Do You Allow Trusted Transactions from Any User-Owned Device?
The crypto layer is the foundation upon which the security architecture is built, so how do we protect the crypto layer when devices that perform critical functions such as payment and authentication fall outside the boundaries of our infrastructure? Bring-your-own-devices (BYOD) are inherently insecure with open operating systems that are constantly connected, and have the potential to be infected by malware or compromised by a rogue actor. As a response, classic endpoint key typically relies on a choice between:
Dedicated External Hardware which causes frustration and hassle to both the users who carry them as well as the provisioning teams who procure and ship them at high costs.
Embedded Hardware, i.e. Secure Elements which means developing for different security postures of elements that are tailored to the needs of the device, not the app
Securing keys for endpoint transactions shouldn’t mean choosing between hardware’s inconvenient security or a BYO device’s insecure convenience.
Secure Apps Everywhere for Excellent User Experience Anywhere
Unbound Crypto-of-Things (CoT) ensures that your apps are secure regardless of the security posture of the device on which they’re deployed. A unified, single API is used to deploy a virtual root of trust across all devices that protect crypto keys at the application level, ensuring they cannot be compromised, cloned or tampered even if the device is infected by malware or controlled by an adversary.
Now users don’t have to jump through hoops to carry out high trust operations like document signing, payments, blockchain transactions and authentication from the devices they already own. With Unbound, enterprises can trust insecure BYODs to perform even the most sensitive of operations, giving their users a friction-free experience without any compromise of security.
A virtual root of trust (RoT) that manages crypto for any use case
Hardware-grade security on any BYOD
Centralized management and tamper-proof, real time auditing
Protect keys with additional authentication: biometrics, PIN, password
Apps are secure anywhere, on any device
See how it works:
SIGNING DIGITAL TRANSACTIONS ON MOBILE APPLICATIONS
- A transaction requires a digital signature
- Optional: User authorizes the signing using Touch ID / Swipe Pattern / PIN / Other
- The app is using the Unbound CoT SDK to sign the data with the two key shares (one shares from the device and one share from the CoT server). The shares are NEVER combined at all times, including during key generation and during the signing operation.
- The app sends the signature to the application server
ENCRYPTING DATA STORED ON MOBILE DEVICE
- User receives encrypted data from the application server that needs to be decrypted
- Optional: User authorizes the decryption using Touch ID / Swipe Pattern / PIN / Other
- The app using the Unbound CoT SDK to decrypt the data with the two key shares (one part from the device and one share from the CoT server). The shares are NEVER combined at all times, not even during key generation and during the decryption operation.