# How JEMPass Protects You Against Device Loss, Theft or Compromise JEMPass incorporates a number of safeguards to protect you and your data when your devices are lost or stolen. The safeguards we have implemented are designed to address all major scenarios that create the risk of data compromise or loss as discussed below. The JEMPass technical architecture contributes significantly to its security. At a high level, the JEMPass architecture includes two principal components: * JEMPass Keychain, which receives encrypted data from JEMPass servers *after you authenticate herself* using your JEM AirKey. * JEM AirKey, which is responsible for secure cryptographic operations to authenticate you and securely provide Keychain the resources it needs to decrypt the encrypted data it receives from JEMPass servers. A User Device is any device on which you have added your JEMPass Keychain. This includes iPhone, iPad, Android devices, Macs, and PCs. Instances of Google Chrome and Microsoft Edge on which you have added JEMPass Keychain browser extension are also considered User Devices. ## JEMPass Keychain on User Devices The following discussion summarizes how JEMPass protects different parts of your Keychain data. #### Keychain Table Data When you sign in to JEMPass (using your JEM AirKey) on a User Device, an authenticated session is created and a subset of your Keychain Table Data is transmitted by our servers to your User Device and decrypted using your JEM AirKey. Keychain Table Data contains information about each record in your Keychain, and includes the following elements: * Title * App or website to which that record applies * Username - the username that you use to sign in to the app or website #### Password Data Password data includes the password and other password-like elements associated with each Keychain record. Password data associated with each Keychain record is encrypted using a unique cryptographic key, can only be decrypted by your JEM AirKey, and is only decrypted on demand. Decrypted password data is never saved to disk or local storage. Decrypted password data is erased from User Devices' system memory after a short while. ## JEM AirKey HD (hardware device) JEM AirKeys make JEMPass special, and play a crucial role in securing your data. It is responsible for secure cryptographic operations to authenticate you to JEMPass servers and securely provide Keychain the resources it needs to decrypt the encrypted data it receives from JEMPass servers. Our design, and our manufacturing and operational processes and procedures reflect the importance of this component. For example: * Cryptographic keys that are essential to unlock your Keychain are present in your JEM AirKey only very briefly, and are never persisted. * Communications between JEM AirKey and other system components follow a strict protocol that ensures confidentiality and autheticity of message payloads. * JEM AirKey HD is designed to only run approved software signed by us. * JEM AirKeys HD are assembled in the US using globally sourced components and we apply strict access controls to ensure the security of our firmware, keys and other sensitive material. ## JEM AirKey SD (aka "softJEM") on User Devices JEM AirKey SD are versions of JEM AirKey that "live" on your supported User Device. By their nature and design, User Devices are based on large and complex operating systems, are meant to run multiple apps. End users also have the ability to configure, add or modify software on their User Devices to meet their preferences and needs. This circumstance naturally gives rise to risks that we do not encounter when we manufacture the hardware as well, as we do in JEM AirKey HD. We take a number of steps (in addition to those described above) to mitigate these risks to protect your data when you use JEM AirKey SD. For example: * JEM AirKey SD (aka "softJEM") on Android devices requires Class 3 or "strong" biometric implementation on devices. Class 3 Biometric implementations on Android devices represent the highest level of security, based on detailed evaluation of architectural security and biometric security performance. * On iPhone, iPad and Mac (Apple Silicon) JEM AirKey SD uses Touch ID and Face ID. {% hint style="warning" %} Notwithstanding the mitigations described above, we believe JEM AirKey HD offers the strongest level of security while maintaining convenience and usability, especially for the most demanding use cases, e.g., protection of Keychain records that contain private keys associated with cryptocurrency wallets, API keys, server certificates and SSH keys. {% endhint %} {% hint style="info" %} JEMPass Keychain can contain records that can be unlocked by any type of JEM AirKey (SD or HD). You cal also designate certain (or all) records are especially sensitive "Level 2" records. These Level 2 records can only be decrypted by your JEM AirKey HD. {% endhint %} {% hint style="info" %} You can also configure your JEMPass Keychain such that all records in the Keychain are protected by JEM AirKey HD. This option may be usefully implemented an as organizational policy. Learn more about our solutions for organizations [here](https://www.jempass.com/for-organizations). {% endhint %} If you are would like to learn more about the JEMPass Security Model, please contact us with details about the nature of your questions, concern or interest and your organizational affiliation. We will evaluate your request and get back to you. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.jempass.com/reference-info/how-jempass-protects-you-against-device-loss-theft-or-compromise.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.