tapkey security overview - storage.googleapis.com · tapkey security overview. security by design...
TRANSCRIPT
![Page 1: Tapkey Security Overview - storage.googleapis.com · Tapkey Security Overview. SECURITY BY DESIGN APPROACH 2 → Goal: increase the effective security in practice. 3 SMARTPHONE ACCESS](https://reader034.vdocument.in/reader034/viewer/2022042318/5f07d75e7e708231d41f053b/html5/thumbnails/1.jpg)
© 2018, Tapkey GmbH
Tapkey Security Overview
![Page 2: Tapkey Security Overview - storage.googleapis.com · Tapkey Security Overview. SECURITY BY DESIGN APPROACH 2 → Goal: increase the effective security in practice. 3 SMARTPHONE ACCESS](https://reader034.vdocument.in/reader034/viewer/2022042318/5f07d75e7e708231d41f053b/html5/thumbnails/2.jpg)
SECURITY BY DESIGN APPROACH
2
→ Goal: increase the effective security in practice
![Page 3: Tapkey Security Overview - storage.googleapis.com · Tapkey Security Overview. SECURITY BY DESIGN APPROACH 2 → Goal: increase the effective security in practice. 3 SMARTPHONE ACCESS](https://reader034.vdocument.in/reader034/viewer/2022042318/5f07d75e7e708231d41f053b/html5/thumbnails/3.jpg)
3
SMARTPHONE ACCESS
![Page 4: Tapkey Security Overview - storage.googleapis.com · Tapkey Security Overview. SECURITY BY DESIGN APPROACH 2 → Goal: increase the effective security in practice. 3 SMARTPHONE ACCESS](https://reader034.vdocument.in/reader034/viewer/2022042318/5f07d75e7e708231d41f053b/html5/thumbnails/4.jpg)
4
SECURITY-FEATURES (SELECTION)
Tapkey Platform
![Page 5: Tapkey Security Overview - storage.googleapis.com · Tapkey Security Overview. SECURITY BY DESIGN APPROACH 2 → Goal: increase the effective security in practice. 3 SMARTPHONE ACCESS](https://reader034.vdocument.in/reader034/viewer/2022042318/5f07d75e7e708231d41f053b/html5/thumbnails/5.jpg)
▸ Authentication via OAuth 2.0▹ Google Account, Tapkey ID, etc.
▸ Simple user experience▹ reduced complexity = higher security
▸ Established Identity-Providers▹ high effort to protect against misuse
▸ No additional passwords!▹ Use of existing infrastructure, e.g. smartphone/fingerprint
▸ Usage of additional security features▹ 2-factor-authentication, etc.
5
DELEGATED AUTHENTICATION
![Page 6: Tapkey Security Overview - storage.googleapis.com · Tapkey Security Overview. SECURITY BY DESIGN APPROACH 2 → Goal: increase the effective security in practice. 3 SMARTPHONE ACCESS](https://reader034.vdocument.in/reader034/viewer/2022042318/5f07d75e7e708231d41f053b/html5/thumbnails/6.jpg)
6
TLCP (TAPKEY LOCK CONTROL PROTOCOL)
Tapkey Trust Service (Backend)
Smartphone/Mobile Device
Lock Device
Administrativeinformation
Lock commandsprotected by TLCP
Encrypted tunnelfor sensitive
data and commands
Cannot be seen ormodified on smartphone
(→ untrusted client)
![Page 7: Tapkey Security Overview - storage.googleapis.com · Tapkey Security Overview. SECURITY BY DESIGN APPROACH 2 → Goal: increase the effective security in practice. 3 SMARTPHONE ACCESS](https://reader034.vdocument.in/reader034/viewer/2022042318/5f07d75e7e708231d41f053b/html5/thumbnails/7.jpg)
▸ Key on smartphone protected by:▹ Individual keys for each device
▹ No reuse of keys
▹ Limited validity (expiration of keys)
▹ Usage of OS/software protection mechanisms
▹ Extensive revocation mechanisms
▸ No „need“ for TPM/Secure Element on device▹ Very limited availability/usability on existing devices
▹ Security ↔Comfort/Usability
▸ Usage of highly secure smartcards for hardware tokens
7
KEY MANAGEMENT
![Page 8: Tapkey Security Overview - storage.googleapis.com · Tapkey Security Overview. SECURITY BY DESIGN APPROACH 2 → Goal: increase the effective security in practice. 3 SMARTPHONE ACCESS](https://reader034.vdocument.in/reader034/viewer/2022042318/5f07d75e7e708231d41f053b/html5/thumbnails/8.jpg)
▸ Highly scalable and secure cloud infrastructure
▸ Hosting in data centers with high security standards
▸ Implementation of state-of-the-art protection measures against attacks
▸ Secure operational processes
▸ Monitoring for early detection of problems
8
BACKEND-INFRASTRUCTURE
![Page 9: Tapkey Security Overview - storage.googleapis.com · Tapkey Security Overview. SECURITY BY DESIGN APPROACH 2 → Goal: increase the effective security in practice. 3 SMARTPHONE ACCESS](https://reader034.vdocument.in/reader034/viewer/2022042318/5f07d75e7e708231d41f053b/html5/thumbnails/9.jpg)
▸ Partners with decades of experience in physical security
For example:
▸ DOM: ENiQ Pro (electro-mechanical door lock)
▸ Witte Automotive: automotive lock systems
9
EXPERIENCED PARTNERS
![Page 10: Tapkey Security Overview - storage.googleapis.com · Tapkey Security Overview. SECURITY BY DESIGN APPROACH 2 → Goal: increase the effective security in practice. 3 SMARTPHONE ACCESS](https://reader034.vdocument.in/reader034/viewer/2022042318/5f07d75e7e708231d41f053b/html5/thumbnails/10.jpg)
10
SECURITY-ECOSYSTEM FOR PARTNERS