KeypMe - Your Phone is your Smartcard

Have you switched to using your for payments instead of a bank ?

Why not upgrading your embarassing password authentication by KeypMe smartcard?

KeypMe smartcard solution is a full compatible smartcard but instead of carrying it in your wallet, it's integrated into your smartphone.

Requires no additional hardware and does not necessitate changes to your existing IT infrastructure.

(KeypMe) Smartcard Passwordless and reduce phishing attacks

While weak password can easily be compromised by modern computers, smartcard keys are virtually impossible to brute force.

No need for users to periodically change their passwords.

Smartcards reduce phishing attacks by digitally signing emails to authenticate sender.

Easy Deployment and User-Friendly Experience

KeypMe's smartcard solution requires minimal IT infrastructure changes, as it primarily consists of a smartphone app and an operating system driver. This ensures a seamless integration into your existing systems.

KeypMe smartcards can be used in conjunction with traditional passwords and physical smartcards.

Quick and efficient process for creating and provisioning smartcards.

(KeypMe) Smartcard: Driving Innovation in Your IT Infrastructure

Beyond authentication, smartcards offer a range of capabilities, including digital document signing and file encryption.

Smartcards could replace office door access card for better security.

For VPN connections, Smartcards offer a robust solution compared to the combination of password and OTP.

KeypMe smartcard vs smartcard

Reduce cost of managing and deploying smartcard readers and physical smartcard.

The risk of lost, forgotten, or stolen company smartcards is virtually eliminated, as people are less likely to misplace their smartphones.

Enable stronger cryptography algorithms (higher computing power of the smartphone vs smartcard chip).

Enable HSM (Hardware Secure Module) to provide a highly secure vault for user private keys.

Enable smartcard tracking and monitoring to enhance security and compliance.

Are you prepared for the quantum computing security threat?

Quantum computing will allow to break faster current encryption algorithm supported by physical smartcards.

Physical smartcards will require to be replaced for post-quantum cryptography.

Post-quantum cryptography will probably be updated with the evolution of quatum computing.

KeypMe smartcard is the solution to post-quantum cryptography by leveraging smartphone computational power or HSM.

Looking to replace your password authentication by a passwordless standard solution, contact us.

Want to modernize your smartcard infrastructure without compromise, contact us.

Interested by integrating KeypMe in your IT infrastructure or product, contact us.

Keep you inform by following us or or newsletter.

Support: , (MacOS and iOS), ,

What is KeypMe solution?

KeypMe: A Comprehensive Smartcard Solution

KeypMe consists of three primary components: a smartphone application, an operating system driver, and a server.

KeypMe smartphone application can create virtual smartcards that are fully backed by the secure element within the smartphone. For enhanced security, these virtual smartcards can also be backed by a Hardware Security Module (HSM).

KeypMe supports both PIV and OpenPGP smartcard standards.

KeypMe server enables the signing of KeypMe smartcard digital certificates against your company's Public Key Infrastructure (PKI).

Leverage existing smartcard software stack

Virtual smartcards generated by KeypMe are fully compatible with existing smartcard infrastructure built into operating systems and IT infrastructure.

No additional hardware is required, and there is no need to modify your existing IT infrastructure.

As a smartcard solution, KeypMe offers passwordless authentication, digital signature capabilities, and file encryption. Moreover, it seamlessly integrates with the smartcard software stack present on your operating system, such as web browsers, email clients, and office suites.

KeypMe also extends its functionality to support smartcard-enabled digital door locks, providing a comprehensive security solution.

Smartphone app

KeypMe is designed to work seamlessly with both and smartphones, providing flexibility and accessibility for a wide range of users.

By leveraging the advanced security and biometric features built into modern smartphones, KeypMe offers a robust and convenient authentication experience.

Operating system support

KeypMe is delivered as a smartcard driver for major operating systems (OSes) including , , and . This driver enables KeypMe to leverage the existing smartcard software stack and applications already supporting smartcards, such as web browsers, email clients, and office suites. This ensures a smooth integration with your current IT infrastructure without requiring significant changes.

Easy Integration into Your IT Infrastructure

KeypMe seamlessly integrates into your existing IT infrastructure. Most major Active Directory and directory servers already support smartcards, making the implementation process straightforward.

KeypMe server is a middleware that signs smartcard digital certificates using a Public Key Infrastructure (PKI) certificate authority.

Enhanced Security with Activity Monitoring

The KeypMe server goes beyond authentication by providing activity monitoring across your IT infrastructure.

This allows you to detect unusual user credential usage patterns. By identifying such anomalies, you can proactively address potential security threats and unauthorized access attempts.

Features

Same as physical smartcard

Smartcards are defined by standardized specifications, ensuring interoperability and security. KeypMe supports both Personal Identity Verification (PIV) cards, a standard used by the United States federal government, and OpenPGP.

KeypMe smartcards offer advanced capabilities like digital signature and encryption, enhancing data security and integrity.

These cards can be used in conjunction with physical smartcards and passwords, allowing for a gradual deployment process that minimizes disruption. Users have the flexibility to choose between KeypMe smartcards and physical smartcards based on their preferences and security requirements.

In the event that a user loses or has their smartphone stolen, a temporary smartcard and reader can be provided, or password login can be temporarily enabled as a fallback option.

Similar to physical smartcards, KeypMe smartcard digital certificates are seamlessly integrated into your company's Public Key Infrastructure (PKI) and signed by the relevant Certificate Authority (CA). This ensures the authenticity and security of your smartcard-based transactions.

Better than physical smartcard

Hardware-Independent and lower costs: KeypMe eliminates the need for additional hardware, such as physical smartcards and readers and complex middleware, resulting in significant cost savings.

Reduced Loss or Theft: Smartphones are generally less likely to be lost, stolen, or forgotten compared to physical cards, providing an added layer of security.

Easy Provisioning: KeypMe offers a streamlined provisioning process, simplifying the deployment and management of smartcards.

Simplified Certificate Renewal: Renewing expired certificates is easier with KeypMe. This is particularly beneficial when using smartcards to access sensitive data, as shorter validity periods can be implemented to enhance security.

Enhanced Cryptographic Capabilities: KeypMe leverages the powerful computing capabilities of smartphones to support stronger cryptographic algorithms, ensuring robust data protection.

Simplified Updates: KeypMe's software-based nature makes it easier to update in response to security vulnerabilities, ensuring ongoing protection.

Security

Reduce or Eliminate Password Authentication: KeypMe enables you to reduce or eliminate password authentication in your IT infrastructure, enhancing security and user convenience.

Industry-Standard Security: KeypMe adheres to industry-standard security and cryptographic algorithms defined by organizations such as the US NIST. This ensures the highest level of security, comparable to the smartcards used by US federal employees and contractors.

Leverage Smartphone Secure Element: KeypMe utilizes the secure element within your smartphone, a dedicated electronic component for storing cryptographic private keys, providing enhanced security.

Enable Complex Biometric Verification: KeypMe supports complex biometric verification methods, adding an extra layer of protection against unauthorized access.

Secure PIN Entry: The KeypMe smartphone application includes a PIN keypad, preventing the risk of PIN theft from your computer.

Reduce Phishing Attacks: KeypMe enforces email signatures, ensuring the authenticity of senders and protecting users from phishing scams. Major email clients like Microsoft Outlook, Mozilla Thunderbird, Apple Mail, and Evolution already support smartcard-based email signing.

Pushing security feature limits

Hardware Security Module (HSM)

Enhanced Security: For organizations with stringent security requirements, KeypMe can leverage an enterprise Hardware Security Module (HSM) to store smartcard secrets, providing an even higher level of protection.

Tighter Control: HSMs offer tighter security control over smartcard usage, minimizing the risk of unauthorized access.

Usage Monitoring: HSMs enable real-time monitoring of smartcard usage, allowing you to detect and respond to any suspicious activity.

Support post-quantum cryptography

Quantum computing poses a significant threat to current encryption algorithms, including those used by physical smartcards.

As quantum computers become more powerful, they will be able to break these algorithms more efficiently.

To address this emerging threat, physical smartcards will need to be replaced with solutions that support post-quantum cryptography. However, post-quantum cryptographic algorithms may evolve over time as quantum computing technology advances.

KeypMe's smartcard solution offers a forward-thinking approach by leveraging the computational power of smartphones or HSMs to support post-quantum cryptography. This ensures that your organization remains protected against future quantum computing threats.

A Seamless Integration with Existing Systems

Widely Adopted Technology: Smartcards are already integrated into major directory services like Microsoft Active Directory and Open-Source Samba. Additionally, smartcard technology is a built-in feature of all major operating systems (Windows, macOS, Linux).

Broad Application Compatibility:

Internet Browsers: Log in to websites that support smartcard authentication using Google Chrome, Mozilla Firefox, Microsoft Edge, or Apple Safari.
Email Clients: Sign emails with your smartcard using Microsoft Outlook, Mozilla Thunderbird, Apple Mail, or Evolution.
Office Suites: Utilize smartcards with Microsoft Office Suite or LibreOffice Suite.
Virtual Private Networks (VPNs): Replace passwords and One-Time Passwords (OTPs) with KeypMe smartcards in VPNs like OpenVPN, NordVPN, ExpressVPN, or Mullvad VPN.

Building Access:

Beyond Computers: Smartcards are not limited to computer-based applications. They can also be used for building access control. KeypMe's compatibility with smartcard technology enables its use with digital locks.
Widespread Support: Many smart access door locks already support smartcard-controlled access.

Frequently Asked Questions

Can I evaluate KeypMe without migrating my entire IT infrastructure?

Yes, there is no need to migrate all user authentication to use KeypMe. Active Directory (AD) or other dircetory services almost always support smarcard authentication in addition to password authentication.

Because KeypMe smartcard is fully compatible with smartcard, integrating KeypMe solution is similar as integrating smartcard into your IT infrastructure. KeypMe smartcard can be used in addition to password and physical smartcard.

What the difference between physical smartcard and KeypMe smartcard?

Physical smartcard in addition to be a physical card that the user needs to not lose or forget also requires a smartcard reader.
KeypMe smartcard is fully compatible with physical smartcard.

Does KeypMe require a server?

No, KeypMe smartphone application can create self-signed smartcard. Self-signed smartcards are smartcards containing digital certificates that have not been signed by a PKI.

KeypMe server is used to provision smartcards against the PKI, manages Active Directory users, groups, and computers, and monitors their activities.

How much does it cost?

The price is still to be defined. But it will be highly competitive with KeypMe alternatives:

physical smartcard solution that also requires smartcard reader cost and non negligible smartcard middleware cost.
proprietary authentication software solutions

Compare FIDO2/FIDO Passkey and KeypMe Smartcard.

FIDO2 / FIDO Passkey and smartcard both enable passwordless authentication.

KeypMe smartcard as running on the smartphone can enable more complex biometric authentication as FIDO device. For instance, KeypMe could take advantage of the smartphone builtin fingerprint and face recognition capability but also third-party biometric solutions (voice recognition, etc).

FIDO Passkey does not support digital signature and encryption while smartcards (and automatically KeypMe smartcard) do.

How KeypMe smartphone application is communicating with the computer?

KeypMe smartphone application supports BLE (Bluetooth Low Energy), NFC (only with Android application at the moment because Apple limits NFC usage to iOS application) and Internet connectivity.

Does it work offline?

Yes, KeypMe can work offline without Internet connectivity.

Can KeypMe support other smartcard applications as PIV and OpenPGP?

Yes, support for additional smartcard applications can be added. Contact us to know more about it.

CAC (Common Access Card) smartcard is planned in the roadmap.

About

Who We Are

Expert & Consulting for Firmware and Low-Level Development

Labapart UG, parent company of KeypMe, comprises firmware experts with years of direct professional experience of the key challenges in this area. Having work with different processor architectures and vendor development kits, we can offer a high degree of adaptability, as well as plenty of feedback on the chosen solution.

ARM Firmware development & consulting (ARM Cortex-A and Cortex-M)
Software security development & consulting (OpenSSL, MbedTLS, ISO7817-4, OpenPGP, PKCS#15)
Device Driver development (PCI Device, SATA, Ethernet, USB Host & Device)
Connectivity development (TCP/IP, BLE, NFC)
End-to-End Design of Electronic Product: We have designed electronic boards with a various range of MCU Vendors (eg: NXP LPC, Freescale Kinetis, Nordic Semiconductor) and also various technologies including USB, NFC, Bluetooth-Low-Energy.
Open-Source contributor: We are strong believers into the Open-Source movement. We submit regular contributions to various Open Source projects.

Partners

If you see some joined opportunities between your company and KeypMe solution then do not hesitate to contact us for further discussions!

The partnership could materialize itself by a demo video, blog post, case study, whitepaper or even a strategic partnership.

Examples of potential collaborations:

Integration of KeypMe solution with an identity provider solution
Integration of your HSM product with KeypMe
Demonstration of KeypMe with your door access control
OpenPGP application with KeypMe OpenPGP smartcard