An Encrypted Vue Application with Secure Identity Management

In this guide we’ll show you how use both TozID and TozStore to securely authenticate and store data using end-to-end encryption in a Vue based application. We’ll keep things simple and use the Vue CLI to bootstrap our application and only use the Tozny SDK as our other dependency. Once …

IoT Device and Key Management with End-to-End Encryption

Raspberry Pi is a very popular embedded platform. It can be used for both production smart devices and hobbyists for weekend experiments. It’s great for building innovative embedded systems. We’re doing security work in embedded devices and sensors for smart phones, but our work isn’t public, so we wanted to …

Privacy Fines for Marriott – Can End-to-End Encryption Help?

Regulators hit Marriott and British Airways with massive privacy fines. This is related to the relatively new privacy law known as GDPR, which requires increased security. You might be asking yourself, “What kind of security would have helped avoid these privacy fines?” End-to-end encryption? Better firewalls? Better coding? The damage: …

Cryptographic Access Control for True Policy Enforcement

Most of the systems we use today have some type of access control. This is enforced by software products based on a set of rules or policy, but increasingly, organizations are using cryptographic access control in addition to policy-based systems to truly enforce access control. This article is part of …

Encryption Core Concepts: Adding Crypto to your System

Are you developing an application that you think would benefit from encryption? Do you know it will save money in a data breach, but don’t know where to go from there? Encryption core concepts are not rocket science, but they rely on complex math and software life-cycle issues that make …

Strong Attackers: Planning for the Adversary

Organizations have spent a lot of time, effort, and money securing their perimeter and transport layers. This is a necessary first step, but insufficient as more needs to be done for data to be really secure from a strong attacker. The problem with an over reliance on perimeter and transport …

Encryption for Developers: A Guide to Add Security to your Code

As a developers, you’ve decided to encrypt your data, either because it’s a requirement that’s come down from management and customers, or just because it’s the right thing to do. If you’re like many developers, you’ve done some preliminary research into the encryption tools available for your language or platform …

Key Management Should Be Designed First Not Last

Many good conversations about cryptography have ended badly after someone asks this: “How are you managing your keys?” Bad key management undermines even the best cryptography. Why? Because if the bad guy gets the key and the encrypted data, they get the unencrypted data. It’s as simple as that. There …