Tozny, a Portland, Oregon startup that wishes to assist corporations extra simply incorporate encryption into packages and processes, launched TozID at the moment. It’s an identification and entry management software that may work independently or together with the corporate’s different encryption instruments.
“Basically we have a Security as a Service platform, and it’s designed to help developers and IT departments add defense in depth by [combining] centralized user management with an end-to-end encryption platform,” Tozny CEO and founder Isaac Potoczny-Jones informed TechCrunch.
The corporate is introducing an identification and entry answer at the moment with the hope of transferring past its core developer and authorities viewers to a broader enterprise buyer base.
Beneath the hood, TozID makes use of requirements identification constructs like single sign-on, SAML and OpenID, and it could actually plug into any present identification framework, however the important thing right here is that it’s encryption-based and makes use of Zero Data identification. This enables a consumer (or utility) to manage info with a password whereas decreasing the danger of sharing knowledge as a result of Tozny doesn’t retailer passwords or ship them over the community.
On this software, the password acts because the encryption key, which permits customers or functions to manage entry to knowledge in a really granular means, solely unlocking info for folks or functions they need to have the ability to entry that info.
As Potoczny-Jones identified, this may be so simple as one-to-one communication in an encrypted messaging app, however it may be extra advanced on the utility layer relying on the way it’s arrange. “It’s really powerful to have a user make that decision, but that’s not the only use case. There are many different ways to enable who gets access to data, and this tool enforces those kinds of decisions with encryption,” he defined.
No matter how that is carried out, the consumer by no means has to grasp encryption and even know that encryption is in play within the utility. All they should do is enter a password as they all the time have, after which Tozny offers with the advanced components below the hood utilizing commonplace open supply encryption algorithms.
The corporate additionally has an information privateness software geared in the direction of builders to construct in end-to-end encryption into functions, whether or not that’s net, cellular, server and so forth. Builders can use the Tozny SDK so as to add encryption to their functions with out a number of encryption data.
The corporate has been round since 2013 and hasn’t taken any non-public funding. As an alternative, it has developed an encryption toolkit for presidency businesses, together with NIST and DARPA, that has acted as a funding mechanism.
“This is an open source toolkit on the client side, so that folks can vet it for security — cryptographers like that — and on the server side it’s a SaaS-type platform,” he mentioned. The latter is how the corporate makes cash, by promoting the service.
“Our goal really here is to bring the kind of cybersecurity that we’ve been building for government agencies into the commercial market, so this is really work on our side to try to, you might say, bring it down market as the threat landscape moves up market,” he mentioned.