VivoKey Apex Applet Poll

After Amals Apex Recent Update, I was wondering which 3 applets everybody else is looking forward to in the Apex line!
Here is your reference guide for the Applets or

Here

Or

A little more explanation on Applets

OTP
One-time password

A one-time password, also known as one-time pin or dynamic password, is a password that is valid for only one login session or transaction

PGP
Pretty Good Privacy ( PGP ) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications

U2F
Universal 2nd Factor (U2F) is an open standard that strengthens and simplifies two-factor authentication (2FA) using near-field communication (NFC)

KeePass
Password Safe is a free and open-source password manager

GIDS
Generic Identity Device Specification (GIDS) for Smart Card Authentication. GIDS sets out the functionality of a physical identity device that can be used for authentication, such as a smart card or USB token. GIDS is a standard for smart cards that enables them to be used for authentication
( I didn’t know this one either)

PIV
Personal Identity Verification

WebAuthn
Web Authentication , the new API that can replace passwords with strong authentication.

Which Apex Applet are you MOST looking forward to?

Which Apex Applet are you MOST looking forward to?
  • VivoKey OTP
  • VivoKey NDEF
  • VivoKey PGP
  • VivoKey U2F
  • VivoKey WebAuthn
  • VivoKey KeePass
  • VivoKey GIDS
  • VivoKey PIV

0 voters

Which Apex Applet are you 2nd most looking forward to?

Which Apex Applet are you 2nd MOST looking forward to?
  • VivoKey OTP
  • VivoKey NDEF
  • VivoKey PGP
  • VivoKey U2F
  • VivoKey WebAuthn
  • VivoKey KeePass
  • VivoKey GIDS
  • VivoKey PIV

0 voters

Which Apex Applet are you 3rd most looking forward to?

Which Apex Applet are you MOST looking forward to?
  • VivoKey OTP
  • VivoKey NDEF
  • VivoKey PGP
  • VivoKey U2F
  • VivoKey WebAuthn
  • VivoKey KeePass
  • VivoKey GIDS
  • VivoKey PIV

0 voters

1 Like

That guide isn’t particularly helpful for people like me.

2 Likes

:fu:
:wink:

Devilishly handsome?
Quick Witted?
Helpful?
Charismatic?

Google is your friend though :stuck_out_tongue_winking_eye:

I have expanded on them somewhere in this forum, I will see if I can find it…give me a bit

2 Likes

Does this help?

As you can see, Vivokey lives up to it’s claim

The VivoKey ecosystem is the collection of VivoKey Identity Services that revolve around you.

3 Likes

None of the above.

I know. I did Google them. I was just throwing it out there, that is a poor guide to have people reference. I should have expanded on that.

I guess the way I look at it, is if I am trying to show someone, or convince a parent, a layman’s guide would be better than the technical terms. Like

This one

2 Likes

YAY!
I have now linked to that post also, thanks for the feedback :+1:

2 Likes

I am assuming the third poll is asking “Which Apex Applet are you 3rd most looking forward to?”

2 Likes

UM, YES, Damnit, it was literally last minute addition, before poll being locked for editing, I will add a title, Thanks

1 Like

Missing options:

◯ Vivokey M1K - emulates a hardened Mifare Classic (for those long winter evenings when you don’t know what to do with your PM3)
â—Ż Vivokey NULL - emulates a dead chip

Come to think of it, the M1K emulation would be genuinely useful :slight_smile:

2 Likes

Are either of those viable options? I thought it couldn’t choose UID (for M1k) and emulating a dead chip… well idk why anyone would want that :joy:

1 Like

I would definitely have voted that one up!

emulating a dead chip is useful for just soooo many delightfully wrong reasons!!

For a good example going beyond pentesting and cybersec reasons:

Immagine you can set a higher level abstraction applet where, if the reader is not recognized, or if X attempts have been made unsuccessfully, it triggers the dead chip emulation mode.

1 Like

I guess we could do that, not sure if our P71 chips from Fidesmo come with Mifare code on-board (it takes a fair bit of ROM and RAM up), but the fact is we can’t control the UID we present - we can present a random, a unique (7 byte), or a NUID (4 byte). The UID and NUID are derived from the actual chip’s UID.

Sorry, not possible guys. All chips have to respond to a default applet select, we did have some ideas of obfuscating the existence of an applet to a select (useless if you can list it out, though, a la fidesmo) and the possibility of listening on additional APDUs (not reallllly feasible).

You could just try to trigger tamper protection (you do have to try this pretty hard though), but it won’t merely emulate a dead chip at that point.

1 Like

Of course you can emulate a dead chip. All you need to program it is a disposable camera with a flash and a piece of copper wire coiled into a loop. Only trouble is, it’s write-only and no other program can coexist :slight_smile:

3 Likes

I prefer my tamper protection emulation better, friend.

1 Like

uh, uh… that one has to go embedded on the elbow, I bet!!

Tricky part is… how we connect the first chip to the implanted disposable camera, since we only want to trigger the dead emulation on a failed attempt, right?
:stuck_out_tongue:

1 Like

image
Link to poll at top for those who haven’t voted

1 Like

You don’t, that’s the trick. You connect the copper coil in lieu of the flash lamp, you put it very close to the implant and you take a photo. Instant NULL app programming. Very simple protocol :slight_smile:

3 Likes

And just like that it becomes WORN (write once, read never)

5 Likes

Well, it is a feature :slight_smile:

1 Like

I just want to drop an applet idea here.
Random NDEF.
You know how some phones can’t handle multiple NDEF records?
Just send a random record every time, or cycle through them.

3 Likes