To protect the access to Bluetooth and the OEM interface, we have thought about some things. So we can guarantee that an unauthorized connection to the USB-Key is impossible. This is important because the USB-Key emulates a keyboard and only authorized persons or their devices are allowed to access it. It is almost impossible for an attacker to gain access to the computer via the USB-Key. Guaranteed!
The classic five protection goals are achieved, which are a prerequisite for safety:
Only those who are in possession of the necessary certificates resp. key pairs can establish a connection to the USB-Key.
Each USB-Key receives its own public and private key pair during production. At the same time a corresponding key pair for the mobile phone is generated. These key pairs cannot be changed afterwards. The authenticity is checked mutually with the public key of the other communication participant (USB-Key - telephone). If the check fails, the connection is terminated.
On the USB-Key, the keys are written to a protected memory area that cannot be changed afterwards. In addition, the firmware is signed and it is checked by a security boot-loader at each startup. If the security boot-loader detects manipulation, the USB -Key will not start anymore and has to be considered as destroyed. The security boot-loader itself is also located in the protected memory area, which cannot be changed after programming without destroying the USB-Key.
If the first three characteristics are fulfilled, availability is also given. In all other cases it is not possible to establish a connection and enter the HID interface character on the host (computer etc.).
If the first four properties are given, an API key is required, which allows the input of characters via the HID interface after the authorized connection has been established. The API-keys are created individually for the integrators, depending on the desired license, and the functions of the USB-key are enabled accordingly.