Technology

Absio offers a set of tools developers can use to protect application data throughout its life cycle—from creation to deletion, everywhere it exists—without having to manage keys, add hardware, increase latency or rely on a third-party service for access to data.

Absio technology is implemented through software development kits (SDKs) that developers with no data security experience can integrate into their new and existing software applications with a few lines of code.

 

 

Automate key management

Absio technology automatically generates, manages and exchanges keys for both PKI-based authentication and content encryption and decryption. Absio software generates a unique ID and private/public key pairs for each user for signing and derivation. Private keys are stored in an encrypted key file, and public keys are sent to a zero-knowledge server application for authentication and exchange. Absio’s Serverless Encryption technology automatically encrypts each data object with its own content key on the device running the application without calling a central key server. Data keys are then uniquely encrypted for each user who has access to the data.


Protect data at rest

Absio software encrypts any type of unstructured or semi-structured data (bit, file or stream) generated or processed by an application prior to being stored, each with its own unique keys for confidentiality and content validation. Encrypted data objects and content keys can be stored locally in an obfuscating file system to reduce network latency impacts and enable local content to be decrypted and encrypted while offline. Absio technology automatically obfuscates file names and types and randomizes the folder structure, enabling keys and content to be stored locally without putting data at risk. 

 

 

Secure data in transit

All data is individually encrypted prior to being transmitted and stored by a remote server or device. Encrypted content keys are further signed with the creator’s private keys to mitigate man-in-the-middle attacks. Encrypted data is transmitted via an encrypted TLS connection using one-time-use, signed, time-sensitive session tokens. Attempts to reuse tokens or use tampered-with tokens are rejected.


Share encrypted data inside or outside your network

Data content keys are uniquely encrypted for each user who has been given access to the data, allowing user-specific access and permissions to be added or revoked at any time without needing to re-encrypt the data object itself. Absio technology provides an automated public key infrastructure, and a portable (installable anywhere) server application for shared data and key backup, synchronization and exchange.

 

 

Associate important information with data

Absio technology can associate classification, audit history, policy and/or other metadata to content from any source, enabling software applications to consume this information anywhere the data exists. This enables applications to restrict who, how, where, and for how long decrypted content can be used, and process and update metadata without providing access to or decrypting content. The metadata can either be encrypted and bound to the data, or stored in a database for rapid identification and processing.


Absio Technology Benefits

 

Comprehensive data security

  • — Automatic public key infrastructure with zero-knowledge server application
  • — Object-level encryption and decryption without calling a central server
  • — Encrypted transmission with one-time-use session tokens
  • — User-specific data access and permissions
  •  

Easy to implement

  • — Simple API
  • — No keys to generate or manage
  • — No additional hardware required
  • — No cryptography expertise required

Flexible architecture

  • — Can be implemented selectively or incrementally over time
  • — Content and keys can be stored locally, on a remote server, or both
  • — Associate —metadata from existing information systems (e.g., classification, policies)

Complete control

  • — Enables applications to control individual data use and lifespan
  • — Can be configured as needed based on application requirements
  • — No need to trust or rely on a third-party service for data access