One of UNLOQ's key features is the provision of personal encryption keys either directly in the browser, or on the server-side. This means that you can store fully encrypted sensitive information about your users, and only decrypt it on-demand, when the user requests it or when a critical action is required. In any case, the user will receive a push notification on their device, telling them about the action and why you need their key.
One example would be a medical application that handles sensitive user data. Most of the time, the data is not used, therefore it can sit encrypted with the user's key, so that in the event of a server breach on your end, the data is safely encrypted. Ask for the encryption key only when you really need access to it, such as when a user logs in and wants to visualise this data, or when a 3rd party (member or service) requests it.
Another example would be our own sconfig.io service, which uses personal encryption keys to achieve zero-knowledge on the server-side. That means that all the data that is stored on the server is encrypted before being sent out, thus reaching the server in an encrypted state. This can be achieved by delivering the personal encryption key directly in the browser and allow the browser to encrypt all traffic to the server and decrypt the content from it.
In a permissive environment, you can set your UNLOQ application to request the personal encryption key on user login, and store it in the user's session. Therefore, whenever the user wants to make any kind of request to your application, you can just use the key in his session to decrypt and encrypt any kind of data. However, if you are to use this scenario, we recommend having the session duration set to a minimum and have the session data destroyed upon expiration.
In a more restrictive environment, you should set your UNLOQ application to retrieve the personal encryption key only on web SDK calls, so that it can be delivered directly in the browser. Once safely delivered in the browser, you can store it locally using localStorage and use it whenever you wish to encrypt data before sending it to the server.
In both cases, your users are required to either login with UNLOQ or use UNLOQ as their two-step verification.
Have a question? You can always send us an email at email@example.com, or contact us on chat.
For security related concerns, please visit our Security page.