Privacy Approach

Privacy is more than just security. Privacy requires that the end-user can fully protect and control their information, particularly if it is sensitive or confidential. Lockbox addresses the "cloud privacy" problem by empowering end users to protect their information (using encryption) and control who has access to it (using keys).

Server-side vs Client-side

Most secure file-sharing services concentrate their functions server-side and resemble a secure website. In doing so, these services necessarily require great effort in terms of technology, processes and procedures to "lock-down" user information. Despite best efforts, this approach will always run the risk of "leaks" such as data breaches, accidental or malicious disclosure, secondary market resale or interference by system administrators who have means to override the system they look after e.g. passwords, access controls, encryption keys, network monitoring etc.

While most "cloud" services are pushing control and processing into the "cloud" (server-side), Lockbox is doing the opposite and empowering the end-user with the means to protect and control their information (client-side). The differences are broadly illustrated in the following diagram.

The Lockbox Approach

The Lockbox approach is to make use of client-side technologies, rather than just server-side processing. In essence, Lockbox is able to lock down the information itself (using encryption), rather than trying to completely lock down the system that “transports” and “stores” the information.

In the above diagram:

• End users protect their information using client-side encryption. This means that information stored or in transit in the "cloud" look like encrypted blobs, making it meaningless to administrators, hackers or any intermediate party.
• A Lockbox owner has complete control over who has access to a Lockbox by simply controlling who has keys to access their Lockbox. This control cannot be overridden or intercepted by administrators, hackers or any intermediate party.
• All data is digitally signed making it possible to independently confirm who entered data into a Lockbox and ensure that the information has not been tampered with.

Private File Sharing

The Lockbox approach is winning favour with customers who have been reluctant to "move to the cloud" because of concerns about privacy. Understandably, cloud computing introduces risks in that the cloud provider has mechanisms to override user controls and access user data.

This then leads to the notion of "private file sharing" which is an extended type of "secure file sharing". The difference is that private file sharing ensures that no intermediate third party can intercept or access user-data (similar to peer-to-peer networks) but always accessible regardless of whether communicating parties are online or not (similar to storage services).

Lockbox offers a unique privacy solution with the following advantages:

• Intuitive end-user experience – which hides all the complexities of the underlying key management, cryptography and strong security features.
• End-to-end privacy – Lockbox's client-side capabilities "lock down" the information itself (using encryption) and its access using (client distributed) keys. Which is in contrast to (nearly all) other solutions that completely rely on (server-side) system lock-down, access control lists (ACLs) and administrators.
• Reduced risk – Significantly reduced administrator risk as it is (as good as impossible) for any administrator, third party or hacker to do anything with the encrypted “blobs” stored in the “cloud”.
• Standards – We make use of best-in-class security features (strong credentials, encryption, digital signatures, mutual SSL etc) and follow all major Federal and cryptographic standards.