The following video explains the basis of TOSIBOX® technology – matching of TOSIBOX® devices and the connection establishment.
The detailed steps illustrated in the video are:
I. Physical matching
- In physical matching, the Key is inserted to the Lock’s USB port
- During this process, the devices exchange their security certificates (and public keys)
- This trust relationship is the basis for all communication happening afterwards
II. Connection establishment
- Key and Lock register themselves to the distributed MatchMaker service.
The connection between the MatchMaker and TOSIBOX® devices is encrypted using TLS and mutually authenticated using certificates and PKI.
- Key requests a connection to the Lock.
- The VPN tunnel is mutually authenticated using certificates and PKI.
- The VPN tunnel is established directly between the TOSIBOX® devices.
The connection is end-to-end authenticated and encrypted. Encryption and decryption takes place at the connection end points.
The key features and properties of the distributed MatchMaker service are:
- Needed for device discovery
- Helps with setting up the VPN tunnel
- Not required after the VPN connection is established
- Distributed across multiple data centers in different countries
- Fault-tolerant, backed up
- Monitored 24/7 by Tosibox Oy