File encryption is a data protection technology set. Using it you can encrypt sensitive data, decrypt it in flight for all or just selected applications, and create a protected, sandboxed environment to work with decrypted data.
It is a hook-based non-driver file encryption technology that makes it easy to use and integrate into your software systems. The solution will not require admin rights or additional installation.
How it works
Selected data is encrypted and when there is an attempt to access an encrypted file technology creates a callback with information surrounding the application attempting to access the protected data. A master system can decide to route this application to the sandbox and begin a protected session (process sandboxing) or block access. Thus, when working within the protected sandbox session the user can be limited to a predefined set of authorized applications which are allowed to open protected data.
All decryption is performed in-flight, so any piece of sensitive, data related content is never stored on the disk in a decrypted format. All output files generated in the process sandbox are encrypted in flight (produced copies, temporary files, and clipboard).
The administrator can allow users to perform any operation with protected data within their protected sandbox sessions, or set a “read-only” option.
File encryption feature highlights:
- Default encryption already implemented in the solution is based on block cipher with 16 Kb blocks. A protected file has the same size as a not-protected file (no headers are added) that makes I/O operations with a file quicker. At the same time, custom encryption algorithms can be used.
- Our data encryption technology supports custom authorization and key management.
- This technology supports any types of data created by any type of application.
- An application can be allowed or forbidden to work with protected data for a user by signature.
- Sending via TCP/IP is blocked for protected sandbox sessions.
- Clipboard is encrypted for protected sandbox sessions.
- User can be limited to work only with the protected data stored on a flash drive to guarantee maximum environmental isolation.
- Exceptions, like a sudden flash drive plug out, are implemented with the maximum security in mind.
- Issues with sandbox applications attempting to access some non-protected auxiliary files (like license files or configurations) are resolved in implementation and configurable.
Want your developers to test our file encryption technology? Contact us for details and licensing schemes!