Jamf Unlock Protocols and Security

Jamf Unlock leverages Apple's Mulitpeer Connectivity, CryptoTokenKit, and Core Bluetooth frameworks to perform wireless certificate-based authentication between a user's mobile device and their Mac.

Multipeer Connectivity

Jamf Unlock uses Apple's Multipeer Connectivity framework to communicate with nearby devices.

  • Jamf Unlock and Jamf Connect use WiFi to securely pair a device and Mac computer and exchange communication. All communication is encrypted.

  • When either device is disconnected from your local network but WiFi is still turned on, a peer-to-peer WiFi connection is used to continue communication between a paired mobile device and computer.

  • Jamf Unlock currently supports only 1:1 pairing between a device and computer.

CryptoTokenKit

Jamf Connect uses Apple's CryptoTokenKit framework to enable a Mac computer to complete secure authentication events, such as signing, decrypting and exchanging keys during an authentication request. Jamf Connect includes a driver component that completes this data exchange (similar to a physical smartcard) with paired devices. This driver is installed with the Jamf Connect PKG. All communication between Jamf Connect and Jamf Unlock is encrypted.

Core Bluetooth

Jamf Connect uses Apple's Core Bluetooth framework to broadcast authentication requests to paired devices and send notifications.

If the Jamf Unlock app is not open or the mobile device is locked when an authentication request is sent from a paired computer, a beacon notification is pushed to the device using Bluetooth to prompt the user to complete the request.