Authentication Without Surveillance
SPY Protocol uses cryptographic proofs to verify authorized agents without passwords, tracking, or behavioral analysis
How SPY Protocol Works
sequenceDiagram
participant A as Agent (Browser)
participant P as Proxy (Gatekeeper)
participant R as Protected Resource
Note over A,R: SPY Protocol Authentication Flow
A->>P: 1. SPY_INIT
public_key, capabilities Note right of A: Agent presents credentials P->>A: 2. SPY_CHALLENGE
challenge, requirements Note left of P: Proxy sends nonce A->>P: 3. SPY_AUTH
signature, proof Note right of A: Agent signs challenge P->>A: 4. SPY_ACCEPT
session_token Note left of P: Proxy grants access P->>R: Authorized Request R->>P: Protected Content P->>A: Protected Content loop Heartbeat every 30s A->>P: SPY_HEARTBEAT P->>A: SPY_HEARTBEAT_ACK end
public_key, capabilities Note right of A: Agent presents credentials P->>A: 2. SPY_CHALLENGE
challenge, requirements Note left of P: Proxy sends nonce A->>P: 3. SPY_AUTH
signature, proof Note right of A: Agent signs challenge P->>A: 4. SPY_ACCEPT
session_token Note left of P: Proxy grants access P->>R: Authorized Request R->>P: Protected Content P->>A: Protected Content loop Heartbeat every 30s A->>P: SPY_HEARTBEAT P->>A: SPY_HEARTBEAT_ACK end
1
INIT
Present public key
2
CHALLENGE
Receive nonce
3
AUTH
Sign challenge
4
ACCEPT
Receive token
// Signature Generation
signature = ECDSA_Sign(
private_key,
SHA256(challenge || timestamp || target_host || client_nonce)
)
// Total authentication time: <100ms
// No passwords, no tracking, just mathPasswordless
ECDSA public key cryptography eliminates password vulnerabilities
Bot Protection
Cryptographic proofs that bots and scrapers cannot forge
Fast
Sub-100ms authentication with minimal overhead
Open Specification
Protocol Features
- ECDSA with P-256/P-384 curves
- Challenge-response authentication
- Session token management
- Heartbeat mechanism
- Rate limiting protection
Security Guarantees
- Replay attack prevention
- MITM protection
- DoS mitigation
- Key revocation support
- Zero personal data collection
Example SPY_INIT Message
{
"type": "SPY_INIT",
"version": "1.0",
"agent": {
"name": "SPY-Agent",
"version": "1.0.0",
"platform": "linux-x64"
},
"public_key": "-----BEGIN PUBLIC KEY-----...",
"supported_curves": ["P-256", "P-384"],
"timestamp": "2025-01-01T12:00:00Z"
}Start Implementing
For Proxy Developers
# Implement SPY endpoints
POST /spy/v1/init
POST /spy/v1/challenge
POST /spy/v1/auth
POST /spy/v1/accept
# Session storage (Redis recommended)
# Rate limiting (10 attempts/min/IP)
# Audit logging required
# Reference: SPYIL/night (Go)For Agent Developers
# Generate ECDSA keys (P-256)
# Store keys securely
# Sign challenges with SHA-256
# Manage session tokens
# Send heartbeats every 30s
# Reference: SPYIL/day (JavaScript)Ready to Eliminate Bots?
Join the authentication revolution with SPY Protocol