Tozny, a Portland, Oregon startup that wants to help companies integrate encryption more easily into programs and processes, today launched TozID. It is an identity and access control tool that can work independently or in conjunction with the company's other encryption tools.
“Basically, we have a Security as a Service platform that is designed to help developers and IT departments deepen their defense [combining] Centralized user management with an end-to-end encryption platform, ”said Tozny CEO and founder Isaac Potoczny-Jones told TechCrunch.
The company today introduces an identity and access solution, with the hope of reaching a broader customer base for businesses beyond the core audience of developers and the government.
Under the hood, TozID uses standard identity constructs such as single sign-on, SAML and OpenID and can be integrated into any existing identity framework. However, the key here is that it is based on encryption and uses zero knowledge identification. This allows a user (or application) to control information with a password while reducing the risk of data sharing because Tozny does not store or send passwords over the network.
In this tool, the password acts as an encryption key that allows users or applications to control access to data in great detail, and can only unlock information for people or applications they want to access.
As Potoczny-Jones emphasized, this can be as simple as one-to-one communication in an encrypted messaging app, but at the application level it can be more complex depending on the facility. "It's really powerful to let a user make this decision, but that's not the only use case. There are many different ways to allow who can access data, and this tool enforces these types of decisions with encryption," he explained.
Regardless of how this is implemented, the user never needs to understand encryption or even know that encryption is in play in the application. All you have to do is enter a password, as usual, and Tozny then treats the complex parts under the hood using standard open source encryption algorithms.
The company also has a data protection tool that is aimed at developers to integrate end-to-end encryption into applications, regardless of whether it is web, mobile, server, etc. Developers can use the Tozny SDK to add encryption to their applications without much encryption knowledge.
The company has existed since 2013 and has made no private investments. Instead, it has developed an encryption toolkit for government agencies, including NIST and DARPA, that acts as a funding mechanism.
"This is an open source client-side toolkit so people can check it for security – cryptographers like this – and it's a SaaS platform on the server side," he said. The latter is how the company makes money by selling the service.
“Our ultimate goal is to bring the type of cyber security that we have built for government agencies to the commercial market. So this is really our job to try to bring it to market as a threat landscape is moving the market up, ”he said.