Why We Built KEEVO (Part 2) — The Tech Behind The Device

Introducing Keevo — the most secure AND convenient way to manage your digital identity and cryptocurrency

Read Part 1 HERE for an overview of the Keevo team and vision.

We believe Keevo is THE most secure self-sovereign hardware wallet ever.

Yes, we know… that’s a bold claim. And, it might sound like the usual ICO hyperbole. But stay with us and read on. Although there is never a 100% failure-free and hack-proof system — and anyone who tells you otherwise isn’t credible — we truly believe that Keevo offers a significant advancement in security and is future-proofed with unrivaled support to ensure you won’t lose your assets

A “Quantum Leap” in Security

[Note to our readers familiar with quantum mechanics: we’re using the term “quantum” here to mean a “giant leap forward” as in the cultural vernacular.]

Introducing Keevo’s Multi-Factor / Multi-Signature Authentication.

At the heart of Keevo’s game-changing security and privacy is our Multi-Factor / Multi-Sig Authentication system (MF/MSA).

MF/MSA enables Keevo to be the world’s first and only four factor authentication solution (“4FA”) to store, access and transfer digital assets like cryptocurrencies. It also enables two signatures for each factor — one for the owner and one for a beneficiary named by the owner.

Keevo’s First Four Factors

Keevo ships with four authentication factors. Additional factors will be added in the near future (see below for more on these additional factors).

1. Your Keevo Wallet or primary hardware device (something you own)
2. Your Strong Password that you created (something you know)
3. Your Fingerprint (something unique to you)
4. Your Keevo Carbon Key or secondary hardware device used for key recovery (something you store)

In addition to two standard factors used by other wallets (device + pin), Keevo‘s MF/MSA employs a third and fourth factors to encrypt and decrypt private keys…

The third factor is your fingerprint. Keevo’s first-in-class biometric sensor securely analyzes and cryptographically stores your fingerprint information and uses it to access another private key hidden within an enclave which is then required to restore your master key.

The fourth factor is the Keevo Carbon Key (“something you store”). All Keevo vaults come with the hardware wallet and Carbon Key. The Carbon Key is a separate backup device which has its own unique and randomly generated key along with a secure memory unit where Keevo also stores all of your other encrypted sub keys. All the electronic communication and information transferred between the Keevo Wallet and Keevo Carbon Key are transmitted through custom contacts and encrypted communication protocols.

Getting Into More Technical Details

Keevo’s MF/MSA is based on Shamir’s Secret Sharing Algorithm — essentially an application of the Lagrange Polynomial. Keevo’s MF/MSA introduces a second tier or multiple additional tiers of factors and signatures as needed. This makes Keevo’s MF/MSA system incredibly extensible.

Our initial 4FA solution requires signatures from any of 3 out of 4 factors. We plan on introducing additional factors and the ability to create and require more signatures, too. Our MF/MSA system can require any (k) number of signatures and factors out of (n) total to authenticate and validate a transaction. As such and with our Master Key, we divide the Master Key into multiple factors: F1, F2, … Fn. Each factor is unique and independent; a factor could be any type or category of keys. For example a Factor (Fn ) could be any of the following future potential factors:

• F5 other types of hardware devices (e.g., another form factor from Keevo or other existing hardware devices like a mobile phone, pad or computer, etc which are authenticated.)
• F6 other types of biometric data like a facial image, optical scan or voice print
• F7 unique content which is created and stored in Keevo (e.g., a picture or video) or content which is produced/delivered/consumed by Keevo (e.g., a special QR code or holographic image)
• F8 a defined GPS lat-long set by an address or a geo-fenced set of coordinates which much be read by a given Keevo device
• F9 a defined group of Keevo devices which all detect and record each other’s BLE beacons within a specified proximity of each other and a given point in time (e.g., a physical group meeting captured digitally)
• Fn many other types of factors

For each factor, Keevo can enable requirements to have one or more unique signatures which are then encrypted and used in order to decrypt the factor’s sub-key. Restoring the user’s private master key (Key0) can then require valid signatures and sub-keys from at least k out of n of the other factors.

At launch, we are offering two signatures: one for you, the owner, and one for a beneficiary you name (more on that below). In time, we plan on adding the capability to store and require multiple signatures in order to validate a transaction. For example, we could offer the ability to create multiple beneficiaries. Or, enterprises could create custom smart contracts and business rules that require multiple signatures from across or up and down a hierarchical organization.

But don’t let this complexity and future extensibility scare you away. For daily use and with our first model, it’s verysafe and simple to use your Keevo with just 3 out of 4 factors and one signature. All you need is your Keevo wallet, fingerprint and PIN to sign a transaction. Done.

Eliminating Paper Anxiety

If you already own a crypto hardware wallet, you’re likely familiar with writing down paper seed phrases to recover your private keys in the event your wallet is lost, stolen, or damaged.

But the problem is: anyone who has access to that piece of paper with your seed phrases has full access to your cryptocurrency and digital assets (anything that is being protected with the private keys on your hardware wallet). So, … where to store this precious piece of paper and keep your seed phrase secret is a major pain point causing anxiety, inconvenience and opening up a significant security risk (more on that below).

Leveraging our MF/MSA system, Keevo does not require paper seed phrases for recovering private keys. Instead, your secure Carbon Key + fingerprint + pin are used. This means that even if someone has access to your Carbon Key, the contents are completely secure and there’s nothing they can do with it.

In the unfortunate situations where you lose or fear someone stole your Keevo or in the highly unlikely case where your Keevo becomes inoperable, our MF/MSA system also offers a very secure, easy and private way to restore your master key and access your crypto. Rest assured, in any of these cases, we have you covered. First off, if your Keevo wallet is stolen, the thief wouldn’t be able to access your crypto because they would also need to have BOTH your strong PIN and fingerprint in order to restore your master key and sign any transactions like transferring your digital assets. You, on the other hand, can easily obtain a replacement Keevo and restore/re-set your private master key and access your digital assets by using your Carbon Key, your PIN and fingerprint. Again, any 3 out of 4 factors and valid signatures for each of those factors with our MF/MSA system allows you to access and reset your master Private Key.

White Paper

You can learn more about our MF/MSA system by reading our white paper here. And, as we get closer to launch and stabilize our firmware and software, we also plan to make it open-source and fully open to community audit. We believe in transparency and want to eliminate any mistrust (or implicit requirement of trust) by allowing anyone and everyone to review our code, verify its integrity and support the veracity of our claims. We’ll also welcome suggestions for improvements and will initiate a “bug bounty” program to encourage our community and any white hat hackers to identify and share with us any vulnerabilities they discover privately so that we can fix them for the benefit of the community.

Quantum Leap in Technology: Keevo’s Next Gen Security

In addition to our MF/MSA system, we’ve designed in a lot of technology which gives us the confidence to call Keevo the most secure wallet ever.

Keevo includes several state-of-the-art technological improvements to deliver unmatched security and privacy while still offering a very easy-to-use solution.

First, our dual chip architecture includes two triple-core secure processors for performance and security. These two separate and embedded high-end security micro control units from leading microprocessor suppliers are the same MCUs used to secure passports and credit cards (CC EAL5+ certified). And, with this dual chip architecture, your private keys and encrypted signature sub-keys are completely segregated and never leave the Keevo device. All private keys are safely divided and isolated inside the Keevo device’s two secure elements.

As such, no complete key information is cloud synchronized via internet or stored in any other database off of the device. All transactions are authenticated and signed only on the Keevo device itself. Any information which is transferred between the Keevo device and the Carbon Key or the Keevo downloadable web application will be transmitted via custom contacts, USB and/or BLE and will have both one-way and mutual authentication through secure U2F encrypted end-to-end communication. This helps thwart common man-in-the-middle or other attack vectors targeting the HSM control and communication interface.

Importantly, even if you choose to have Keevo store your Carbon Key in one of our secure storage facilities (more on that and our Keevo Premium Plus Service in our next post), no one at Keevo — or anyone else for that matter — will be able to access your private sub-keys on your Carbon Key. These sub-keys can only be created and used on your Keevo after you input your PIN and biometric. The only information that ever leaves the Keevo device and is stored on the Carbon Key is the encrypted portion of the sub-keys which can be used along with your other signature information (e.g., biometric fingerprint and strong PIN) to create and sign the key for that factor. Said another way, even if someone were to get a hold of and hack into the encrypted information on the Keevo Carbon Key, there is nothing they could do with that information unless they also had your fingerprint and strong PIN to decrypt the sub-keys.

We’ve also designed and built in several threat detection, anti-tampering and anti-malware defensive solutions. These include both a hardware and software multi-model tamper detection system using light, vibration & filaments with dedicated power supplies and content purge/lock down protocols. And, all components and peripherals have been laser etched and/or embedded to protect against intrusions.

And, last but not least, we plan on manufacturing and assembling all of our core electrical components and software with trusted partners in secure locations in the United States.

Quantum Leap in Convenience

In order to break the forced compromise between security and convenience, we are also equally focused on offering a solution with unrivaled beauty, simplicity and ease-of-use.

More specifically, we set out to address three big user frictions with the current offerings available:

1. Pain Points: As we mentioned above, we think paper seed phrases are incredibly inconvenient to capture/access and ridiculously unsafe to store.
2. Unmet Needs: transferring crypto assets to a beneficiary is very difficult and doing so without sharing your private key or any of your personal account information is impossible.
3. Latent Desires: we couldn’t find any premium hardware wallets we wanted or felt were worthy of storing our digital identities and assets

We believe Keevo delivers a truly differentiated product and service which uniquely solves all 3 of these frictions.

World’s First Secure Paperless Recovery

If blockchain technology is truly going to usher in the era of digital stored value and if cryptocurrencies will truly eliminate the need for government-issued paper money, why does every hardware wallet still need paper recovery cards? Keevo doesn’t. As we’ve described and leveraging our MF/MSA system, Keevo offers the world’s first and only paperless recovery solution. With paperless recovery, Keevo entirely eliminates the anxiety and hassle of handling the most inconvenient, arcane and insecure aspect of every other hardware wallet: the piece of paper.

We think this solves a huge pain point in both convenience and security. Put simply, we think writing down, trying to securely store and then re-entering a seed phrase is incredibly inconvenient AND unbelievably unsafe. Some examples for how we’ve heard people bending over backwards to try to keep their seed phrases supposedly safe by using steel wallets, locks and safes, tamper-evident bags and fire/water-proof pouches can be seen here. Etching seed phrases into stones was the craziest idea we heard about here. And, this would all be somewhat funny if the implications of losing your seed phrases and enabling others to access your private key weren’t so significant.

As we described above, Keevo is the only hardware wallet that doesn’t require a seed phrase of 12 to 24 words or a recovery card where that mnemonic is written down, stored and needs to be accessed/entered to restore a lost, stolen or inoperable device. Instead, you can simply use Keevo’s Carbon Key, our MF/MSA system and your PIN and fingerprint to restore your private keys.

World’s First Native Beneficiary Service

With Keevo’s optional Premium Plus service (more on this in our next post), members can choose to name a beneficiary (e.g., a significant other, spouse, parent, child or friend) and have them create a separate account and enter their strong PIN (which only they know) and their biometric information. The data or signatures for your beneficiary’s sub-keys will then be encrypted as part of Keevo’s Multi-Factor / Multi-Sig Authentication system and stored on your Carbon Key which we will store for you in one of our Premium Plus vaults.

Upon your death, your beneficiary can then authenticate her or himself with Keevo and provide us with valid proof of your death (e.g., an original death certificate that has been apostilled just like any heir would do with a bank or other financial institution). Once your death and beneficiary are validated, we will send them your Carbon Key to the recovery address they created and have on file with their account. Once they receive your Carbon Key, they can enter their PIN and their biometric to restore and reset your assets. Again, and if for any reason the person who receives your Carbon Key is not the person you named and set up as your beneficiary on your Keevo, your crypto is still safe. The Carbon Key would be totally useless to any thief since your true beneficiary needs to enter their fingerprint and PIN to decrypt the sub-keys which are stored on the Carbon Key.

In addition to this simplicity and security, Keevo’s native beneficiary solution offers the ultimate in privacy and control. You can enable the transfer of your assets to your beneficiary upon your death without ever having to trust or share with any other third party (including Keevo) your private account information, password or private keys. This transfer mechanism is built in to our MF/MSA system and is one of the benefits of having multi-sig authentication along with our unique Carbon Key and Premium Plus service.

World’s First hardware wallet that’s worthy of storing your assets

OK, this one is subjective as a “world’s first.”

But one of the big reasons we created Keevo was to own a beautiful piece of hardware that didn’t look and feel like a cheap USB drive. We wanted a hardware wallet that’s strong and durable and felt worthy of protecting our digital identities and virtual assets. Afterall, that’s worth a lot.

Keevo’s premium design embodies a trapezoidal geometry and form factor that takes inspirations from a precious bar of metal similar to a gold ingot.

For convenient transportation and mobility, the Keevo digital vault has the same proportions as any bank ATM or credit card. The weight-in-hand reinforces the premium nature of the device and our focus on quality and durability is reinforced throughout. Keevo’s front case is a molded and CNC machined aluminum-alloy enclosure with a glass bead-blasted finish which is highly attractive, smudge-proof, incredibly durable and secure yet light-weight and convenient. The back enclosure is molded from glass-fiber reinforced ABS with a rubberized texture to be secure in hand while also diminishing blemishes from the occasional bump and scrape. The full enclosure is then laser sealed with a 2-stage adhesive and IP65 Ingress Protection for water and dust-tight everyday use and to protect the integrity of the internal components from fire, any tampering or dis-assembly. Our drop testing requirements will also make sure Keevo is very durable and reliable.

We’ve also designed in several other key features which deliver convenience and ease-of-use. Keevo’s premium display is a 2.8 inch color touch-screen which is carved into the facade at a slant to provide an attractive and dynamic canvas for on-screen information, confirmations and entries. The capacitive touch screen user interface allow for ease of use and convenience while the lithium-ion polymer rechargeable battery provides ease of untethered use for up to a month of typical use and fast recharging. And, the secure BLE 5.0 antenna allows you to access your digital vault and manage your crypto assets from anywhere, anytime wirelessly or by connecting to virtually any device where you can connect to the Keevo downloadable application.

Keevo’s dual chip architecture also enables us to efficiently utilize substantially more secure memory than most other devices on the market. This gives Keevo the ability to provide extensive cryptographic support for concurrent usage of many cryptocurrencies. While we’re still finalizing the top coin libraries preferred by our community and which we’ll offer at launch (you can still vote here and we’ll release the list of supported coins as we get closer to our ship date later this summer), Keevo will have an entirely new and easy-to-use operating system that will make managing and trading your crypto much faster and more intuitive.

Last but not least, we will make available to our initial pre-order customers a limited edition Keevo which comes with a numbered permanent desktop case for you to store your Keevo Digital vault, power cord and connectors. This case is constructed with a rigid, textured housing and full-grain leather cover. The interior features alcantara lined storage areas for the Keevo Device, Carbon Key and USB-C cable, as well as additional room for other small devices that help you manage and securely store your digital assets (e.g. smaller keys, flash drives, etc.). And, each pre-order customer’s limited edition case will also come with an engraved nameplate that has the inscribed number identifying your unique Keevo device number as it came off the production line.

With all these features, our commitment to quality and our obsession with breaking the compromise between security and convenience, we’re confident in saying that we believe no other hardware wallet or software solution even comes close to measuring up.

— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — -

Stay tuned for follow up posts in the coming days on our Premium Plus membership and services, technical specifications, production and delivery roadmap, partnerships, pricing, launch plan and more.

Learn more and pre-order your Keevo HERE

Invitations and product updates are being released to people who sign-up. Pre-order invitations will start going out later this month (June, 2019).