End-to-end data control
SDK and cloud service
ADD PRIVACY AND SECURITY TO YOUR APP
A simple developer experience gets you to market faster, reduces your technical debt and helps you focus on writing the code that matters.
Multi-tenant architectures are supported with project and segment containers.
Cloud secure by design. There is no need for you to support a physical or virtual appliance for your application – stop the on-prem and hybrid madness.
Key recovery has low administrative friction, and even catastrophic scenarios such as master domain key loss have well-designed recovery procedures.
There are no limitations on the number of users, files, documents or groups. All services scale horizontally.
No CMK Server
Customer control by design. There is no need for your customer to host a Customer Managed Key (CMK) server or Hardware Security Module (HSM).
IronCore can host services or deploy in your own environment with enterprise options.
An optional storage service provides an encrypted NoSQL key value store for basic cases such as a PII vault.
All use cases are extensively documented with examples, architectural patterns and guidance for iterative roadmaps.
Rather than asking a customer to trust you with their data, you let them own it and they retain full control at all times.
The first commercialization of proxy re-encryption (PRE), which converts ciphertexts for one private key into ciphertexts for another, without decrypting the underlying data (yes, it’s magic).
IronCore services never see private keys and cannot decrypt data.
Public Key Crypto
Privacy and security are mathematically provable using public key cryptography where every user has their own keys. Even a hacked application cannot see all the data.
Users and data owners don’t need to know about encryption or keys because the security is built into their applications, which seamlessly handle the details under the hood.
Unidirectional, non-interactive, non-transitive, multi-hop and collusion safe.
Unlock data only at the point of use.
Data is owner-controlled even when stored with third parties or offline.
Provable Access Control
Control access by class of data or by role-based group. Cryptographically backed and mathematically provable.
Record all privacy and security events with digitally signed directives in a tamper-evident log.
Revoke users, groups, services or devices at any time without touching the underlying data.
Authorize multiple desktop, mobile, web clients and back end cloud services. Quickly disable lost or stolen devices.
Share sensitive data within an organization and with external systems, data centers, customers and partners.
Right to Be Forgotten
Turnkey and instant erasure for all protected data via crypto-shredding
Right to Disclosure
Pinpoint access to personal data and allow incorrect data to be fixed.
Meet data locality restrictions for sovereign citizens, reducing operational complexity and lowering costs.
Key management, rotation, encryption, sharing, and permissions are handled automatically. Changing access and rotating keys are constant time operations.
Third party audits, compliance certifications, contractual agreements, math proofs, bug bounties and ongoing diligence from the crypto community.
Maintain records of every access and update of data, users, groups and permissions in tamper-evident, immutable logs.
Reduced Reputational Risks
Notifications are not required if a breach exposes only encrypted data and not keys, protecting customers and your brand.