D2OTP is the organisation that owns the secure communications protocol with encryption and mutual authentication, protected by international patent WO2022018310. This protocol, known as the D2OTP protocol, guarantees confidentiality, integrity and mutual authentication in the exchange of messages, regardless of the technological infrastructure connecting the communicating applications and without relying on PKI.The organisation's mission is to disseminate the benefits of D2OTP, promote adoption projects, license its use and offer technical advice for its implementation in areas where it provides the greatest value. D2OTP (Drive to One-Time Password) is a next-generation cryptographic protocol that enables secure communication between applications, devices, or distributed systems without the use of digital certificates or Public Key Infrastructure (PKI). Based on chained one-time passwords (OTP) with mutual feedback, D2OTP provides: Mutual authentication End-to-end encryption (E2E) Verifiable non-repudiation Cryptographic traceability without servers This model removes complexity, lowers operational costs, prevents fraud, and is resistant to quantum computing threats. Key Advantages Fraud prevention in online financial operations Protects against impersonation, order manipulation, and fake confirmations through cryptographic proof and mutual authentication. No need for certificates or PKI Eliminates dependency on certificate authorities and simplifies deployment and lifecycle management. Serverless mutual authentication Verifies identity without relying on centralized authentication systems. Non-repudiation without digital signatures Each party generates cryptographic evidence of message handling using symmetric mechanisms. High efficiency and low latency Operates with minimal resource usage—ideal for real-time, constrained, or critical systems. Scalable and decentralized Functions without central nodes, supporting mobile, federated, or disconnected networks. Channel-agnostic and highly adaptable Works over IP, LoRa, BLE, radio, SMS, or offline communications. Built-in traceability Every interaction leaves a verifiable record, with no need for log servers. Protection against replay and impersonation attacks Uses dynamic values and chained OTPs to ensure message uniqueness. Native compliance with GDPR, PSD2, NIS2, ENS Enables auditability and integrity aligned with global regulations. Post-quantum resilient Immune to quantum attacks like Shor’s algorithm by avoiding public-key cryptography. Supports secure federated networks Enables secure communication across independent entities without shared infrastructure. Compared to Traditional Protocols While TLS/IPSec and Kerberos rely on certificates and central servers, D2OTP eliminates these weak points by replacing them with lightweight, dynamic OTP-based mechanisms. Unlike DTLS/LoRaWAN, which are limited in scalability, or apps like Signal, focused on personal messaging, D2OTP offers E2E security and operational traceability suitable for enterprise, IoT, or defense environments—without external trust anchors or PKI. Sectors That Benefit Most Finance & Banking: Secures transactions and meets PSD2/DORA compliance. Defense & Security: Enables tactical coordination without relying on centralized infrastructure. Industry & Critical Infrastructure: Secures SCADA, automation, and mission-critical IoT. Healthcare: Protects personal data and enables secure clinical coordination. Logistics & Energy: Ensures traceable commands and field communication. Telecom & Emerging Tech: Supports federated, post-quantum secure networks. D2OTP redefines secure communication by combining lightweight cryptography, decentralization, and verifiable trust—without certificates, central servers, or signature algorithms.
José Vega Crespo holds a degree in Physical Sciences from the Complutense University of Madrid. For three years, he worked as a professor at various institutions, including the Polytechnic University of Madrid, and has over forty years of experience in Information Technology (IT) in the industrial and financial sectors. He is the inventor of several international patents on online operational security and communications, and has published articles in specialist cybersecurity magazines and on LinkedIn. Now retired, he remains committed to advancing communications security by applying the internationally patented D2OTP protocol.