We have created an article, which explains briefly the security architecture of ekey bionyx systems.
It has been written for software engineers, cybersecurity experts, and IT specialists in general, who are interested in the different layers of protection we use to protect our system.
Abstract — In this paper, we present the security concepts used
by the ekey bionyx system. First, we describe the ekey bionyx
system itself. It includes a cloud, mobile apps as well as multiple
embedded components. Then we explain why, in such a system,
multiple independent hardening layers are needed to protect
against malicious usage. They minimize single points of failure,
thus improving the overall system security. We use two layers:
The outer layer which is usually the first line of defense against
attackers, and the inner layer which is the closest to user data.
While the outer layer uses standard hardening mechanisms
like Transport Layer Security (TLS), Storage Encryption and
Secure Boot, the inner layer was designed by cryptography
experts specifically for our use case. It uses end-to-end encryption
between all the user devices, such as the ekey bionyx embedded
devices and the mobile app, preventing our cloud infrastruc-
ture from accessing critical data and functions in the user’s
system. This allows the system to maintain data integrity and
confidentiality, even if an adversary has partial access to our
cloud infrastructure.
If you are interested, reqeust it by sending a short email to psirt@ekey.net.