Integrate Phrase-Lock USB-Keys into your own app. Complex character strings such as passwords can be entered quickly and error-free. To make integration easier for you, we provide libraries for iOS and Android. With our demo apps as templates, the integration is very simple and fast. Just compile, install and get started. And if something doesn't work at first go, we will of course support you.
Phrase-Lock OEM Interface
OEM Building Blocks
Here you can see the building blocks of the Phrase-Lock USB key. Grey are those parts that are physically or technologically predefined. The blocks of the Phrase-Lock OEM interface are shown in yellow. The USB keys have a very high level of security, which is guaranteed through the consequent utilization of ECC (Elliptic Curve Cryptography). An additional session key is renegotiated via ECDH each time a connection is established. Authenticity is verified by ECDSA.
To protect the access to Bluetooth and the OEM interface, we have thought about some things. So we can guarantee that an unauthorized connection to the USB-Key is impossible. This is important because the USB-Key emulates a keyboard and only authorized persons or their devices are allowed to access it. It is almost impossible for an attacker to gain access to the computer via the USB-Key. Guaranteed!
The classic five protection goals are achieved, which are a prerequisite for safety:
Authenticity:
Only those who are in possession of the necessary certificates resp. key pairs can establish a connection to the USB-Key.
Integrity:
Each USB-Key receives its own public and private key pair during production. At the same time a corresponding key pair for the mobile phone is generated. These key pairs cannot be changed afterwards. The authenticity is checked mutually with the public key of the other communication participant (USB-Key - telephone). If the check fails, the connection is terminated.
Confidentiality:
On the USB-Key, the keys are written to a protected memory area that cannot be changed afterwards. In addition, the firmware is signed and it is checked by a security boot-loader at each startup. If the security boot-loader detects manipulation, the USB -Key will not start anymore and has to be considered as destroyed. The security boot-loader itself is also located in the protected memory area, which cannot be changed after programming without destroying the USB-Key.
Availability:
If the first three characteristics are fulfilled, availability is also given. In all other cases it is not possible to establish a connection and enter the HID interface character on the host (computer etc.).
Liability:
If the first four properties are given, an API key is required, which allows the input of characters via the HID interface after the authorized connection has been established. The API-keys are created individually for the integrators, depending on the desired license, and the functions of the USB-key are enabled accordingly.
The classic five protection goals are achieved, which are a prerequisite for safety:
Authenticity:
Only those who are in possession of the necessary certificates resp. key pairs can establish a connection to the USB-Key.
Integrity:
Each USB-Key receives its own public and private key pair during production. At the same time a corresponding key pair for the mobile phone is generated. These key pairs cannot be changed afterwards. The authenticity is checked mutually with the public key of the other communication participant (USB-Key - telephone). If the check fails, the connection is terminated.
Confidentiality:
On the USB-Key, the keys are written to a protected memory area that cannot be changed afterwards. In addition, the firmware is signed and it is checked by a security boot-loader at each startup. If the security boot-loader detects manipulation, the USB -Key will not start anymore and has to be considered as destroyed. The security boot-loader itself is also located in the protected memory area, which cannot be changed after programming without destroying the USB-Key.
Availability:
If the first three characteristics are fulfilled, availability is also given. In all other cases it is not possible to establish a connection and enter the HID interface character on the host (computer etc.).
Liability:
If the first four properties are given, an API key is required, which allows the input of characters via the HID interface after the authorized connection has been established. The API-keys are created individually for the integrators, depending on the desired license, and the functions of the USB-key are enabled accordingly.