Can GateKeeper Proximity be spoofed?

GateKeeper Anti-Spoofing.

No. GateKeeper does not pair or connect. GateKeeper was specifically designed to avoid every single Bluetooth issue. GateKeeper is not subject to any traditional security or security flaw in BLE communications. Please refer to the attached data sheet for more information on the GateKeeper Proximity's security.

To prevent spoofing, GateKeeper has the Secure Key Exchange feature. Exchange a secure key with your GateKeeper token to make it cryptographically unique. This will enhance the security of proximity authentication by verifying One-Time Passcodes sent by the token. This prevents the token being spoofed by tools that can read Bluetooth advertisement packets, and thereby will increase the security of the token itself. 

When the Secure Key Exchange option is enabled, the client machine will write a cryptography key to the Halberd token. This key will be saved as part of the token information in the GateKeeper user's profile and on the token itself. Once the key has been written to the token, it will generate a six-digit one-time passcode and include it as part of the Bluetooth advertisement packet. This code rotates every 30 seconds. The GateKeeper Client application will read this code and compare it to its own self-generated code. Only if the codes match will the token authenticate the user onto the computer. The random code is therefore used as an additional verification for the token itself. Once a secure key is written to the token, it cannot be re-provisioned to any other user. Thais means that the token cannot be registered to any other user once the secure key has been exchanged with it.

For any additional questions or concerns regarding proximity settings, computer locking, credential management, or compliance, please contact GateKeeper Enterprise support using the Support Ticket form on https://gkaccess.com/support/ or email support@gkaccess.com.

---------------

GateKeeper spoof attack; antispoof;