the context of dopeIN®, technical authentication systems execute algorithms for individual algorithm-based multi-factor authentication in order to secure security-relevant actions by means of additional cognitive performance of the individual system user in the event of authentication.

The technical security systems in the context of dopeIN® are used to manage, generate and/or synchronise/data exchange algorithms for individual algorithm-based multi-factor authentication.

Technical authentication and security systems may differ in the application and implementation phase of dopeIN®, but do not necessarily have to.

dopeIN® can be used wherever it is necessary to improve security when entering passwords, PINs or codes.

dopeIN® is basically suitable for all users of authentication procedures.

It can be integrated into existing security systems in any technology. It can be operated by any user, as the settings are customised according to the user's skills and experience. Algorithms with mathematical tasks of varying complexity are conceivable. However, users can also work with images or music when determining the input code, for example. Individuality is a top priority at dopeIN®.

We as dopeIN® inventors think "clearly YES"! dopeIN® focuses primarily on areas where, on the one hand, no compromises can be made with regard to the usability of authentication procedures and, on the other hand, where the best possible procedures are just good enough.

The users individual design options define the convenience of authentication processes, at the same time. 

Authentication processes in procedures protected with dopeIN® are as convenient as the respective users set them individually.  dopeIN® emphasises the highest possible degree of autonomy and self-determination in authentication processes and clearly distinguishes itself from purely machine-based processes in which humans only process individual security fragments. This is intended to promote acceptance, especially among users who perceive authentication processes per se as negative. 

We think so. If dopeIN® is integrated into existing safety systems, it should be possible to merge stages and thus carry out procedures more quickly. This can help to increase the acceptance of necessary authentication procedures.

In procedures protected by dopeIN®, the password, PIN or code is never entered directly, one-to-one. The input follows a customised procedure that the users define in advance. The secret code and the procedure are only known to the users. There is no automatic storage of the authentication code in the dopeIN® algorithm or dopeIN® algorithm template.

Since dopeIN® requires a random input code for each authentication request despite the same authentication code, dopeIN® can make it possible for users to only need one password wherever dopeIN® is used.

A key feature of the dopeIN method is that the password is one of several security fragments. If you want to change the password, follow the same steps as when creating a dopeIN® algorithm. This allows the dopeIN® user and the technical security system to check whether the original dopeIN® algorithm can be retained by changing the password or whether the dopeIN® algorithm needs to be recreated.

The terms Authentication and Verification are often confused or used synonymously in the context of identity confirmation, which can lead to misunderstandings. In practice, they are closely related and together form the process of identity verification.

• Authentication refers to the process by which a person or system proves their claimed identity. This typically involves providing specific information such as passwords, PINs, codes, or using biometric features.
• Verification, in this context, is the process of checking and confirming the identity of a person or system. It's the step where it's determined whether the credentials provided during authentication are valid and actually belong to the claimed identity.

To put it more simply

• Authentication means: "I prove who I am."
• Verification means: "The system checks and confirms that I am indeed who I claim to be."

In English, the term "Authentication" often encompasses both of these aspects, covering both the act of providing credentials and the process of verifying them. The distinction made in German between "Authentisierung" and "Authentifizierung" is typically expressed in English by describing the specific steps or components of the authentication process.

2FA stands for two-factor authentication and is a security method that additionally secures access to accounts and sensitive data. With two-factor authentication, users have to prove two different factors to confirm their identity:

1. Something you know (e.g. a password)
2. Something you own (e.g. a smartphone) or something you are (e.g. a biometric feature)

Access is only granted once both factors have been successfully verified.

MFA stands for multi-factor authentication and is a security method that additionally secures access to accounts and sensitive data. With multi-factor authentication, users must prove two or more different factors to confirm their identity.

These factors can be divided into three main categories:

1. Something you know (e.g. a password or PIN)
2. Something you own (e.g. a smartphone or a security token)
3. Something you are (e.g. a biometric feature such as a fingerprint)

We offer our sales partners exclusive access, easy integration and marketing support.

We offer flexible models that are customised to your needs.

You test dopeIN® in your system, provide feedback and benefit from customised adaptations.

No, the process can be integrated into existing systems.