Policy-Driven Cryptography

  • Product
  • Capabilities
  • Policy-Driven Cryptography

The Cord3 Unity architecture is built on a Symmetric Key Infrastructure (SKI) that separates the data encryption layer from the policy management layer. This functional decoupling allows for granular, object-level security without binding security policies to public keys (as with PKI). Cord3’s SKI model also eliminates the administrative rigidity of traditional certificate-based encryption systems.

Policy Decoupling

Unity decouples the policy engine from the encrypted data. This provides distinct operational advantages:

  • Dynamic Governance: Access permissions can be modified or revoked in real time. Changes are applied at the point of access, meaning they are effective immediately across the enterprise.
  • Elimination of Re-encryption: Because policy is independent of the encryption layer, updating user rights or security classifications does not require the underlying data to be re-encrypted.

Cryptographic & Administrative Security

The move to a symmetric model provides structural resilience against internal and external threats:

  • Quantum Resistance: Symmetric encryption is resistant to the Shor’s Algorithm-based attacks that compromise asymmetric PKI systems and similar cryptographic keying system based on complex math.
  • Administrative Isolation: Key management is handled independently of the application environment. This ensures that system and network administrators cannot access the content of protected files, emails, or data streams.

Attribute-Based Access Control

The Cord3 Unity policy decision service provides context-aware security that adapts to the complexity of your data environment. Shifting from rigid roles to dynamic attributes ensures that access decisions remain flexible and contextual. Key Capabilities

  • Identity-Centric Security: Leverage the subject attributes of a requesting user or entity, Individually or when combined, a user's security attributes comprise a unique identity that distinguishes them from others
  • Granular Control: Define access based on the unique identity of the subject and the specific sensitivity labels of the data object.
  • Contextual Intelligence: Enforce security boundaries based on environmental factors, such as time of day, geographic location, or network security posture.
  • Scalable Security: Simplify policy management by creating universal rules that apply across your entire data landscape, regardless of user volume.

The KeyFrame Model

KeyFrame is a unique Cord3 model, which automates the delivery and management of object-level keys throughout the data lifecycle. The KeyFrame can essentially generate an unlimited number of symmetric keys on demand, without the administrative burden of managing or tracking keys manually. In summary, the KeyFrame model provides:

  • Object-Level Keys: A unique symmetric key is generated for every individual data asset (file, email, or packet).
  • On-Demand Delivery: Keys are never stored with the data. They are retrieved from the secure Unity infrastructure only at the moment an authorized user requests access.
  • Tokenized Identity: Every data asset travels with a unique token. This token identifies the object to the KeyFrame infrastructure, allowing the key to be reconstructed when permitted by policy, but contains no cryptographic key material itself. This ensures the key itself never travels over the network or with the data. This ensures your data remains secure and renders it impervious to Harvest Now, Decrypt Later attacks.