How it Works / Data & Key Encryption

All data files remain encrypted at all times, including ones held locally on the device you are using. Information associated with the data file is also fully encrypted, including filenames, author, creation dates and even the location of where it was created

Data can never be considered secure if many people have access to your keys. The essence of total data security is to own and control your own encryption keys. Global Data Sentinel ensures “Zero-Knowledge” privacy by enforcing this through the unique architecture of the system. No one, without your express permission can access or view your information including Global Data Sentinel staff, or anyone with access to your private or public network.


Encryption keys reside with user to provide full control over data access

Unless you are the only one holding the keys to your data, encryption is meaningless. Our whole system is built entirely on the premise that you, and only you, have the keys to your data. Since your keys are never transmitted to Global Data Sentinel in their original form, this means that not even we can access or view your data.


Perfect Forward Secrecy (PFS) ensures data is individually encrypted

Every secured data resource, whether it is files or messages, has a unique encryption key, and is encrypted using advanced cryptography protocols. Using this type of encryption ensures that if one key is compromised, then only that single resource that was encrypted with it will be compromised, this is Perfect Forward Secrecy.

All keys are kept encrypted and control of them remains with the data owner. Access to each individual key is through a unique architecture, which imposes identification and authorization services to be invoked. A multi-level security protocol using large set public/private key pools ensures the ultimate in data protection.


Encrypted keys never travel with data

Even if your data is encrypted during transit or storage, many data security companies store your encryption keys along with your data. This means that anyone with access to the location of your data, will also have access to the keys, and therefore complete access to the data you thought was secure.

For this reason, GDS creates a data access authorization channel separate from the data movement channel. Because only the 256-bit keys are moved along that authorization channel, the total bandwidth utilization required by the GDS data control channel will always be a tiny fraction of the total bandwidth required by the data channel. Therefore, control and access channels for GDS protected data are guaranteed to exist – provided a data channel is in existence.