Unbound Crypto-of-Things (CoT)
Secure any key, on any device
The first software-only solution that allows high-trust operations from insecure devices – even when the underlying device is compromised.
sign and encrypt
over any device
Unbound CoT eliminates any single point of compromise by ensuring that sensitive keys residing on untrusted and insecure devices never exist in the clear at any point in their lifecycle – not even when generated or while in use.
With Unbound CoT, key material is never whole. Rather, each key exists as two random key shares. All operations are carried out without ever uniting the key shares.
By eliminating any single point of compromise, Unbound CoT provides an extremely high level of security for most sensitive keys such as authentication, signing and encryption keys – ensuring resistance from cloning or tampering even on compromised devices.
How can CoT help?
What Makes CoT Unique?
Each Unbound CoT system is comprised of a central server (CoT server) that is installed and managed by the customer. Various endpoint devices that run CoT software (CoT library) connect to the CoT server, creating a series of pairs – where each pair consists of a single endpoint device and the CoT server. Each of the pair nodes holds one share of a key. Together, CoT software on the device and the CoT server form the secure boundary of Unbound CoT.
Applications on the device use the CoT library API for consuming cryptographic service for the keys that are managed within the library, effectively creating a virtual secure enclave on the device. All connections between CoT devices to the CoT server are protected using server authentication (TLS). Key shares are constantly refreshed, so in order to maliciously obtain key material an attacker must compromise both the device and the CoT server simultaneously.
Unbound Crypto-of-Things (CoT) Client SDK is available for multiple operating systems: iOS, Android, Linux, and Windows. CoT also integrates with the below applications and OS.