Our safety features at a glance

Sicheres und einfaches Login in Tapkey App

Simple Login Experience

When using the Tapkey app, our users have the choice between username/password based login or well-established virtual identities like the Google account or Apple ID, giving all the world-class protection already built into these technologies.

Delegated Authentication

When integrating our patented technology into custom apps, customers can connect their own standards-based OAuth identity providers with Tapkey. Thus they can offer all the security and flexibility they need.

Delegierte Authentifizierung bei Tapkey App Integration
Delegierte Authentifizierung bei Tapkey App Integration

Delegated Authentication

When integrating our patented technology into custom apps, customers can connect their own standards-based OAuth identity providers with Tapkey. Thus they can offer all the security and flexibility they need.

Das Lock Control Protocol von Tapkey

Tapkey Lock Control Protocol

Tapkey is reviewed and continuously improved by trusted experts. The Tapkey Lock Control Protocol is our application layer protocol used for communication between locks and external devices, like smartphones or NFC transponders.

Protected, Digital Keys

Individual keys for each device, no reuse of keys, limited validity and extensive revocation mechanisms: that’s what we do to keep your keys secure.

Deine digitalen Schlüssel sind bei uns vor einer Fremdübernahme geschützt.
Deine digitalen Schlüssel sind bei uns vor einer Fremdübernahme geschützt.

Protected, Digital Keys

Individual keys for each device, no reuse of keys, limited validity and extensive revocation mechanisms: that’s what we do to keep your keys secure.

Tapkey bietet dir eine stabile & skalierbare Backend-Infrastruktur

Stable & Scalable Backend Infrastructure

Our highly scalable cloud infrastructure is hosted in European data centers with high security standards. We are continually implementing state-of-the-art protection measures against attacks and have monitoring for early detection of problems in place.

How we protect your data

Tapkey boasts several layers of security. We’re using SSL/TLS encryption protocols for data transfer, while permissions are stored in the Tapkey Trust Service to ensure utmost security.

Tapkey setzt auf Sicherheitstechnologie

Trusted Technology

Tapkey is trusted by a number of internationally renowned partners. They believe in our technology and the power of mobile access.

Tapkey and security at a glance

Always Up-to-Date

Responsible Disclosure of security vulnerability

Although we try to build a high quality and secure product, we know that nothing is perfect. If you find a security problem in one of our products, please let us know! We follow a responsible disclosure policy. Hence, we like to work together with external security researchers that have found flaws in our products to resolve them and publish information about the vulnerabilities to protect our customers. If you want to report a vulnerability, please contact us at security@tapkey.com.

Security Whitepaper

We have summarized general information about the security of the Tapkey system in a whitepaper. Just subscribe to our newsletter.

Note about CVE-2021-44228

Tapkey’s production systems are not affected by CVE-2021-44228.

CVE-2021-44228 is related to a critical vulnerability of Apache’s Log4j logging component that could allow attackers to execute arbitrary code on affected systems.

Tapkey’s production systems are not affected by CVE-2021-44228. The Tapkey Trust Service doesn’t use Log4j in any way and therefore isn’t affected by the vulnerability. The Tapkey Mobile SDK and the Tapkey App do use the Java language but don’t use Log4j. Moreover, the targeted operating systems (Android and iOS) don’t support JNDI, which would be required to exploit the vulnerability. The Tapkey Lock SDK isn’t affected, because it doesn’t use Log4j or the JVM in any way. That said, we did identify one non-production component that references a vulnerable version of Log4j. We do host some example code for Java developers on GitHub, which can be found here. The code uses spring-boot in a version that references a vulnerable version of Log4j. This sample code isn’t directly affected by the vulnerability by default, because even though it references Log4j, it is not configured to use it. However, we updated the sample to make sure a fixed version of Log4j is being referenced. Customers that use our Java example code as a basis for their own components are suggested to update their code accordingly.

Tapkey is Pentest approved

Our constant commitment to maintain the highest security levels for our systems is in our company’s DNA and at the heart of everything we do. We’re therefore particularly delighted that this has also been recognised by external experts. Tapkey is officially SySS Security Approved!

Tapkey ist Pentest approved
Tapkey against BLE Relay Attacks

We at Tapkey are often asked by our customers whether Tapkey is affected by the demonstrated kinds of attacks on the Bluetooth technology standard. The short answer: It is not and has never been.