An Encrypted Vue Application with Secure Identity Management

In this guide we’ll show you how use both TozID and TozStore to securely authenticate and store data using end-to-end encryption in a Vue based application. We’ll keep things simple and use the Vue CLI to bootstrap our application and only use the Tozny SDK as our other dependency. Once …

Encryption for Defense

Depth in Native and Browser Apps Isaac Potoczny-Jones, Tozny’s CEO, will be speaking at the QCon San Francisco convention November 13th, 2019. QCon is a convention showcasing use cases of some of the most cutting edge developments in software engineering. Isaac will be presenting a talk titled, Encryption for Defense …

IoT Device and Key Management with End-to-End Encryption

Raspberry Pi is a very popular embedded platform. It can be used for both production smart devices and hobbyists for weekend experiments. It’s great for building innovative embedded systems. We’re doing security work in embedded devices and sensors for smart phones, but our work isn’t public, so we wanted to …

Managing Public and Private Datasets in Smart Cities

Come see us at the #GCTC Global Tech Jam in Portland Sept 11, 2019 at 3:00 for the panel discussion “Building an Open Smart City Platform.” Download the Paper: Published in ACM SCC 2019 by Isaac Potoczny-Jones, Erin Kenneally, and John Ruffing. The Global Tech Jam is an annual conference …

Privacy Fines for Marriott – Can End-to-End Encryption Help?

Regulators hit Marriott and British Airways with massive privacy fines. This is related to the relatively new privacy law known as GDPR, which requires increased security. You might be asking yourself, “What kind of security would have helped avoid these privacy fines?” End-to-end encryption? Better firewalls? Better coding? The damage: …

Cryptographic Access Control for True Policy Enforcement

Most of the systems we use today have some type of access control. This is enforced by software products based on a set of rules or policy, but increasingly, organizations are using cryptographic access control in addition to policy-based systems to truly enforce access control. This article is part of …

Encryption Core Concepts: Adding Crypto to your System

Are you developing an application that you think would benefit from encryption? Do you know it will save money in a data breach, but don’t know where to go from there? Encryption core concepts are not rocket science, but they rely on complex math and software life-cycle issues that make …

Strong Attackers: Planning for the Adversary

Organizations have spent a lot of time, effort, and money securing their perimeter and transport layers. This is a necessary first step, but insufficient as more needs to be done for data to be really secure from a strong attacker. The problem with an over reliance on perimeter and transport …