Usability Security Privacy

Usability, privacy, and security constitute the Crayonic competitive advantage, and are infused into the core features of our products by design:

Adaptive decentralized authentication

enables the appropriate level of authentication within the Crayonic KeyVault device itself. For example,  a simple touch with the correct fingerprint can unlock your PC without any additional passwords, however high-value bank or cryptocurrency transactions require KeyVault to trigger an additional proof of your identity i.e. your unique spoken or handwritten PIN code. Note the critical distinction that the voice and the handwriting are both unique to the KeyVault owner and govern identification as the device is continuously learning these traits.

Maximum on-device key security 

means no unauthorized access to the keys. Even in case the owner is present and may be forced to provide access against their will.  Our custom machine learning algorithms optimized for embedded devices enable the proof-of-free-will approach to authenticate the true KeyVault owner for all of their really important transactions.  Without the owner's presence, any access to the keys stored on the KeyVault device would be beyond hard since it would require breaking the Common Criteria certified secure element.

Key loss protection 

is convenient if the KeyVault is lost or damaged. As the KeyVault owner, you can sign up for Crayonic's key restoration service option. If enabled, the keys can be recovered using what is known as the secure multi-party computation.  This feature will require proving your identity to multiple trusted parties either in person or over a live online interview.   This multiple trusted party authentication then provides the parts of the solution required to regenerate all of your keys and secrets stored on the KeyVault.

Privacy by design 

is accomplished through password-less authentication to remote systems supporting FIDO WebAuthn protocol, and does not require the release of sensitive information or your authentication credentials (i.e., biometrics, PIN, etc.)  The KeyVault proves your true identity by using only a digital signature uniquely assigned to each remote service.

Compatibility & Reliability

Just like you never have to think twice if your house keys will unlock your door, you will never have to worry if the KeyVault will unlock your digital worlds. Crayonic KeyVault supports all common physical connections (USB, NFC, Bluetooth) and common protocols such as FIDO2,  PIV,  BTC/ETH signatures, eIDAS PAdES, PKCS#15, secure mass storage, legacy TOTP/HOTP support, etc.

The following solutions are compatible out-of-the-box with Crayonic KeyVault for authentication: Fidoalliance.org/members

Security-Related Certifications 

Crayonic KeyVault is currently in the pre-production phase and will soon enter certification procedures for FIDO2 and eIDAS QSCD.

© 2020 by Crayonic