Project DetailsVezi galerie foto
UNLOQ KMS is an encryption key management system that enables organizations to apply the Atomic Seal concept onto their systems. The system allows a company to manage billions of keys, basically one for each field in their database. Thus, an existing database can become a bunch of cypher text with no meaning unless you get access to the keys.
UNLOQ KMS has four core components that govern how access to data is granted: Permissions, Policies, Key management and Audit trail.
The Permissions sub-system allows companies to define granular permissions to the encryption keys around two main concepts: identities and resources. An identity can be any user, application or thing.
We use Policies to verify and restrict access to the encryption keys to authorized devices
Basically, permissions and policies define who and under what conditions is able to access a specific resource key.
The Key management system does two major things:
- Manages the issuance, rotation and protection of keys;
- Performs either the encryption / decryption or issues the temporary resource API key that, as we’ll see, is used to perform the call by the client.
The audit trail sub-system logs any attempt to retrieve an encryption key and the response to that request. In order to secure the audit system, we encrypt all payloads and offer a tagging system that can be used to filter or search. As in the case of permissions, we sign any log entry and we chain logs by including in the signature the previous log signature. As a result, removing logs from the chain is not possible without braking the chain.
Technical specificationsVezi galerie foto
The solution is Software as a Service (SaaS). It doesn’t require any equipment from the client. However, it does require the involvement of the support team for the implementation and setup.
Impact in the smart city community
Enables organisations to issue encryption keys for a particular id-attribute combination. Ensures zero-knowledge at each individual level. Allows key rotation.
Data residency concerns are a thing of the past. Get closer to becoming PCI, HIPAA and GDPR compliant.
Audit system for actions on both the KMS and third party applications.
Detailed level of granularity that allows system control and setup of policies and permissions, device and application certificates
Move data to affordable cloud storage. Focus IT resources on one system, thereby reducing complexity and enabling consolidation.
Time to market
Easy to integrate into existing solutions. Allows phased deployment.