StrongKey Makes Breaches Irrelevant.
Stop using passwords and shared secrets to authenticate your users. Our FIDO2-certified server and built-in strong authentication protocols will keep out unauthorized access and help prevent phishing attacks.
What is strong authentication?
Strong authentication is generated by providing at least two of the following before passing authentication:
- Something you know (traditional password or username)
- Something you have (like a FIDO device)
- Something you are (biometrics, like a fingerprint, retina, voice, or facial imprint)
Using Public Key Infrastructure (PKI), a system of generating “public” cryptographic keys for the purpose of strong authentication, users combine a word (name or password) with a device bearing a unique cryptographic “private” key to log in. PKI takes that private key and combines it with a public cryptographic key to create a unique “key pair” that then is used to create a unique session for the logged-in user. If a third party knows your password, they must have the key; if they have only the key, they must know the password. Biometrics takes FIDO authentication a step further, using fingerprints or other difficult-to-duplicate traits and removing passwords entirely. Strong authentication makes use of at least two of the three factors bulleted above.
What do we provide?
Our strong authentication protocols enable you to use FIDO2—a simpler and more secure user authentication experience across websites and mobile services. FIDO2 reduces and can eliminate the reliance on user IDs and passwords to provide a single gesture (e.g., fingerprint) to login to different services.
FIDO2 protects against phishing, man-in-the-middle, and replay attacks that use stolen passwords, via the following standards:
- Keys and biometrics never leave the authenticating device
- There are no server-side shared secrets to steal
- Each account login has its own key to prevent linkability between services or accounts
Targeted Data Encryption
Encrypting data is critical—especially where it counts. StrongKey believes in encrypting data at the core: the application layer. This helps keeps data safe, even with an attacker on the network.
What is data encryption?
Encryption is when information is scrambled beyond recognition; decryption is the reversal of encryption, taking scrambled information and restoring it to its original state. Examples of encryption include:
- Tokenization (replacing a piece of information with a random number or “token”)
- File encryption (disguising an entire file using encryption)
- TLS/SSL encryption (securing data transfers)
If data is encrypted or decrypted in any part of the system (hard disk, operating system, database, etc.) other than the business application using that data, significant residual risks remain despite the encryption. An attacker need only compromise a software layer above the encrypting layer to see unencrypted (plaintext) data. Since the application layer is the highest layer in the technology stack, this makes it the most logical place to protect sensitive data as it affords the attacker the smallest target. This also ensures that, once data leaves the application layer, it is protected no matter where it goes (and conversely, must come back to the application layer to be decrypted).
What do we provide?
We believe that the only way to keep data truly secure is by protecting the data first when it is most vulnerable. This goes beyond standard SSL and database encryption to actually encrypt data or files within the application that accesses them and continues through the rest of the digital ecosystem, thus preventing an attacker from breaching a network and gaining access to mass volumes of data within a database. To do this, we provide simple to use REST and SOAP web services to allow easy application integration with our secure encryption appliance, the Tellaro.
Verifiable Digital Signatures
Be sure that the data, transaction, or file you are receiving hasn’t been tampered with.
What are digital signatures?
Digital signatures provide a method of verifying the confidentiality, authenticity, and integrity of a message. Digital signatures allow the creator of the message to attach a signature generated using encryption keys, which can later be verified by the receiver, who has their own keys that will unlock and verify the signed message, not unlike signing for a delivery when a package arrives on one’s doorstep. They provide benefits such as:
- Tamper-evident safeguard
- File authenticity
- Sender verification
What do we provide?
To create a comprehensive data security strategy, companies must implement digital signatures for user transactions and stored database records.
We utilize transaction digital signatures using FIDO2-based protocols (one of the strongest risk-mitigation controls) to ensure only authorized users are capable of modifying previously stored data. Similarly, transactions stored in databases must be additionally secured using digital signatures generated by the applications themselves.
Only when the signature is successfully verified can the application be sure it is using the same data it stored previously, thus ensuring trustworthiness.
Hardware-Based Key Management
Provide the generation, exchange, storage, use, crypto-shredding (destruction), and replacement of encryption keys in the most secure form possible—housed in an appliance within your control.
What is key management?
Key management schemes divide keys into a group where a certain subset of all keys must be present before the core cryptography can be altered. If you have, for example, five key custodians with master keys, and three locks must be turned before the door will open, this is called a K of N (in this case 3 of 5) or M of N key management scheme. K of N key management schemes helps prevent collusion among key custodians. In the odd case where a key custodian cannot use their key (lost, stolen, destroyed, eaten by the dog, etc.), tamper-evident envelopes with duplicate keys are kept in fireproof, gated storage for redundancy. Periodic changing of these keys, called key rotation, can further diminish the potential of being compromised.
What do we provide?
We provide a scalable and affordable platform, each appliance capable of managing billions of sensitive data objects using secure key storage and management within each appliance’s standard Trusted Platform Module (TPM) or optional Hardware Security Module (HSM) cryptoprocessor—each of which provides hardware-based secure key storage in a physically tamper-proof package.
Using hardware for key management is the most secure way to protect your data—ensuring that cryptographic keys are generated, stored, and used securely on FIPS-certified devices that provide true random number generation.