top of page

Section Title

This is a Paragraph. Click on "Edit Text" or double click on the text box to start editing the content and make sure to add any relevant details or information that you want to share with your visitors.

  • How permanent is the device binding?
    Ideem’s cryptographic device binding is persistent, giving you a long-life mechanism to leverage the ZSM as a silent second factor and avoid costly approaches like OTPs. For Native Apps, a unique device identifier is generated and encrypted with local cryptographic APIs. The DeviceID will persist even if the app is deleted and reinstalled. The DeviceID for native apps is only lost if the user does a complete factory reset of their device. For Browser-based Apps, a unique device identifier is generated and encrypted with local WebCrypto APIs which binds that ZSM to the browser instance on the device. The ZSM remains through tab closers, browser shut down, device restarts and separate sessions. The browser bound ZSM is only lost if the user manually clears the cache from the browser or the device is factory reset.
  • What happens if the user goes to a new device?
    If the user goes to a new device, there would be no ZSM already bound to the device. In this situation, customers can use an alternate second factor to initially authenticate the user. Once this is done, the ZSM is bound to the app. Going forward, the ZSM will be the 2FA method used. Ideem does have a platform offering where it manages the biometric verification of the user. In this situation, when a user goes to a new device, Ideem prompts the user to do a face biometric, which is then compared with the template on file. If the match is successful, the ZSM is bound cryptographically.
  • Do we have to use your facial recognition service or can we use our own?
    While Ideem does have facial recognition built into the platform to facilitate all 2FA scenarios, you are not required to use it. If you prefer to use your own biometric platform or use a different form of initial user authentication, that is permitted.
  • What protocols are supported for interfacing with ZSM?
    The ZSM supports the standard FIDO2/WebAuthN protocol APIs.
  • Do we need to have our own relying party server, or can we leverage Ideem’s?
    The Ideem platform can be leveraged as the relying party. Or the customer can use their own internal relying party services.
  • What encryption protocols are supported?
    ZSM currently supports RSA and ECDSA. Other protocols can be added on as-needed basis. For a more detailed answer. The ZSM supports: RSA with PSS or PKCS1 v1.5 padding (as defined in standard FIPS 186-5) Supported sign hashing functions: SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA3-224, SHA3-256, SHA3-384, SHA3-512 ECDSA signatures over elliptic curve P256 (as defined in standard FIPS 186-4) Supported sign hashing functions: SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA3-224, SHA3-256, SHA3-384, SHA3-512
  • Is this an on-prem solution or hosted?
    The Ideem platform is a hosted solution by default. In very unique situations, an on-prem enterprise solution can be considered.
  • How can you be sure the keys are safe?
    The ZSM leverages advanced Multiparty Computation (MPC) for its zero-trust architecture. The keys never exist anywhere at one time. A partial key is generated and stored on the device and a partial key is generated and stored on the server. Key shares are refreshed on each use. The ZSM cryptography module has gone through the same NIST FIPS 140-3 validation that hardware secure elements go through.
  • Is the ZSM quantum safe?
    Because the key management used by Ideem leverages information-theoretic MPC and the keys never ever exist in one place,the ZSM is quantum safe. The advancement of various encryption protocols continues, and as better quantum safe encryption schemes are approved, the ZSM will support those.
  • How do I integrate this into my apps?
    The ZSM is an SDK that can be embedded into your native or web application.
  • Will we know it is the same device even if a user accesses the browser and native app on the same device?
    Yes! The Ideem platform is able to link ZSMs in browsers and in native apps for the same company on the same device. The ZSM server also allows you to temporarily or permanently lock a user by app or for the entire device.
bottom of page