Looking to replace your password authentication by a passwordless standard solution, contact us.

Want to modernize your smartcard infrastructure without compromise, contact us.

Interested by integrating KeypMe in your IT infrastructure or product, contact us.

Keep you inform by following us or or newsletter.

Support: , (MacOS and iOS), ,

What is KeypMe solution?

KeypMe: A Comprehensive Smartcard Solution

KeypMe consists of three primary components: a smartphone application, an operating system driver, and a server.

KeypMe smartphone application can create virtual smartcards that are fully backed by the secure element within the smartphone. For enhanced security, these virtual smartcards can also be backed by a Hardware Security Module (HSM).

KeypMe supports both PIV and OpenPGP smartcard standards.

KeypMe server enables the signing of KeypMe smartcard digital certificates against your company's Public Key Infrastructure (PKI).

Leverage existing smartcard software stack

Virtual smartcards generated by KeypMe are fully compatible with existing smartcard infrastructure built into operating systems and IT infrastructure.

No additional hardware is required, and there is no need to modify your existing IT infrastructure.

As a smartcard solution, KeypMe offers passwordless authentication, digital signature capabilities, and file encryption. Moreover, it seamlessly integrates with the smartcard software stack present on your operating system, such as web browsers, email clients, and office suites.

KeypMe also extends its functionality to support smartcard-enabled digital door locks, providing a comprehensive security solution.

Smartphone app

KeypMe is designed to work seamlessly with both and smartphones, providing flexibility and accessibility for a wide range of users.

By leveraging the advanced security and biometric features built into modern smartphones, KeypMe offers a robust and convenient authentication experience.

Operating system support

KeypMe is delivered as a smartcard driver for major operating systems (OSes) including , , and . This driver enables KeypMe to leverage the existing smartcard software stack and applications already supporting smartcards, such as web browsers, email clients, and office suites. This ensures a smooth integration with your current IT infrastructure without requiring significant changes.

Easy Integration into Your IT Infrastructure

KeypMe seamlessly integrates into your existing IT infrastructure. Most major Active Directory and directory servers already support smartcards, making the implementation process straightforward.

KeypMe server is a middleware that signs smartcard digital certificates using a Public Key Infrastructure (PKI) certificate authority.

Enhanced Security with Activity Monitoring

The KeypMe server goes beyond authentication by providing activity monitoring across your IT infrastructure.

This allows you to detect unusual user credential usage patterns. By identifying such anomalies, you can proactively address potential security threats and unauthorized access attempts.

Features

Same as physical smartcard

Smartcards are defined by standardized specifications, ensuring interoperability and security. KeypMe supports both Personal Identity Verification (PIV) cards, a standard used by the United States federal government, and OpenPGP.

KeypMe smartcards offer advanced capabilities like digital signature and encryption, enhancing data security and integrity.

These cards can be used in conjunction with physical smartcards and passwords, allowing for a gradual deployment process that minimizes disruption. Users have the flexibility to choose between KeypMe smartcards and physical smartcards based on their preferences and security requirements.

In the event that a user loses or has their smartphone stolen, a temporary smartcard and reader can be provided, or password login can be temporarily enabled as a fallback option.

Similar to physical smartcards, KeypMe smartcard digital certificates are seamlessly integrated into your company's Public Key Infrastructure (PKI) and signed by the relevant Certificate Authority (CA). This ensures the authenticity and security of your smartcard-based transactions.

Better than physical smartcard

Hardware-Independent and lower costs: KeypMe eliminates the need for additional hardware, such as physical smartcards and readers and complex middleware, resulting in significant cost savings.

Reduced Loss or Theft: Smartphones are generally less likely to be lost, stolen, or forgotten compared to physical cards, providing an added layer of security.

Easy Provisioning: KeypMe offers a streamlined provisioning process, simplifying the deployment and management of smartcards.

Simplified Certificate Renewal: Renewing expired certificates is easier with KeypMe. This is particularly beneficial when using smartcards to access sensitive data, as shorter validity periods can be implemented to enhance security.

Enhanced Cryptographic Capabilities: KeypMe leverages the powerful computing capabilities of smartphones to support stronger cryptographic algorithms, ensuring robust data protection.

Simplified Updates: KeypMe's software-based nature makes it easier to update in response to security vulnerabilities, ensuring ongoing protection.

Security

Reduce or Eliminate Password Authentication: KeypMe enables you to reduce or eliminate password authentication in your IT infrastructure, enhancing security and user convenience.

Industry-Standard Security: KeypMe adheres to industry-standard security and cryptographic algorithms defined by organizations such as the US NIST. This ensures the highest level of security, comparable to the smartcards used by US federal employees and contractors.

Leverage Smartphone Secure Element: KeypMe utilizes the secure element within your smartphone, a dedicated electronic component for storing cryptographic private keys, providing enhanced security.

Enable Complex Biometric Verification: KeypMe supports complex biometric verification methods, adding an extra layer of protection against unauthorized access.

Secure PIN Entry: The KeypMe smartphone application includes a PIN keypad, preventing the risk of PIN theft from your computer.

Reduce Phishing Attacks: KeypMe enforces email signatures, ensuring the authenticity of senders and protecting users from phishing scams. Major email clients like Microsoft Outlook, Mozilla Thunderbird, Apple Mail, and Evolution already support smartcard-based email signing.

Pushing security feature limits

Hardware Security Module (HSM)

Enhanced Security: For organizations with stringent security requirements, KeypMe can leverage an enterprise Hardware Security Module (HSM) to store smartcard secrets, providing an even higher level of protection.

Tighter Control: HSMs offer tighter security control over smartcard usage, minimizing the risk of unauthorized access.

Usage Monitoring: HSMs enable real-time monitoring of smartcard usage, allowing you to detect and respond to any suspicious activity.

Support post-quantum cryptography

Quantum computing poses a significant threat to current encryption algorithms, including those used by physical smartcards.

As quantum computers become more powerful, they will be able to break these algorithms more efficiently.

To address this emerging threat, physical smartcards will need to be replaced with solutions that support post-quantum cryptography. However, post-quantum cryptographic algorithms may evolve over time as quantum computing technology advances.

KeypMe's smartcard solution offers a forward-thinking approach by leveraging the computational power of smartphones or HSMs to support post-quantum cryptography. This ensures that your organization remains protected against future quantum computing threats.

A Seamless Integration with Existing Systems

Widely Adopted Technology: Smartcards are already integrated into major directory services like Microsoft Active Directory and Open-Source Samba. Additionally, smartcard technology is a built-in feature of all major operating systems (Windows, macOS, Linux).

    Broad Application Compatibility: Many applications have native support for smartcards, eliminating the need for proprietary solutions. This includes:
  • Internet Browsers: Log in to websites that support smartcard authentication using Google Chrome, Mozilla Firefox, Microsoft Edge, or Apple Safari.
  • Email Clients: Sign emails with your smartcard using Microsoft Outlook, Mozilla Thunderbird, Apple Mail, or Evolution.
  • Office Suites: Utilize smartcards with Microsoft Office Suite or LibreOffice Suite.
  • Virtual Private Networks (VPNs): Replace passwords and One-Time Passwords (OTPs) with KeypMe smartcards in VPNs like OpenVPN, NordVPN, ExpressVPN, or Mullvad VPN.
    Building Access:
  • Beyond Computers: Smartcards are not limited to computer-based applications. They can also be used for building access control. KeypMe's compatibility with smartcard technology enables its use with digital locks.
  • Widespread Support: Many smart access door locks already support smartcard-controlled access.

Frequently Asked Questions

Can I evaluate KeypMe without migrating my entire IT infrastructure?

Yes, there is no need to migrate all user authentication to use KeypMe. Active Directory (AD) or other dircetory services almost always support smarcard authentication in addition to password authentication.

Because KeypMe smartcard is fully compatible with smartcard, integrating KeypMe solution is similar as integrating smartcard into your IT infrastructure. KeypMe smartcard can be used in addition to password and physical smartcard.

What the difference between physical smartcard and KeypMe smartcard?

  • Physical smartcard in addition to be a physical card that the user needs to not lose or forget also requires a smartcard reader.
  • KeypMe smartcard is fully compatible with physical smartcard.

Does KeypMe require a server?

No, KeypMe smartphone application can create self-signed smartcard. Self-signed smartcards are smartcards containing digital certificates that have not been signed by a PKI.

KeypMe server is used to provision smartcards against the PKI, manages Active Directory users, groups, and computers, and monitors their activities.

How much does it cost?

The price is still to be defined. But it will be highly competitive with KeypMe alternatives:

  • physical smartcard solution that also requires smartcard reader cost and non negligible smartcard middleware cost.
  • proprietary authentication software solutions

Compare FIDO2/FIDO Passkey and KeypMe Smartcard.

FIDO2 / FIDO Passkey and smartcard both enable passwordless authentication.

KeypMe smartcard as running on the smartphone can enable more complex biometric authentication as FIDO device. For instance, KeypMe could take advantage of the smartphone builtin fingerprint and face recognition capability but also third-party biometric solutions (voice recognition, etc).

FIDO Passkey does not support digital signature and encryption while smartcards (and automatically KeypMe smartcard) do.

How KeypMe smartphone application is communicating with the computer?

KeypMe smartphone application supports BLE (Bluetooth Low Energy), NFC (only with Android application at the moment because Apple limits NFC usage to iOS application) and Internet connectivity.

Does it work offline?

Yes, KeypMe can work offline without Internet connectivity.

Can KeypMe support other smartcard applications as PIV and OpenPGP?

Yes, support for additional smartcard applications can be added. Contact us to know more about it.

CAC (Common Access Card) smartcard is planned in the roadmap.

About

Who We Are

Expert & Consulting for Firmware and Low-Level Development

Labapart UG, parent company of KeypMe, comprises firmware experts with years of direct professional experience of the key challenges in this area. Having work with different processor architectures and vendor development kits, we can offer a high degree of adaptability, as well as plenty of feedback on the chosen solution.

  • ARM Firmware development & consulting (ARM Cortex-A and Cortex-M)
  • Software security development & consulting (OpenSSL, MbedTLS, ISO7817-4, OpenPGP, PKCS#15)
  • Device Driver development (PCI Device, SATA, Ethernet, USB Host & Device)
  • Connectivity development (TCP/IP, BLE, NFC)
  • End-to-End Design of Electronic Product: We have designed electronic boards with a various range of MCU Vendors (eg: NXP LPC, Freescale Kinetis, Nordic Semiconductor) and also various technologies including USB, NFC, Bluetooth-Low-Energy.
  • Open-Source contributor: We are strong believers into the Open-Source movement. We submit regular contributions to various Open Source projects.
Read More

Partners

If you see some joined opportunities between your company and KeypMe solution then do not hesitate to contact us for further discussions!

The partnership could materialize itself by a demo video, blog post, case study, whitepaper or even a strategic partnership.

Examples of potential collaborations:

  • Integration of KeypMe solution with an identity provider solution
  • Integration of your HSM product with KeypMe
  • Demonstration of KeypMe with your door access control
  • OpenPGP application with KeypMe OpenPGP smartcard
Contact Us

Contact

Newsletter

Subscribe to our newsletter and receive the latest news about our products and services!