Skip to content

Security Overview

Overview

UnoLock's security architecture is built around providing maximum protection for digital assets and sensitive information, ensuring complete privacy and control for users. With advanced features like end-to-end encryption (E2EE), biometric and FIDO2 authentication, post-quantum cryptography, and multi-layered data redundancy, UnoLock offers an unmatched level of security. Key management is handled client-side, meaning only the user can access decryption keys, and critical data is securely encrypted before leaving the device, while features like TimeLock, DuressDecoy, and Plausible Deniability provide robust defenses against unauthorized access or coercion.

Security Architecture

UnoLock CybVault’s security architecture is a multi-layered framework designed to protect your digital assets at every stage of their lifecycle. Operating as a Progressive Web App (PWA), UnoLock ensures that all sensitive operations, such as encryption, decryption, and key management, are performed client-side, adhering to a zero-knowledge model where only the user holds the decryption keys. Data is encrypted locally using AES-256 GCM, a quantum-safe standard, before being transmitted to AWS S3 for storage, where it is further protected by server-side encryption (SSE) and replicated across multiple global data centers for redundancy.

The architecture emphasizes privacy by design, collecting no personally identifiable information (PII), avoiding browser local storage or cookies, and anonymizing all transactions to prevent tracking. FIDO2 and biometric authentication provide passwordless, phishing-resistant access, while post-quantum cryptography (e.g., Kyber, Dilithium) ensures resilience against future quantum threats. For high-risk scenarios, features like TimeLock, DuressDecoy, and Plausible Deniability offer robust defenses against coercion or unauthorized access. The serverless infrastructure minimizes attack surfaces, and AWS CloudTrail auditing ensures all cloud operations are traceable, supporting compliance with GDPR, HIPAA, and other regulations.

This comprehensive approach, combining client-side security, cloud resilience, and privacy-first principles, makes UnoLock a sovereign solution for protecting digital assets, ensuring users retain full control under all circumstances.

Key Security Features

UnoLock CybVault’s security is bolstered by a suite of advanced features, each designed to address specific threats and enhance user control. Below is the full list of security features, each with a brief description and a link to its detailed page:

  • Security Overview: Introduces UnoLock’s comprehensive security architecture for protecting digital assets. Learn More
  • Client Application Isolation in Web Browser: Isolates the UnoLock web app in a sandboxed browser environment to prevent cross-site attacks. Learn More
  • Benefits of Browser Isolation: Enhances protection by preventing malicious sites or extensions from accessing UnoLock sessions. Learn More
  • Cross-Platform Compatibility and Consistent Performance: Ensures consistent security and performance across devices and operating systems. Learn More
  • Browser Content Security Policy (CSP) Isolation: Enforces strict CSP to block unauthorized scripts and mitigate XSS attacks. Learn More
  • Secure Hashing and Signing of PWA Updates: Verifies the integrity and authenticity of PWA updates using cryptographic hashing and signing. Learn More
  • FIDO2 Authentication with WebAuthn for Secure Access: Provides passwordless, phishing-resistant access using FIDO2 and WebAuthn. Learn More
  • Enhanced MFA Security: Strengthens multi-factor authentication with a randomized keypad and keylogger protection. Learn More
  • Client-Side Encryption Using AES-256 GCM: Encrypts data locally with AES-256 GCM for zero-knowledge security. Learn More
  • Secure Direct Storage of Encrypted Data in AWS S3: Stores encrypted data in AWS S3 with secure, direct access. Learn More
  • Dual-Layer Encryption with AWS S3 Server-Side Encryption (SSE): Adds server-side encryption to client-side encrypted data in AWS S3. Learn More
  • Advanced Key Management with Client-Side Keyring: Manages encryption keys securely on the client side. Learn More
  • Advanced Data Deletion and Perfect Forward Secrecy: Ensures secure data deletion with perfect forward secrecy for privacy. Learn More
  • SHA-256 Hash Verification of Uploaded Data: Verifies data integrity using SHA-256 hashes during uploads. Learn More
  • Robust Data Redundancy with AWS S3: Replicates encrypted data across global AWS S3 data centers for reliability. Learn More
  • No Browser Local Storage or Cookies Used: Avoids local storage and cookies to enhance privacy and reduce tracking risks. Learn More
  • Commitment to Anonymity and Data Privacy: Prioritizes user anonymity by avoiding PII and anonymizing transactions. Learn More
  • Advanced API Security with AES-256 GCM and ECDHE_ECDSA: Secures API communications with advanced encryption and key exchange. Learn More
  • Secure Deletion of Safes and Encrypted File Records: Permanently deletes safes and records to prevent recovery. Learn More
  • Plausible Deniability with Dual-Pin Safe System: Enables decoy vaults for protection under coercion. Learn More
  • Robust Key Management with Multi-Key Registration and WebAuthn: Supports multiple keys with secure WebAuthn registration. Learn More
  • Advanced Key Management: Admin and Read-Only Access with Timelock: Offers granular access controls with time-based restrictions. Learn More
  • Secure Viewing of Supported File Types Within the Client Application: Safely views files within the UnoLock app without external exposure. Learn More
  • Inactivity-Triggered Safe Access Methods - LockoutGuard and LegacyLink: Manages access during inactivity with recovery and inheritance options. Learn More
  • Serverless Infrastructure for Enhanced Security: Uses serverless architecture to minimize attack surfaces. Learn More
  • Advanced AWS Account Management: Secures AWS accounts with RBAC, MFA, and CloudTrail auditing. Learn More
  • Stateless Multi-Account Build System with AWS CodePipeline: Isolates builds across AWS accounts for secure CI/CD. Learn More
  • Digital Paper Wallet (DPW) for Cryptocurrency Management: Stores cryptocurrency keys offline for maximum security. Learn More
  • Spaces: Granular Data Access and Control: Segments data into isolated environments with fine-grained permissions. Learn More
  • Quadruple Encryption & WebAuthn Digital Paper Wallet (DPW): Applies four encryption layers and WebAuthn for ultimate key security. Learn More
  • Post-Quantum Encryption Security: Employs quantum-resistant cryptography (Kyber, Dilithium) to protect data and communications. Learn More
  • Safe to Safe Messaging Security: Enables zero-trust, post-quantum encrypted vault-to-vault messaging with metadata anonymity. Learn More
  • UnoLock Eyes-Only Security: Provides anonymous, post-quantum encrypted file and message transmission with zero metadata. Learn More