Do You Trust Insecure Devices to Protect Authentication Keys?
New authentication methods such as biometrics and app-based second factor authentication are being promoted by FIDO and other organizations for user friendly and secure authentication. In these device-centric methods, authentication occurs over the wire using public-key cryptography. The user’s device registers the user to a server by registering a public key. To authenticate the user, the device signs a challenge from the server using the private key that it holds. The keys on the device are unlocked by a local user gesture such as a biometric verification or pressing a button.
All the bells and whistles of biometrics and other application security features are meaningless once the private key is compromised.
BYODs are inherently insecure, as they allow for potentially malicious software to be installed
Using embedded secure hardware in the device for securing the key is less effective as it’s designed according to the manufacturer’s needs and is cumbersome to develop due to device landscape fragmentation
Storing keys on insecure devices means keys may be lifted off and compromised remotely
Now You CAN Trust Insecure Devices
Unbound Crypto-of-Things (CoT) eliminates the vulnerabilities of storing private keys on any BYOD device. A simple and easy-to-use SDK seamlessly integrates with any desktop or mobile application, including FIDO-based solutions, ensuring that device authentication keys are secured by protection that is built right into the application.
CoT is mathematically proven to be immune to any malware or adversary on the endpoint device, even if the attacker has direct physical access.
Any App. Any Device
Tamper proof real-time audit log for any authentication operation
Elastic and Scalable
Infinite scalability to support any number of users and devices
Supports various key management deployment options, including global coverage of multiple sites
Any App. Any Device
Tamper proof and clone resistant identity binding to any BYOD – immune to malware
Private Key Protection on Any Device
Below are two of the most common scenarios for using Crypto-of-Things (CoT) to secure critical device authentication keys:
In this scenario, the Unbound Crypto of Things is integrated into the endpoint application for securing the device authentication key. It can be easily integrated with any application including FIDO-based solutions.
In this scenario, the Unbound Crypto of Things is integrated into the endpoint application for securing the 2nd factor authentication key. It can be easily integrated with any application including FIDO-based solutions. Optionally, various brute-force proof methods such as PIN/password (that are verified by the server) and native biometric authentication can be used as an additional layer of security in order to authenticate to the key.
Get an in-depth explanation of how Unbound uses MPC, a mathematically proven method to secure keys on any device.
How to Go Beyond BYOK with CYOK
Control Your Own Keys in the Cloud (CYOK) can ensure your sensitive assets remain secure even in the event of a breach.
Unbound Key Control
Learn how Unbound Key Control, the first secure-as-hardware key management system can protect your crypto keys anywhere.