Take your business
passwordless
Remove sensitive
personal data and biometrics from databases.
Eliminate phishing and account takeovers.
Meet all digital identity related compliance laws.
Prevent
man-in-the-middle attacks.
Avoid
credential stuffing.
Resist
keyloggers.
KEY RECOVERY & BUSINESS CONTINUITY
Self-service recovery of lost or damaged KeyVaults.
Crayonic KeyVault uses combination of biometrics and cryptography to securely backup and recover its content into enterprise HSM solution.
INTEGRATION & COMPATIBILITY
Leverage existing infrastructure based on:
Microsoft Active Directory and/or Single-Sign-On solutions such as Okta, KeyCloak, ForgeRock, SailPoint, and others that support the FIDO standard.
Utilize secure mobile devices based on Android and iOS for less sensitive access with Crayonic KeyVault mobile app only.
SWITCH FROM LEGACY CREDENTIALS WITHOUT DISRUPTION
Supporting a variety of legacy authentication methods that you may already have deployed such as OATH HOTP/TOTP, PGP, PIV, and Smart Cards.
Custom OTP schemes available per-request.
Secure legacy passwords with Bitwarden compatible KeyVault integration for securing remaining passwords.
PLUG & PLAY USER EXPERIENCE
The user’s PC or mobile device connects to Crayonic KeyVault™ via USB, Bluetooth, or NFC.
Supporting open standards FIDO2, FIDO U2F, and W3C WebAuthn makes KeyVault fully compatible with all major platforms. No need to install additional software on Windows 10, macOS, Linux, Android, iOS.
Windows 10 comes with inbox FIDO2 and PIV drivers and it even contains a basic GUI for security token management. The end-user experience with Crayonic KeyVault™ thus really is plug-and-play.
STEP-UP AUTHENTICATION
The administrator can combine and configure multiple authentication factors of Crayonic KeyVault™. The security policy determines necessary steps to unlock credentials with high assurance requirements.
-
PIN code
-
Fingerprint recognition
-
Handwriting recognition – digits or signature (optional)
-
Voice recognition – digits or passphrase (optional)
A TRUE VAULT FOR ALL KEYS
In addition to authentication use cases, Crayonic KeyVault™ enables users to
-
unlock BitLocker-encrypted data drives with biometrics
-
use KeyVault as a secure USB flash drive and safeguard sensitive files with transparent data encryption and biometric authentication
-
securely store legacy passwords directly on KeyVault and let it type them for you
COMPATIBLE WITH PIV-BASED PKI
Crayonic KeyVault™ also emulates a PIV-compliant smart card, providing compatibility with existing on-premise Active Directory deployments and PKI infrastructure.
Users can use the KeyVault with their fingerprint or PIN to securely login to Windows workstations, Remote Desktop, VDI, VPN, Wi-Fi, 802.1X, and intranet web applications.
Through the Crayonic Gateway, it is possible to integrate FIDO2 authentication with Active Directory Federation Services or directly with any enterprise application that supports SAML, WS-Trust, OpenID Connect, or OAuth.
SMALL DEVICE, HUGE POTENTIAL
Crayonic KeyVault™ is a truly versatile security device. Its many use cases also include:
-
Physical access control (NFC)
-
Follow-Me printing (NFC)
-
Generating one-time passwords compatible with OATH (TOTP / HOTP)
-
Offline cryptocurrency wallet protected by multiple biometric factors and Proof-Of-Free-Will™
-
OpenPGP encryption and authentication.
-
Signing of electronic documents with a qualified electronic signature according to eIDAS.