Secure Storage
Existing cloud storage providers do not provide a true end-to-end encryption. Files can be stored in an encrypted form, but to share an encrypted file with a recipient, the file needs to be decrypted and encrypted once again, using a key that is known to the recipient. This means the cloud storage provider needs to store the encryption keys in a database, which makes encrypted files prone to hacking. Another issue is that cloud storage providers rely on traditional login-name/password to authenticate users. This is not secure since password hacking is the source of most vulnerabilities on the Internet.
Cynorix possess all the technologies, including Cynorix authentication, quantum-safe key generation, secure key sharing and distributed key maintenance, that are components required to create a super safe and easy to use storage service. Integration of these complementary technologies can offer three different encryptions (on top of what is offered by the standard Internet technology): The file to be securely saved is first protected by a first level encryption for storage for which the key is known only to the file owner. This first level key is not stored, nor transmitted. It never leaves user’s trusted device. Upon applying this first level encryption, the file can be stored either on the owner’s local storage or be sent out to be stored in the cloud. The Internet path for sending the file is encrypted using Cynorix quantum-safe key. Note that this layer of encryption is additional to the encryption automatically used for communications over the internet in the existing Transport Layer Security (TLS). Finally, upon receiving the file at the cloud server, the file is encrypted once more and the corresponding key is stored using Cynorix distributed key maintenance technology. The net outcome is that the encrypted file can be decrypted only by its rightful owner within his/her trusted device(s), while Cynorix technologies for authentication and secure transmission guarantee that the owner is properly authenticated, and the Internet path over which the encrypted file will be transmitted is immune to hacking.