Tozny introduces encrypted identification software as a part of safety service platform
Tozny, a Portland, Oregon startup that desires to assist firms extra simply incorporate encryption into packages and processes, launched TozID at the moment. It’s an identification and entry management software that may work independently or along with the corporate’s different encryption instruments.
“Basically we have a Security as a Service platform, and it’s designed to help developers and IT departments add defense in depth by [combining] centralized user management with an end-to-end encryption platform,” Tozny CEO and founder Isaac Potoczny-Jones advised TechCrunch.
The corporate is introducing an identification and entry resolution at the moment with the hope of transferring past its core developer and authorities viewers to a broader enterprise buyer base.
Underneath the hood, TozID makes use of requirements identification constructs like single sign-on, SAML and OpenID, and it might probably plug into any current identification framework, however the important thing right here is that it’s encryption-based and makes use of Zero Knowledge identification. This enables a person (or software) to regulate info with a password whereas decreasing the chance of sharing knowledge as a result of Tozny doesn’t retailer passwords or ship them over the community.
On this software, the password acts because the encryption key, which permits customers or functions to regulate entry to knowledge in a really granular manner, solely unlocking info for folks or functions they need to have the ability to entry that info.
As Potoczny-Jones identified, this may be so simple as one-to-one communication in an encrypted messaging app, however it may be extra complicated on the software layer relying on the way it’s arrange. “It’s really powerful to have a user make that decision, but that’s not the only use case. There are many different ways to enable who gets access to data, and this tool enforces those kinds of decisions with encryption,” he defined.
No matter how that is applied, the person by no means has to know encryption and even know that encryption is in play within the software. All they should do is enter a password as they all the time have, after which Tozny offers with the complicated elements beneath the hood utilizing normal open supply encryption algorithms.
The corporate additionally has an information privateness software geared in the direction of builders to construct in end-to-end encryption into functions, whether or not that’s internet, cell, server and so forth. Builders can use the Tozny SDK so as to add encryption to their functions with out plenty of encryption information.
The corporate has been round since 2013 and hasn’t taken any non-public funding. As an alternative, it has developed an encryption toolkit for presidency businesses, together with NIST and DARPA, that has acted as a funding mechanism.
“This is an open source toolkit on the client side, so that folks can vet it for security — cryptographers like that — and on the server side it’s a SaaS-type platform,” he stated. The latter is how the corporate makes cash, by promoting the service.
“Our goal really here is to bring the kind of cybersecurity that we’ve been building for government agencies into the commercial market, so this is really work on our side to try to, you might say, bring it down market as the threat landscape moves up market,” he stated.