top of page

ENCRYPTION & EMPSECURE

PKI (or Public Key Infrastructure) is the framework of encryption and cybersecurity that protects communications between the server (your website) and the client (the users). It works by using two different cryptographic keys: a public key and a private key.

​

EMPSecure, an encrypted folder sharing application created by Orex Research, is built around PKI technology for secure sharing of keys and data, with unique proprietary additions.

EMPSECURE SHARED ENCRYPTION

EMPSecure Logo Only.jpg

PRIVATE CLOUD
STORAGE

User Interface

EMPYREAN
SECURITY.NET

Empyrean Website.jpg

AUGMENTED PKI  /  DRONES  /  CLOUD SECURITY  /  SECURE COMMUNICATIONS  /  ENCRYPTION & EMPSECURE

1 - EMPSECURE

EMPSECURE:
PROPRIETARY SHARED ENCRYPTION

Overview

The concept behind EMPSecure is simple: 

 

You have a folder in your cloud provider which you want to share securely with other users. You choose Encrypt.  Then you share it just like you normally would using the cloud providers folder sharing mechanism. Behind the scenes, EMPSecure smoothly adjusts the encryption so that only the users you have shared it with can read it, and automatically transfers the necessary key data to those other users in such a way that no one, not even the owners of the cloud provider, can get access.

 

Whilst this may appear simple, it is surprisingly complex to do without compromising the keys or data. Most cloud-provider encryption systems are designed in such a way so that the owner of the cloud has access to everything uploaded to it. Many only encrypt the files when they are on the server, and upload or download them encrypted by nothing more than a standard web SSL connection. With EMPSecure, the files are encrypted on the user’s own machine, and the cloud provider never sees enough of the key data to be able to break the encryption.

 

EMPSecure was initially created as a security add-on for Dropbox, but was designed to allow easy adaptation to other cloud providers, the provider-specific code is abstracted out to a single component which can be easily redeveloped to talk to a different cloud system. The core code is cross-platform and has been adapted to multiple desktop platforms, with mobile versions partway through development.

How EMPSecure Works

At a high level, this is how EMPSecure handles encrypted file sharing:

EMPSecure_01.jpg

  1. The EMPSecure client makes a user’s encrypted files available to them.
     

  2. The user’s public-key certificate is uploaded to the EMPSecure server, a separate server from the cloud provider, which is administered by Orex. It is possible, and may be desirable, for an organisation to set up their own local instance of the server for strictly in-house sharing.
     

  3. If another user (B) shares a folder with the first user (A), User B’s copy of the EMPSecure client detects the sharing changes from the cloud provider. It identifies User A, retrieves User A’s certificate from the EMPSecure server, and adjusts the folder encryption so that the files are readable by both User A’s private key and User B’s.

 

While technically complex to execute, this is a well-tested industry-standard approach. However, it is further necessary to adjust that encryption for multiple users, and for only those users.

End User Managed Security. Powerful. Easy.

EMPSecure Differentiation

EMPSecure differentiates in many ways from other secure-sharing facilities with unique features including:
 

  1. No back door. In many cloud-storage-encryption situations, the encryption keys are controlled by the cloud provider. The provider has access to all your files. Dropbox, in particular, has been known to hand over encrypted files to the authorities. With EMPSecure, neither the cloud provider nor EMPSecure’s own server is capable of reconstructing the keys, and the complete keys never leave the user’s own machine(s).
     

  2. Simplicity. The user does not need to do anything different to share encrypted files from non-encrypted ones. Encrypting or removing encryption from a folder is a simple right-click command. The learning curve is minimal. If users know how to use their cloud provider, they already have all the necessary skills and concepts to use EMPSecure.
     

  3. Seamless folder sharing and key sharing. Whether a user is sharing a folder with cloud users, or transplanting their own encryption keys to another machine, EMPSecure makes it happen with no additional (user) steps.
     

  4. Folder-level access security. By default, all the user’s folders are accessible when EMPSecure is running. For extra security on specific folders, the EMPSecure client allows the user to close a particular folder, so that its files will not be decrypted masking them and their contents. To gain access to the files the user must enter their EMPSecure password to reopen the folder. This allows EMPSecure to run automatically on startup with an automatic login which provides access to some folders, but not all.

Easily Protect & Securely Share Your Data

Made for Dropbox

EMPSecure is specifically designed for and is tightly integrated with Dropbox. It provides a simple and effective security solution for end users who are managing data using Dropbox.

High Security Encryption

EMPSecure uses state-of-the-art PKI encryption and provides increased levels of confidence in data security to end users. EMPSecure employs AES / SHA 256 Data Encryption and Cryptography, the same that was developed and is used by the NSA (National Security Agency).

EMPSecure uses the sharing functions built into Dropbox so you can seamlessly share encrypted data with other users. You can obtain a Sharing License Subscription for only $10 per year (or $1 per month).

Secure Sharing

2 - Private Cloud

PRIVATE CLOUD STORAGE

Description

Orex has its own Private cloud software. It requires minimal hardware infrastructure to establish and is both scalable and extensible. Further, Orex has experience in setting up opensource private cloud storage on a secure intranet and has been experimenting with ways in which such a cloud provider can be more closely integrated with EMPSecure.

Private Cloud Features

By customising and extending its own offering and well-established open-source products like OwnCloud, it is possible to design and build cloud storage systems which are:
 

  1. Private. Only allowing accounts to be created for users with a verified greenoasishomes.com email address
     

  2. Secure.  Allowing authenticated connections from anywhere, or only from restricted locations, or requiring the use of a hardware token rather than just a login password
     

  3. Distributed. Using clustering technology for backup/replication and performance
     

  4. Scalable. Capable of adding additional instances to support higher loads
     

  5. Cost Effective. Requiring minimal initial hardware with a virtualised environment.

EMPSecure and Private Cloud

Depending on preferred use cases, there are a number of ways in which such a private cloud can be integrated with EMPSecure. For example, the users can be directly linked on the server side, while it’s not possible to enforce that only established EMPSecure users can log in[1], it is possible to verify their identity after EMPSecure keys have been created. For example, a step can be added to the cloud server authentication process where it checks the EMPSecure server. If there is a certificate available for this user, the server requests a digital signature through a browser plugin, has the client’s machine automatically sign it with their EMPSecure keys, and verifies that signature against the certificate[2].

 

Also, the EMPSecure browser-plugin solution[3], used to handle encrypted files locally without a virtual drive, can be integrated directly with the cloud website, rather than being hosted separately on the EMPSecure site.

 

In general, EMPSecure and Orex’s cloud solutions are designed to be hosted separately, to maintain the separation which protects the user’s encrypted key storage. Specifically, if one system is compromised, the other is not in the physical or technical vicinity. Regardless, it is possible for the systems to be co-located and share database resources.

 

[1] Because users have to be already logged in to the cloud to create their EMPSecure keys.

[2] This would enforce that the user can only log in to the cloud on devices where EMPSecure is installed, which may or may not be desirable, however, it prevents situations where the user logs in with the wrong cloud account.

[3] Currently in development.

OREX RESEARCH

ALL RIGHTS RESERVED © 2024  Orex Research Pty Ltd • ABN 97  058  065  035

bottom of page