Technology

Processes and Keys

Lockbox provides the end-user with a very simple process to register, manage users and share content in a Lockbox private workspace. Hidden behind the user interface is some very powerful key management and cryptographic functions to ensure the highest levels of privacy and confidentiality.

Lockbox basic workflow

Registration

When a user registers with Lockbox, they create their own cryptographic keys as follows:

Their email address is validated. This gives each user a unique identifier in the Lockbox system.
A set of local key pairs are generated that will be used for signing, encryption, communications, email and certificate management. The public keys are signed by Lockbox and returned as corresponding X.509 certificates.
A local keystore is created and the private keys and certificates stored in it. The keystore is protected (encrypted) using a user defined passphrase.
A personal Lockbox is created to store other keys, such as workspace keys or certificates from other users.

Login

When a user "logs in" they unlock their keystore and strongly authenticate with Lockbox using their communications key and certificate to establish a mutual (client-authenticated) SSL session with Lockbox.

Note that the passphrase is local and never transmitted to Lockbox. (If credential backup is used then a derivative of the passphrase is used.)

Workspace Creation

A user may create a Lockbox private workspace by locally creating a (symmetric) workspace key. The workspace key is encrypted using the owners certificate and stored in their personal Lockbox for the next time they login.

Invitations

A workspace owner can enable another person to access their workspace by providing them with their workspace key.

If this is the first time that an owner has invited a user to a Lockbox private workspace then a two factor invitation process is used. In this case, the owner and new user exchange their public encryption certificates.
Once a relationship has been established, the owner can safely send an encrypted workspace key to that new user by using that user's public certificate.

Sharing

When a user uploads a document (or file), the following takes place:

The document is digitally signed using that user's signing key and compressed
The document is encrypted using a locally generated random document key
The document is uploaded to the Lockbox repository as an encrypted "blob".
The document key is encrypted with the workspace key and also uploaded to Lockbox as an encrypted "blob"

If another user downloads a document, they would do the reverse:

Download the encrypted document and encrypted document key
Decrypt the document key using the workspace key and decrypt the document using the decrypted document key
Decompress and optionally check the digital signature on the document
View and/or store the document locally

Technology Platform « (Technology) » Security Functions

Home | Contact Us | Reseller Inquiries

Customer Login Contact Sales

Home | Contact Us| Legal Notices| Reseller Inquiries

Lockbox - totally private workspaces and customer portals for secure file sharing, private cloud storage and document collaboration.