At enrollment the app splits the TOTP seed into a customer share, encrypted to enclave then enterprise keys, and a cloud share encrypted under AWS KMS, decryptable only by an enclave with a valid PCR set.
When a policy is satisfied, the customer share is decrypted and posted; the enclave fetches and decrypts both shares and reconstructs the seed.
The enclave computes RFC 6238 codes covering the approved window, accounting for clock drift, in chunks of at most 24 hours.
Each chunk is encrypted to the requestor’s device key with single shot ECIES and AEAD. The associated data binds the ciphertext to the enterprise, user, device, resource, request, and window.
Chunks land in S3 under a structured key scheme with object expiry; the access service hands the client presigned URLs.
The device fetches, decrypts locally, and displays codes with a live countdown. Expired chunks vanish from S3 and the device; the seed material in the enclave is destroyed after generation.
Enterprise, user, and device keypairs (NIST P 256, single shot ECIES) with layered wrapping: enterprise key wraps shares, user key unwraps chunks, device key unwraps the user key.
Reuses the Bunker enclave architecture with KMS gating. The sole trusted execution environment for seed reconstruction.
Stateless S3 delivery of encrypted chunks via presigned URLs, self cleaning through object expiry.
Associated data ties every ciphertext to its session, device, and policy, so chunks cannot be replayed elsewhere.
Orchestrates the flow without ever touching plaintext: policy checks, enclave coordination, URL generation.
Castle cannot access customer seeds: servers and operators are never in the trust path, and only an attested enclave can reconstruct.
A compromised distribution layer leaks only ciphertext bound to specific devices and windows.
The layered wrapping supports device revocation and role changes with minimal recomputation and no seed re enrollment.
Codes are the only artifact that leaves the enclave, and they expire on a fixed clock. The blast radius of any single leak is one account for one window.
Walk through the trust model, policy design, and rollout with our security and solutions team.