 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
(version 7 and before)
At MT Impossible Corp., we take remote access seriously and we believe there is only one suitable security:
| Definitions: | |
SEKs
|
Session Encryption Keys A SEK is a buffer of characters (12KB by default allowing about 200 sessions). This buffer is privately Hotsync between your Remote and your PDA. Each series of 26 characters from the buffer produces a 128-bit key. At login time, a 128-bit key is extracted and consumed from the SEK for Authentication. After authentication, another 128-bit Encryption key is consumed for encryption of the display. Finally, a 3rd 128-bit encryption key is consumed to encrypt keyboard and mouse commands. For every 500KB of encrypted display data, another 128-bit key is consumed from the SEK. For every 1KB of keyboard or mouse commands, another 128-bit key is consumed from the SEK. Before your SEKs are all consumed, you should Hotsync new keys between your PDA and the corresponding Remote computer. Keys are never reused. Once consumed, they are obsolete. |
|
AK
|
Account Key This is a 98-bit binary key that was sent to your email account and Hotsync in a file like "WinHand_AccountKey.prc". This is private between your PDA and the Win-Hand Connection Server. The AK is never transmitted during any Win-Hand connection. |
|
Password
|
Account Password This is a 6 character password producing a 30-bit binary key. It is shared by your PDA, all Remote computers you want to access and the Win-Hand Connection Server. The Win-Hand Connection Server uses it to authenticate the Remote computer(s) you want to connect to. The Password is never transmitted during any Win-Hand connection. The Win-Hand Connection Server uses a challenge/response encoding mechanism to determine if a Remote computer has the proper Password. |
|
AEK
|
Account Encryption Key AEK = AK + Password Once the 98-bit of the AK is combined with the 30-bit of the Password, it produces a 128-bit Account Encryption Key. This key is used to Authenticate your PDA when connecting to the Win-Hand Connection Server. It is used to encrypt private information like password, email address, phone number, credit card information, physical address, etc. The AEK is never transmitted during any Win-Hand connection. The Win-Hand Connection Server uses a challenge/response encoding mechanism to determine if a PDA has the correct AEK. |
Lots of SEKs
. . .
Win-Hand is completely secure because it never uses a SEK a second time.
Win-Hand's security relies on the fact that the PDA and the Remote have regular physical and private contact. Most other security systems can not afford this physical contact and depend on reusing some keys.
Encryption
SEKs are used to generate buffers of random bytes. During the process of communication, the Remote display image, keyboard and mouse commands are encrypted using the random bytes. The keys are never communicated in any form over the communication channel. They are extracted out of the SEKs which is strictly private between the Remote computer and the PDA. Once a random buffer is all used, another key is consumed out of the SEKs to generate another random buffer. The keys are never reused.
Private Account Key
Win-Hand's security is separated into two parts:
- Your PDA (containing your AK and your SEKs);
- Your Password (which we presume is stored in your head).
If you loose both your PDA and your Password, your Win-Hand security is breached: you should go on your Remote computer and de-activate Win-Hand; then Contact Us to generate and email you a new AEK.