Analyze * Anticipate * Accelerate
Home * Consulting * Projects * Technologies

Crypt4: Full-Time Security for Networked Application Data

logoCrypt4, from MIB SOFTWARE, provides full-time data security to web and desktop applications by encrypting data at its origin and decrypting at its destination. Data remains encrypted at all intermediate network points: during transmission and when resting at WWW servers, content delivery networks, and intermediate cache servers.
bulletCrypt4 goes beyond the "part-time" protection provided by HTTPS/SSL. When data is "at rest" (in storage on servers, waiting for requests) and HTTPS/SSL is not protecting it, crypt4 is still effective. Crypt4 provides security in the face of several attacks where HTTPS/SSL can fail, such as temporary server write access (trojaning), DNS spoofing, and any Man-in-the-middle attacks with proxies or forged SSL certificates. Even in the case that an attacker manages to thwart access control at a server (i.e. a data breach), the crypt4 encrypted data remains private, safely out of the reach of anyone who does not have the decryption key.

bulletCrypt4's strong security rests on the secrecy and length of keys, not the secrecy of the underlying algorithms (which are PBKDF1, HMAC-SHA1, and ARC4.) Redistribution of crypt4 is controlled by the Export Administration Regulations (EAR) of the U.S.A.

bulletCrypt4 will encrypt any file (binary or text) adding a descriptive, human-readable header to the base64, arc-4 encrypted body. The plain text header contains your copyright notice and anti-circumvention warnings, and the text format enables easy inspection and confirmation that the data was encrypted and digitally signed with crypt4. Other cryptographic formats do not provide these benefits. With proper use, crypt4 is a "technological protection measure" against unauthorized access and copying as defined by Digital Millennium Copyright Act of the U.S.A.

bulletCrypt4 is fast and efficient on the web and on the desktop. On the desktop, a helper application handles data transfer and security. It contacts a publishing server over HTTPs, verifies SSL credentials, and uses digitally signed file manifests to compare against existing files. It conserves bandwidth and downloads only what has changed, and maintains files on disk in crypt4 format, decrypting only for trusted applications.

WWW browsers present extreme challenges to the design of secure systems. In advance of the new WebCrypto standard API, crypt4 is cross-browser capable, now. The crypt4 format is very efficiently decrypted in javascript. With decryption and signature validation in javascript at 12MB/second, crypt4 is fast enough to be used for all data on page, including scripts and images.

Crypt4 is exclusively available for licensing to the consulting clients of MIB SOFTWARE. Contact us to discuss the benefits Crypt4 can provide to your application.

Founded in 1993 and incorporated in 2012, MIB SOFTWARE, INC. provides software development and consulting. The two founders each have engineering degrees from Carnegie Mellon and over 20 years of experience in engineering, manufacturing, and systems.

Founded 1993    —    Incorporated 2012
Saylorsburg, Monroe County, Pennsylvania
Voice: 570-992-8824 — E-mail
Copyright © 2012-2014 MIB SOFTWARE, INC