'Secure Key Exchange' option GateKeeper explained.

GateKeeper Secure Key Exchange.

Exchange a secure key with your GateKeeper token to make it cryptographically unique. This will enhance the security of proximity authentication by verifying One-Time Passcodes sent by the token.

When the Secure Key exchange option is enabled, the client machine will write a cryptography key to the Halberd token. This key will be saved as part of the token information in the GateKeeper user's profile and on the token itself. Once the key has been written to the token, it will generate a six-digit one-time passcode and include it as part of the Bluetooth advertisement packet. This code will change every 30 seconds. The GateKeeper Client application will read this code and compare it to its own self-generated code. Only if the codes match will the token be allowed to authenticate the user onto the computer. The random code is therefore used as an additional verification for the token itself. This prevents the token from being spoofed by tools that can read Bluetooth packets, thereby increasing the security of the token itself. 

This option is only available to GateKeeper Enterprise subscribers. The Secure Key Exchange process must happen on the computer itself (GateKeeper Client) and cannot be done on the GateKeeper Hub admin console, as the process requires a proximity Bluetooth connection.

Warning: If a secured token is reprovisioned to another user, the secure key exchange process must be repeated by the new user. 

Step 1: GateKeeper Hub: Enable Secure Key Exchange

1. Log on to the GateKeeper Hub
2. Go to the Groups & Settings Page
3. Click on the Global Settings Button
4. Click User Settings.
5. Enable the Secure Key Exchange Option
6. Save Changes

Step 2: GateKeeper Client Application: Exchange a secure key with the token

1. Open your GateKeeper Client application on your PC by pressing the Windows key on your keyboard and start typing "GateKeeper".

2. Click Add Security Key to Token on the Client Dashboard. 

3. Touch and hold your Halberd token to the USB Sensor, then click Start and follow the on-screen prompts.

4. Press and hold the button on your Halberd token until you hear a beep and a green LED turns on. Click the Exchange Secure Key button. *Your computer will immediately lock if the button Lock feature is enabled. Log in again using your PIN to unlock the computer and continue the process. 

5. The process for writing the secure key to the token will take up to 90 seconds. During this time, make sure to keep the token near the USB sensor to maintain the Bluetooth connection. A message confirming the success will appear, and the Add Security Key to Token button will be gone. Done!

For any additional questions or concerns regarding cryptographic encryption, security, continuous authentication, proximity settings, computer locking, credential management, or compliance, please contact GateKeeper Enterprise support using the Support Ticket form on https://gkaccess.com/support/ or email support@gkaccess.com.

--------------------------
GateKeeper secure key exchange; Gatekeeper cryptography; public-key exchange; public key exchange; public-key cryptography; public key cryptography; data at rest encryption; anti-sniffing; anti-snooping; anti-bluetooth sniffing; password encryption; encrypted token; encrypt key fob; encrypt credentials; 'Secure Key Exchange' option in GateKeeper explained.;