SecureFileAccess – Data / File Encryption SDK with Process Sandboxing
Integrate enhanced file encryption into your software system with this non-driver lightweight software development kit!
SecureFileAccess is a data protection software development kit. Using it you can encrypt sensitive data, decrypt it in flight for all or just selected applications, and create a protected, sandboxed environment to work with decrypted data.
SecureFileAccess is a hook-based non-driver file encryption SDK that makes it easy to use and integrate into your software systems. The solution will not require admin rights or additional installation.
On-the-fly file encryption SDK: How It Works
Selected data is encrypted and when there is an attempt to access an encrypted file SDK creates a callback with information surrounding the application attempting to access the protected data. A master system can decide to route this application to the sandbox and begin a protected session (process sandboxing) or block access. Thus, when working within the protected sandbox session the user can be limited to a predefined set of authorized applications which are allowed to open protected data.
All decryption is performed in-flight, so any piece of sensitive, data related content is never stored on the disk in a decrypted format. All output files generated in the process sandbox are encrypted in flight (produced copies, temporary files, and clipboard).
The administrator can allow users to perform any operation with protected data within their protected sandbox sessions, or set a “read-only” option.
- Default encryption already implemented in the SDK is based on block cipher with 16 Kb blocks. A protected file has the same size as a not-protected file (no headers are added) that makes I/O operations with a file quicker. At the same time, custom encryption algorithms can be used.
- Our data encryption SDK supports custom authorization and key management.
- SecureFile Access supports any types of data created by any type of application.
- An application can be allowed or forbidden to work with protected data for a user by signature.
- Sending via TCP/IP is blocked for protected sandbox sessions.
- Clipboard is encrypted for protected sandbox sessions.
- User can be limited to work only with the protected data stored on a flash drive to guarantee maximum environmental isolation.
- Exceptions, like a sudden flash drive plug out, are implemented with the maximum security in mind.
- Issues with sandbox applications attempting to access some non-protected auxiliary files (like license files or configurations) are resolved in implementation and configurable.
Want your developers to test our non-driver encryption SDK? Contact us for details and licensing schemes!