Tanker Security

Tamper-proof architecture


Your data is yours, focus on your business

Tanker introduces privacy and integrity to your files without interfering with the features that make cloud sharing so useful.

By giving you full control over the confidentiality, authenticity and integrity of your files, Tanker lets you benefit from public cloud infrastructure and performance without the usual tax on privacy and chain of trust.

Because Tanker focuses on encryption, it simply plugs into your current favorite cloud solution and adds that missing security feature you need to secure your business data:

  • Full end-to-end encryption using elliptic curves
  • Decentralized data ownership
  • Automatic key sharing and management
  • full chain of authenticity over all data transactions
  • Administrator user management console

Smart end-to-end encryption

Works seamlessly with cloud solutions you already use

Our Tanker drive ensures full compatibility with your day-to-day tools and transparent cryptographic operations, so that your files always remain encrypted on your devices. Our app works behind the scenes to encrypt your data before it leaves your device.
see the technical FAQ for more details.

Tanker guarantees full confidentiality and integrity by encrypting data stored on your cloud provider: only you have the keys to unlock your files, so that even your provider can’t access them. We can’t access them either — leaving full control within the hands of your company.

All files are end-to-end encrypted within your organization, and Tanker’s innovative Verifiable Data Structure approach allows administrators to obtain a full chain of authenticity over all data transactions.

Decentralized data ownership: The organization itself holds encryption keys and users request/validate encryption operations using their unique set of signing keys signatures.

To sum up, the only thing we hold are: encrypted document keys we can’t decrypt and public keys we can’t alter.

Seamless key

Own your encryption key = own your data

Each employee has his own local private key, never transmitted on the internet. Tanker’s design delegates file confidentiality on a per-enterprise basis, while treating team members each as possessing a long-term cryptographic identity that can be used to request, assert and validate file transactions, the log of which is then publicly verifiable with solid proofs of correctness and authenticity.

Tanker uses the Cloud provider’s API in order to detect if an encrypted document is supposed to be shared.

In this case, Tanker client requests the Tanker infrastructure in order to match a Cloud provider user id with a Tanker account and retrieve associated public keys.

The sharing process is fully automatic without any manual operation from the user

Verifiable transaction history

Verifiable chain of accountability

Tanker uses transparent data structures to allow the public auditing of the integrity of all user information.

Any file operation on Tanker is validated by a cryptographic signature from the team members involved.

Each Tanker instance publishes a block chain that allows for an independently verifiable chain of authenticity for the history of every file sent and received on your team’s cloud.

Open design & open source based

The more you know, the more you trust

Not everyone is an expert in cyber security and cryptography. Some of you will simply trust us, others will want to know more. Tanker uses the Open-Source (simplified-BSD) cryptographic library Botan for all its low level operations.

If you want to go deeper into Tanker and understand how everything works just request a demo and we will get in touch with you.

This documentation is regularly updated: if you think an important point is missing, just ask!