Secure Authentication
on any BYOD

Unbound Crypto-of-Things (CoT) secures the private keys of device-centric biometric and FIDO-based authentication on insecure user-owned devices

( let’s talk )

Do You Trust Insecure Devices to Protect Authentication Keys?

New authentication methods such as biometrics and app-based second factor authentication are being promoted by FIDO and other organizations for user friendly and secure authentication. In these device-centric methods, authentication occurs over the wire using public-key cryptography. The user’s device registers the user to a server by registering a public key. To authenticate the user, the device signs a challenge from the server using the private key that it holds. The keys on the device are unlocked by a local user gesture such as a biometric verification or pressing a button.

All the bells and whistles of biometrics and other application security features are meaningless once the private key is compromised.

BYODs are inherently insecure, as they allow for potentially malicious software to be installed

Using embedded secure hardware in the device for securing the key is less effective as it’s designed according to the manufacturer’s needs and is cumbersome to develop due to device landscape fragmentation

Storing keys on insecure devices means keys may be lifted off and compromised remotely

Now You CAN Trust Insecure Devices

Unbound Crypto-of-Things (CoT) eliminates the vulnerabilities of storing private keys on any BYOD device. A simple and easy-to-use SDK seamlessly integrates with any desktop or mobile application, including FIDO-based solutions, ensuring that device authentication keys are secured by protection that is built right into the application.

CoT is mathematically proven to be immune to any malware or adversary on the endpoint device, even if the attacker has direct physical access.

Any App. Any Device

Tamper proof real-time audit log for any authentication operation

Elastic and Scalable

Infinite scalability to support any number of users and devices

Flexible Deployment

Supports various key management deployment options, including global coverage of multiple sites

Any App. Any Device

Tamper proof and clone resistant identity binding to any BYOD – immune to malware

Private Key Protection on Any Device

Below are two of the most common scenarios for using Crypto-of-Things (CoT) to secure critical device authentication keys:

In this scenario, the Unbound Crypto of Things is integrated into the endpoint application for securing the device authentication key. It can be easily integrated with any application including FIDO-based solutions.

In this scenario, the Unbound Crypto of Things is integrated into the endpoint application for securing the 2nd factor authentication key.  It can be easily integrated with any application including FIDO-based solutions. Optionally, various brute-force proof methods such as PIN/password (that are verified by the server) and native biometric authentication can be used as an additional layer of security in order to authenticate to the key.


See it in Action

Learn how Unbound’s Distributed Trust Platform can protect
authentication keys on insecure user-owned device

 ( Request a Demo )

Related Articles


Get an in-depth explanation of how Unbound uses MPC, a mathematically proven method to secure keys on any device.

( Download )


Control Your Own Keys in the Cloud (CYOK) can ensure your sensitive assets remain secure even in the event of a breach.

( Watch )


Learn how Unbound Key Control, the first secure-as-hardware key management system can protect your crypto keys anywhere.

( Download )


Learn more about how two major banks are using Unbound to reinvent data reinvent data protection in the Digital Banking age.

( Watch )