With IronCore, private keys stay on client devices. Servers never see decrypted private keys. Equally important, private keys are never shared with other devices, users or servers.
Encryption and decryption happen only at the point of use, on client devices like laptops and mobile phones. Data is locked through its full lifecycle: in-transit, at-rest and at every stage in-between including in-memory on the server.
IronCore uses the more difficult to manage, but more secure public key approach.
Also called symmetric key cryptography, many commercial products today use shared secret cryptography. The same key used to lock the data is also used to unlock it, which is fine when the data never leaves your possession, but terrible when sharing data. Most of the time, the problems are at best moved from one server or application to another.
Also called asymmetric encryption, with public key cryptography, every participant in the system has their own unique public/private key pair. For some IronCore products, each participant will have a key pair per device. This allows data to be encrypted such that only that participant or device can decrypt it.
IronCore uses standards-based encryption algorithms that have been widely scrutinized and are believed by experts to be safe. In particular, IronCore relies on these:
Elliptic curve 25519 for key exchange and public/private key pairs.
Salsa20 for fast encryption of streams of data.
Poly1305 for validating the source integrity and identity of the author.
IronCore is experimenting with post-quantum crypto for future versions of its software.
SDKs available for Android phone and mobile devices.
SDKs available for iPhone and iPad.
C code and RESTful APIs allow integration from any Internet connected device.
* Coming soon. See products section for details on IronSDK.
Unlimited group sizes, unlimited numbers of records and the ability to easily remove users from groups without performance impact. In short, IronCore's tech is game changing for public key encryption in the enterprise, at scale and with big data.
Stolen phones, employees who leave the company and other events bring us to the issue of removing granted access. IronCore has built access revocation in such that revoking access is painless.
No more silos. Control data even as it gets shared outside of your company. Revoke access at will. No more spreadsheets being cast off via email.
No matter who accesses your servers, you can verify who can decrypt and read the contents of files. Provided your adversary hasn't broken the strong encryption algorithms, you can be assured that no one else has access to the data.