RO | EN Book a demo
Sovereign digital identity for regulated companies. Built in Romania. Aligned with eIDAS 2.0 EU Digital Identity Wallet.
SIM swap exposes the codes. The carrier sees them. Deprecated as MFA by NIST since 2017.
The secret is copyable text; if the phone is compromised, it leaks. Vulnerable to real-time phishing.
Data transits US servers. CLOUD Act + Schrems II = GDPR headache. 6-8 €/user/month.
Technically excellent. But 60 € per key × 200 users = 12,000 € + distribution logistics.
Sync via iCloud / Google = total vendor lock-in. Data on US servers. Apple / Google can lock the account.
One solution: as simple as Google Auth, as secure as YubiKey, 0 € per-user licence, EU-only data, post-quantum ready, eIDAS 2.0 compatible from day one.
You log in with username + password (or passkey). The app sends a confirmation request.
You get a notification with details: which site, which action, from which IP. You tap fingerprint/face → sign locally.
Your key NEVER leaves the phone's secure hardware element. The server sees only the signature.
Total: 3 seconds · no TOTP typing · no SMS · no third-party redirects
| Criterion | Google Auth | Duo Push | YubiKey | Passkeys | CAI-AUTH |
|---|---|---|---|---|---|
| Hybrid post-quantum (patent application in preparation — OSIM, May 2026) | ✗ | ✗ | ✗ | ✗ | ✓ |
| HW-bound key (never leaves the chip) | ~ | ✗ | ✓ | ✓ | ✓ |
| Native anti-phishing (origin binding) | ✗ | ~ | ✓ | ✓ | ✓ |
| Sensitive-action confirmation | ✗ | ~ | ✗ | ✗ | ✓ |
| 100% self-hosted | ✗ | ✗ | ✓ | ✗ | ✓ |
| Data in the EU (Schrems II safe) | ✗ | ✗ | ✓ | ✗ | ✓ |
| Social Recovery without vendor cloud | ✗ | ✗ | ✗ | ✗ | ✓ |
| eIDAS 2.0 EUDI ready | ✗ | ✗ | ✗ | ~ | ✓ |
| Licence cost · 200 users · 3 years | 0 € | ~300k € | ~12k € HW | 0 € | 0 € |
Data 100% in the EU (Romania / Frankfurt). Schrems II safe by architecture. For regulated companies (banking, public sector, healthcare) — the only honest option.
Hybrid classical + post-quantum cryptography (patent application in preparation — OSIM Romania, May 2026). "Harvest now, decrypt later" — a real attack today against long-lived tokens. PQ must be applied now, not when Q-day arrives.
EU Digital Identity Wallet becomes mandatory in December 2026 (Reg. 2024/1183). The only Romanian-built product architecturally aligned with the EU wallet.
Unlike Duo (~300k € for 200 users over 3 years) or YubiKey (12k € hardware), CAI-AUTH is per-cluster licensed. You scale from 50 to 50,000 users without cost explosion.
Login to internet banking: password + CAI-AUTH push. The code is never typed — the signature is generated locally on the phone.
PSD3 SCA · DORA aligned
See the transfer on the phone's HW-protected screen BEFORE you confirm it. A virus controlling the browser cannot forge the recipient.
Action-Visible Confirmation
Single sign-on to 50+ internal apps via OIDC. New-hire onboarding: scan QR, biometric setup, done in 2 minutes.
OIDC + 4 grant types
Python SDK + Chrome extension shipped on install (source on request, commercial licence). OIDC discovery + 4 grant types. Deploy from 1 VM up to HA cluster. Public SDKs (Python on PyPI, Node, Rust) — on roadmap, not contractual commitment.
iOS app with secure hardware element attestation. 100% parity with Android: same protocols, same UX.
Offline authentication via Bluetooth (areas without signal). Social recovery with a safety interval.
FIPS 140-3 certification of the cryptographic module. eIDAS 2.0 EUDI-compliant wallet for the EU December 2026 deadline.
30 minutes. Live demo on your scenario. Free AI-readiness audit for companies with 50+ employees.
© 2026 CAI Technology · CAI TECHNOLOGY SRL · Tax ID 39185206 · Romania · Book a demo
This site runs on a minimal set of necessary cookies. For anonymous analytics (no tracking, no third-party cookies), we use self-hosted EU Plausible. Learn more