SDK / Licensing

Today, software manufacturers and Infrastructure/Platform/Software as a Service providers do not manage encryption in the most effective way. If they use classical encryption, and simply encrypt their customers' data within their software products, or at rest in their data centers, data might still be compromised. Classical encryption doesn't permit analysis over encrypted data--and information must be decrypted before it's analyzed.

 

However--the risk for data compromise is also increased when data is in plaintext, from insiders or external hackers. Numerous security breaches in fact were successful because data was in plaintext. Further, the keys for the encryption are often controlled by the vendor; and today, customers might prefer a Bring Your Own Key (BYOK) model, to influence their data's encryption, and better show regulatory adherence. 

OptimalCipher has invented a groundbreaking set of encryption methodologies that permit analysis of encrypted data without decryption, often with customer-controlled keys. Personalizing the user experience, examining debug logs, or aggregating data for marketing campaigns, can now be done over encrypted information. OptimalCipher has further made this capability available as an SDK--to permit straightforward, easy integration into third-party products and services.

 

Product and service providers would benefit from licensing OptimalCipher's encryption SDK. Benefits include:

  • Providers would face minimal risk from continually decrypting customer data to analyze it (if it's encrypted at all)--and deal with associated potential plaintext misuse. Data is fully processed in an encrypted state.

  • Third-party due diligence of the provider may be reduced, since the provider can show its customers it's doing encrypted data processing. For example, customers may reduce the classification levels of data sent to the vendor--as their data is now anonymized--, possibly requiring less validation of vendor security controls.

  • If relevant--processing times to satisfy application requests might be reduced, as computer cycles are not spent continually decrypting and re-encrypting data to process it, while simultaneously trying to keep the data protected. If the data is normally encrypted, for example, on disk in the vendor's data center, in its product, etc.--it may need to be decrypted and then re-encrypted (e.g. back to disk) after completing transaction processing.

  • The vendor can better comply with privacy and security regulations, since it is automatically encrypting customer data when first receiving it--and doesn't require a coordinated (and separate) encryption service to handle this.

  • Incorporating the technology could make the vendor seem more trustworthy, as it's introducing customer-controlled encryption. This is beyond simply BYOK, but an efficient layer of encryption services to protect customer data. And because the vendor's applications are, effectively, not impacted by such changes (and the SDK becomes the vendor's code), the customer sees the same benefits from the applications as before. The customer now benefits from the application, and gets strong security, making the vendor a stronger partner. 

Currently, OptimalCipher's SDK supports the following capabilities:

  • Analyzable encryption delivered seamlessly to customers, as the technology can be natively integrated into many software products and virtually all I/P/SAAS environments.

  • Provides cross-platform, end-to-end encryption, with customer-controlled keys.

  • C#/.Net/Javascript SDK.

  • Search capability and data access--by users, and the vendor's product, or it's backend--is based on granular policy.

  • Can enforce customer's data retention policies, if required.​

Other functionality, as well as supported development frameworks (e.g. Java), will be coming in the near future.