How It Works
The Data Control Platform contains features that enable support for numerous use cases. The following topics provide a deep dive into the technology and algorithms that are used within the platform.
The data control platform uses a concept of orthogonal access control to control who can access what data. This is made possible by what academics often call Proxy Re-encryption, but what we usually refer to as transform encryption. This enables a person to encrypt to a group and delegate decryption right to users of the group. Users can then be added and removed at any time without having to touch the already encrypted data.
JSON Web Tokens
The IronCore Data Control Platform does not perform authentication and authorization; instead, it relies on the consuming application to perform those functions. The Data Control Platform does associate a cryptographic identity with an authenticated user; it requires the consuming application to supply a mechanism to generate a user identity assertion for the authenticated user in order to make that association. This mechanism is provided to the Data Control Platform SDKs to use when necessary.
Policy Driven Data Control
Policy driven data control allows you to manage who should have access to data based on the type of the data. Policies take the requirement of knowing who should have access to decrypt certain data out of developers’ hands and makes it automatic based on the type of data being encrypted.
Encrypted data becomes much less usable and insecure if it has to be decrypted in order to search over it. Encrypted search is a phrase that is usually shorthand for the process of searching encrypted data for items that match a query string, without actually decrypting the data first. The Data Control Platform has support for generating a blind index search of your encrypted data.
Was this page helpful?