Keystroke Encryption




The Vulnerable Gap in Endpoint Security

An estimated 16 million mobile devices are infected with mobile malware annually, with threats constantly on the rise. Traditional keystroke data flows from your mobile keyboard through your operating system before it appears in your apps. Hidden along the way are areas of vulnerability where cyber criminals can plant keylogging spyware. With (BYOD) Bring your own device and mobile cyber attacks both increasing, enterprises must address security with tools to thwart the massive vulnerabilities that exist when using infected apps and phishing emails and messages, which download keylogging spyware.

EndpointLock™  protects your keystroke data by installing a secure encrypted keyboard that creates an alternate pathway to your apps, routing your encrypted data around the areas of vulnerability. For added security, the EndpointLock™ pathway is protected by a complex 256-bit encryption code

Keyloggers are a primary component of all malware and advanced persistent threats. They are a type of surveillance software that has the capability to record every keystroke an employee makes on their keyboard. Keyloggers are leveraged in the first stages of a breach to gain access credentials into the network of an organization. They are often installed on the endpoint’s device after a successful spear phishing attack when the victim clicks on an infected link or opens an attachment containing the malware. In addition, most keyloggers come with the ability to change their form (polymorphic) and go undetected as they quickly spread between the endpoints within the Enterprise. [1] The keylogger installs low in the OSI and captures the keystrokes as they pass through the stack on their way to the browser or application. See Figure 1 below, which depicts the vulnerable gap that exists in endpoint security. 

Solution: EndpointLock™ with Keystroke Transport Layer Security (KTLS™)
To mitigate input capture via keylogger, EndpointLock utilizes KTLS (Keystroke Transport Layer Security) to protect the transport of keystrokes from the point of data entry. While SSL and TLS begin strong cryptography at Layer 4 or, the Transport Layer within OSI, KTLS begins strong cryptography from the kernel level at ring 0 and encrypts all keystrokes. The keystrokes travel on a 256bit encrypted pathway and are decrypted into the text box.


For optimum protection of corporate access credentials, keystroke encryption software should be installed on all connected desktop and mobile devices within an organization to help avert the advancement of a breach. See Figure 2 below.

  •  KTLS takes control of the keyboard driver at the lowest layer in the kernel, Ring “0”

  • Protects keystroke data by creating an alternate AES 256 AES bit encrypted pathway, routing the data around the area of vulnerability

  • Create Encrypted Keystroke packet per keystroke

  • Create Decrypt packet per keystroke for Encrypted Keystroke

  • Send Decrypt packet into text box requesting stroke and then deliver encrypted keystroke and decrypt keystroke directly into application


EndpointLock Key Benefits:

  •  Secures Access Credentials and other sensitive information

  •  Secures BYOD (Bring Your Own Device) and Remote Login, which can pose the highest threat

  •  Automatically installs to your TPM (Trusted Platform Module) if available

  •  Scalable with many deployment methods including MS GPO, PowerShell, SCCM, 3rd Party Apps

  •  Available in Desktop (Windows and Mac) or Mobile (Android and iOS)


EndpointLock for Desktop Other Features:

  • Visual confirmation: On desktop, all encrypted text is highlighted in supported browsers. On Mobile the Secure Keyboard logo indicates the encrypted keyboard is in use

  •  Clickjack Protection: Warns of possible clickjacking attack by highlighting the hidden object with a red dotted line.  

  •  Kernel Compromise Warning detects the presence of unsigned software of if a driver has been altered since EndpointLock was installed

  • Self-Monitoring Capability: Anti-subversive technology prevents EndpointLock from being by-passed by other software by reinstalling itself into the first position in the kernel level.

  • Can encrypt all international keyboards

EndpointLock for Mobile

With mobile threats constantly on the rise, keystroke Encryption should be installed as a first line of defense to protect all mobile activity. See Figure 3 below, which depicts KTLS (Keystroke Transport Layer Security) being utilized for the secure transport of mobile keystrokes.

  • Keystrokes are delivered to the mobile application via an alternate encrypted keyboard and delivery channel

  •  Keystrokes are not stored in data dictionaries or keyboard cache files

  • Keystrokes are not accessible to the granted permissions process

EndpointLock Mobile SDK (Software Developer’s Kit)  

Keystroke encryption can be embedded right into your mobile app. Users will feel confident as they provision and use the app, add credentials and other sensitive information.

Problem: The Dark Web’s Emerging Threat to the Enterprise
The Dark Web has quickly become a coveted resource for cybercriminals. Employee credentials such as usernames and passwords are the digital gatekeepers to your organization’s most valuable assets. They are used to connect to private business applications, member information, online banking and to access sensitive company data files. Every day, the dark web exposes thousands of employee credentials inside stolen databases. To any disgruntled employee or cyber thief, these credentials represent a big payday. Cybercriminals may purchase and use your company credentials to target compromised employees, get into business banking, payroll systems, infiltrate sensitive information and more.

Solution: DarkWebIntel Domain and Unlimited Email Scanning

Organizations must keep one-step ahead with tools like DarkWebIntel, which offer monitoring and early discovery of breached employee credentials as well as other exposed corporate information. 
Cyield and its partners monitor thousands of Dark Web and black-market sites daily and sifts through billions of records to locate and report to you any found employee credentials. Being in-the-know on the state of your company’s digital security can be a powerful threat intelligence aid because it gives you the ability to understand your weak links, be proactive and mitigate further compromise. The person who is in control of an email address can reset the password of any associated services or accounts –merely by requesting a password reset email. 70% of our scans return compromised information from the DarkWeb.


DarkWebIntel Domain Scan Key Benefits:

  • Searches the Dark Web 24/7 for any instances of your company domain and associated domains (includes corporate credentials)

  • Provides alerts if monitored domain is detected found

  • Notifies you each month if no instances of exposure are found

  • Helps reduce and eliminate loss

DarkWebIntel Unlimited Email Scan Key Benefits:


  • Provides 24/7 unlimited access to our email address self-scan portal

  • Provides a detailed report and offers the appropriate action to take

  • Check an unlimited number of personal email addresses; this is especially important for:
    1.  BYOD (Bring Your Own Device) and Remote Login
    2.   Employees who use personal email address to connect to     business accounts

  •  Helps reduce and eliminate loss

Check out our EndpointLock Video Demo and client example: 




EndpointLock proactively stops keyloggers by encrypting each keystroke at the point of data entry and rerouting the encrypted keystrokes directly to the browser or desktop application.

With EndpointLock, instead of capturing your actual data, keyloggers see only a random string of meaningless numbers.

EndpointLock is designed as a secure keyboard, available whenever a browser or desktop application is launched. This keyboard can be branded with your logo and hyperlink.