Security architecture · Updated 2026-05

Your data.
Locked in your hand.

Your data is locked inside your implant. Not in our database. Not in the cloud. Without your hand, no one can read it, not even us.

Here is how we make that guarantee real.

SkinID is engineered as a zero-knowledge system: the server holds opaque ciphertext, your implant holds the key. A breach of our database alone yields nothing. We cannot decrypt your data. And that is the point.

This describes the zero-knowledge encryption regime that becomes active on every customer's account the moment their chip is provisioned.

The model in one sentence

Each chip stores a 32-byte vault wrap key inside an authenticated encrypted file. Every credential we hold for you is encrypted under that key. To decrypt anything, the chip must physically be in the reader field, complete a mutual AES-128 authentication, and the server must read the wrap key out. No chip in field, no plaintext.

"If your laptop is stolen along with your phone, the attacker has windows, not lifetimes. The chip leaves their hand, the access ends."

Layered defence

1

The chip itself (NXP MIFARE DESFire EV3)

Tamper-resistant secure element from NXP, one of the leading manufacturers of NFC and contactless payment chips worldwide. AES-128 mutual authentication with the server using DESFire EV2 authentication mode. NXP-signed originality certificate so we can verify the silicon is genuine. Without successful authentication, the chip refuses every operation.

2

Chip-bound encryption (zero-knowledge)

Per-credential keys derived via HKDF-SHA256 from the chip's vault wrap key. ChaCha20-Poly1305 AEAD, a modern encryption standard used by Cloudflare, Google services, and the Signal protocol. Associated data binding (user, site, credential id) prevents ciphertext-swap attacks. The server stores ciphertext only.

3

Transport & session security

TLS 1.3, the current internet security standard, with HSTS preload. Strict Content Security Policy, Cross-Origin Opener Policy, and Cross-Origin Resource Policy headers. SameSite=Strict cookies on operator sessions. Per-IP rate limits on authentication, lockout after repeated failed login attempts. All session tokens are SHA-256 hashed at rest.

4

Operations & recovery

Three independent recovery paths so you can never be permanently locked out: a backup chip, a printable Shamir-split key, and a multi-step identity verification process. Every destructive action requires multi-operator approval. Encrypted backups protected with an age private key stored on a separate isolated system.

Threat model

We are honest about what this technology can and cannot defend against.

What we defend against

  • Phishing. Passkeys are origin-bound; phishing fails by construction.
  • Stolen credentials. Each site has a unique, server-generated credential. There is no master password to crack.
  • Server compromise. The server holds ciphertext. Without the chip, an attacker reads garbage.
  • Network eavesdropping. TLS 1.3 and HSTS preload across all endpoints.
  • Stolen device. Every fresh sign-in requires a chip tap.
  • Backup leakage. Backups are encrypted at rest with an age public key whose private half lives on a separate isolated system.
  • Insider attack. Our operators cannot decrypt vaults. Recovery actions require multi-operator approval and a full audit log.

What we don't defend against

  • Physical removal of the chip. Your body, your decision.
  • Coercion. If someone forces you to scan, the system cannot tell.
  • Compromise of your device while the chip is tapped. The window is bounded to the moment of tap.
  • Targeted state-level adversaries with arbitrary code execution on your unlocked device. No consumer authenticator defends against this.
"The strongest passwords can be guessed. Your implant cannot be guessed."

Cryptographic primitives

We are transparent about every algorithm we use. Each encrypted blob carries a one-byte version so we can rotate algorithms without disruption.

UseAlgorithm
Chip mutual authenticationAES-128 (NXP DESFire EV3, EV2 mode)
Vault key on chip32 bytes random, stored in an authenticated file
Per-credential encryptionChaCha20-Poly1305 AEAD with HKDF-SHA256
FIDO assertion signingECDSA P-256 with SHA-256 (FIDO2 and WebAuthn, COSE ES256)
Chip originality verificationECDSA secp224r1, NXP-signed at manufacture
Recovery key sharingShamir Secret Sharing
Operator passwordsPBKDF2-HMAC-SHA256, OWASP-recommended iteration count
Backup at restage (X25519 key exchange, ChaCha20-Poly1305 symmetric)
Constant-time comparisonStandard library constant-time compare
Random number generationOS-provided CSPRNG
TLSTLS 1.3 with HSTS preload

Operator panel hardening

Our customer service staff sign in to a separate panel with its own authentication model. They cannot decrypt customer vaults. They can review state, approve recovery requests, and trigger destructive actions only with peer approval.

For the full operator security model, see the technical architecture page.