Overview of the KryptPass solution
KryptPass (formerly known as FYEO Identity) is a password management and endpoint protection solution that is patent pending and has been constructed to provide secure identity management through a distributed password manager. It utilizes a sophisticated private-public key encryption to derive passwords from a user's private key. In this overview, we outline the key functional elements of this currently deployed solution, which comprises secure key generation, key unlocking, key sharing, credential synchronization, and management of existing password credentials.
Functional Components of the KryptPass Solution
Secure key and password generation
KryptPass provides a robust key generation mechanism that prioritizes the privacy and security of user data.
Operational Generation: The system generates a unique cryptographic key pair for each user, either as a new user or when a user elects to renew their keys. It employs well-regarded cryptographic algorithms to assure resistance against cryptographic attacks. (Curve DS25519)
Ensured Privacy: The user's private key is always securely located on the user's device and does not leave the device, eliminating any third-party access.
Secure Backup Option: The system incorporates a secure backup mechanism to recover the private key in the event of device loss or compromise, maintaining key confidentiality. (E.g mnemonic and encrypted seed via QR code)
Key Unlock Functionality
The KryptPass solution provides a secure and user-friendly method for unlocking the user's private key.
Reliable Authentication: The solution employs strong, user-friendly authentication methods, such as biometrics, device-based authentication, and traditional passwords, to prevent unauthorized key access to the users keys.
Effective Authorization: The system effectively manages permissions for key access, ensuring only authorized applications and services can utilize the private key.
Password derived authentication
The KryptPass solution uses the end user's private key together with metadata about the username and the site visited to generate an authentication key or passkey to be used as a password. This key is then transposed into the valid space for the password requirements for the site visited
Key sharing capabilities
Key sharing, a vital component of KryptPass, permits the private key to be safely transferred between the user's devices.
Safe Transfer: The system provides a secure transfer mechanism, through QR code scanning, for moving the private key among user devices without compromising confidentiality.
Multi-device Compatibility: The system supports secure private key transfers across various device types and operating systems.
Synchronization of credentials across devices
KryptPass incorporates an advanced system for synchronizing credentials seamlessly across a user’s devices, leveraging the peer-to-peer (P2P) capabilities of WebRTC and a signaling server for secure and efficient data transfer. This method ensures that metadata and encrypted legacy passwords are shared directly between devices owned by the end user, minimizing points of vulnerability.
Peer-to-Peer Secure Synchronization: Utilizing WebRTC's P2P communication framework, KryptPass enables data to flow directly between users' devices, bypassing the need for intermediate servers after the initial connection setup. This direct transfer method significantly enhances privacy and security, as it reduces the risk of data interception by eliminating unnecessary middle points. Moreover, WebRTC's inherent support for end-to-end encryption (E2EE) across all data streams ensures that the contents remain confidential and tamper-proof from sender to receiver.
Encryption with WebRTC: Every piece of data synchronized via KryptPass, is encrypted using the Datagram Transport Layer Security (DTLS) protocol, a cornerstone of WebRTC's security architecture. This protocol guarantees that even if data packets are intercepted during transmission, they remain indecipherable to unauthorized parties. Additionally, for any content, the Secure Real-time Transport Protocol (SRTP) further safeguards the integrity and confidentiality of communication.
Securing the Setup and Confirming Identities: In WebRTC, while the transmission of media is thoroughly safeguarded, WebRTC secures media transmissions, but establishing P2P connections requires a secure signaling process. KryptPass enhances this with an added layer of security, using public keys for the authentication of connection details. This not only strengthens protection against interceptions and man-in-the-middle attacks but also ensures that communications are securely authenticated, bolstering the overall security framework.
Seamless Automatic Updating: KryptPass implements an auto-sync feature that enables users to have their credential changes automatically reflected across all connected devices. This instant synchronization ensures that users have access to their updated credentials no matter which device they choose to use, providing both convenience and enhanced security by keeping all credentials current and consistent.
By integrating WebRTC’s peer-to-peer communication and public private key based message signing and well known encryption protocols, KryptPass not only ensures the secure and efficient synchronization of user credentials across devices but also upholds the highest standards of user privacy and data protection in the process.
Handling of Existing Password Credentials
The system facilitates the efficient management of existing password credentials while maintaining a user-friendly experience.
Import/Export Features: The solution supports the secure and user-friendly import and export of existing password credentials from other password managers or browsers.
Auto-fill Facility: The solution has an auto-fill feature that recognizes sites and applications, automatically filling in usernames and passwords to reduce the risk of phishing attacks.
Update and Deletion Ease: The system offers a straightforward process for users to update or delete their password credentials when necessary.
Re-encryption of legacy passwords. The imported legacy passwords are encrypted with a salted key derived from the user's master seed.
Auxiliary offerings
KryptPass also comprises secondary services offerings powered by the FYEO Dark API services.
Sites API
The sites API is responsible for finding out where and how users fill in the login forms for various sites and sources. The site's API is available through an API endpoint and is hosted on an AWS API gateway. From this endpoint the extension gets information of how the user can change a password.
Leaked credentials and leaked phone numbers API
The KryptPass Solution accesses FYEO Dark’s impressive dark web leaked credential database, encompassing over 28 billion leaked credentials, passwords, and phone numbers, placing FYEO at the forefront of cybersecurity protection and KryptPass users in control of their breached data.
KryptPass’s extensive and detailed approach offers users a clearer understanding of their digital security landscape.
Comments