Technology

Technology Platform

The Lockbox platform ensures total privacy using client-side processing, end-to-end encryption, strong credentials, and user-generated keys. This "end-to-end" capability allows truly private collaboration even between end-users who may be using systems behind firewalls and/or inside protected corporate networks.

Lockbox Security and Privacy Features

Important aspects of the Lockbox solution are listed below. Further explanation of these features are described in other pages in this Technology section.

Client Control	Keys	System
Content Client-side encryption Client generated, strong keys Client-side keystore Digital signatures Access Two-factor invitation process Strong credentials Instant revocation and de-provisioning Recovery Credential backup option Client workspace management Managed Service Provider options	Public/private keys and certificates (RSA 2048) SSL (RSA 1024) signing encryption certificate management email Symmetric keys (AES-256) documents workspaces communities Short-lived authorisation codes email verification invitations	Security Client software code signed No ability for administrators to override keys or encryption Self enforcing access controls Strong authentication Mutual (client authenticated) SSL Strict segregation and compartmentalisation Full certificate management (CMP, CRMF, OCSP) Administration Decentralised administration Full cryptographic standards support Redundant Tier 1 data centers Ongoing security assessments

Client Control

Keys

System

Content

Client-side encryption
Client generated, strong keys
Client-side keystore
Digital signatures

Access

Two-factor invitation process
Strong credentials
Instant revocation and de-provisioning

Recovery

Credential backup option
Client workspace management
Managed Service Provider options

Public/private keys and certificates (RSA 2048)

SSL (RSA 1024)
signing
encryption
certificate management
email

Symmetric keys (AES-256)

documents
workspaces
communities

Short-lived authorisation codes

email verification
invitations

Security

Client software code signed
No ability for administrators to override keys or encryption
Self enforcing access controls
Strong authentication
Mutual (client authenticated) SSL
Strict segregation and compartmentalisation
Full certificate management (CMP, CRMF, OCSP)

Administration

Decentralised administration
Full cryptographic standards support
Redundant Tier 1 data centers
Ongoing security assessments

A Platform for Cloud Privacy

The Lockbox platform has been engineered to enable Cloud Privacy, which may be considered an extra layer of protection above Cloud Security.

Most cloud storage providers rely exclusively on security. This is understandable, as having control suits their business models and helps with support e.g. being able to recover information or reset passwords. The end-user must "trust" that provider administrators do not access their information, even though they have the means to do so. For example, administrators have means to change passwords, override access controls, view log files, access keys to their encrypted storage, etc.

Most cloud storage providers say little about privacy. Instead, they trumpet their security but shy away from any related responsibility with EULAs (End User License Agreements) that specifically protect themselves in the case that their security is inadequate e.g. accidental, malicious or involuntary disclosure of user information regardless of circumstance.

The Lockbox platform, which enables end-to-end encryption, adds another layer of protection. The client-side privacy ensures that, even if there was a security failure (e.g. unauthorised hacking or access by administrators), the encrypted information stored in a Lockbox is still completely protected.

This extra level of assurance means that:

Private information can be stored in the "cloud" without the risk that third parties can access it
Confidential information can be shared exclusively with invited individuals without any other individuals (including administrators) having any possibility of accessing it. This is especially important where information is only disclosed under NDA (Non-Disclosure Agreements).
Sensitive information can be exchanged between businesses without the risk of competitors ever seeing or even knowing that such information is being exchanged.

Lockbox Differentiators

Lockbox technology is significantly different from other secure file sharing technologies in the following ways:

Total end-user (decentralised) control (rather than having all control server-side)
Significant removal of administrator risk (rather than relying on the complete lock-down a central system)
Strong (certificate-based) authentication (instead of using simple passwords)
Strong (symmetric key) authorisation (instead of relying on just access control lists)
Authenticity and Integrity (using digital signatures)

For further details, see Security Functions.

Privacy Enabled Applications

Lockbox ensures end-to-end privacy by encrypting everything client-side (so that the “cloud” only ever stores encrypted blobs). It also handles the difficult problems of strong security and key management. With these elements in place, the Lockbox platform is giving rise to a new wave of privacy based applications. For example:

Virtual electronic safety deposit boxes for banks
Extreme compartmentalisation for government (avoiding WikiLeaks type problems)
Micro collaboration for virtual worlds
Guaranteed delivery for virtual couriers
Write-only post-boxes for Virtual Post Offices

Privacy Approach « (Technology) » Processes and Keys

Home | Contact Us | Reseller Inquiries

Customer Login Contact Sales

Home | Contact Us| Legal Notices| Reseller Inquiries

Lockbox - totally private workspaces and customer portals for secure file sharing, private cloud storage and document collaboration.