Ciphx

┌───────────────────────┐
C    I    P    H    X
│                       │
C    I    P    H    X
│                       │
C    I    P    H    X
│                       │
C    I    P    H    X
│                       │
C    I    P    H    X
└───────────────────────┘

Federated data exchange

Maximum security

Minimum friction

Introducing Ciphx Exchange

Exchange realtime events and massive data streams across organizations with precision access control, end-to-end encryption and a cryptographic audit trail for every byte.

Deploy or tear down a Ciphx Exchange in seconds.

Deploy an unlimited number of Exchanges with the Ciphx ACME API.

Ciphx Exchange
Ciphx Exchange
Authentication
Authentication
Protocol
Protocol
Context
Context
Access Policy
Access Policy
Trust Anchors
Trust Anchors
Billing
Billing
HTTP
HTTP
MQTT
MQTT
MQTT + Websocket
MQTT + Websocket
Mutual TLS
Mutual TLS
HTTP Header
HTTP Header

A Ciphx Exchange instance is a unique combination of:

Security-First Design

A Ciphx Exchange implements the most relentless, warrior-grade security specifications available.

The API has been refined for maximum usability and simplicity – without compromising security.

Zero Trust Architecture

End-to-End Encryption

The Ciphx Key Agreement API facilitates universal end-to-end encryption across your applications.

Don't Trust  Ciphx,  Trust Your Encryption

Bring Your Own PKI

Install your X509 trust anchors and cross-certificates on Ciphx services.

Our networked, OCSP and AIA-aware, depth-first search path builder supports any PKI structure.

Don't Trust  Ciphx,  Trust Your PKI

Stateless

Ciphx relies on no database for identity or access control.

Exchange configurations are immutable, encrypted atomic units that can be hosted anywhere.

Ciphx Resource ContextCerts• sig• signer• roots• crossContext• issuer• name• certs• billingResource• issuer• subjectAdmin• issuer• subject

Ciphx Trusts Nothing – Not Even Itself

Ciphx operates as an equation. It accepts a query and returns encrypted data.

Or the reverse: Ciphx accepts encrypted data, then transfers it.

Read:

f(query, context) = data

Write:

f(data, context) = transfer

Open Architecture

Standardized

Ciphx APIs are 100% standards-based. Swap any built-in Ciphx service with your custom implementation at any level.

White Label

Use Ciphx Exchange Aliases to brand any Ciphx API endpoint with a domain you control. Use CSRs, PKCS12 or ACME to securely enroll TLS certificates.

Ciphx Exchange Aliases make domain name-driven deployment tiers simple and fast.

Ciphx Resource Context AliasAlias• sig• PKCS12• keyContext• issuer• subject

Choose Your Deployment

Standards-based Identity

Built-in support for PKI and OIDC/OAUTH2. Inject your trust anchors and be running in minutes.

Customize integrations with any external identity system.

Advanced Path Building

Precached cross-signed certificates, networked Authority Information Access (AIA) support and certificate depth-first search allows advanced PKI structures:

Built-in Transfer Protocols

MQTT and MQTT + Websocket

Full support for MQTT version 3.1.1, QoS levels 0, 1 and 2. Ideal for realtime data streaming, with an easy publish/subscribe API.

Tunnel MQTT through Websockets to stream live data to any modern web browser. Or get wild and do the reverse – turn any web browser into a source of live data.

Enforce fine-grained Access Control for both publish and subscribe actions, based on topic filter patterns and user attributes.

HTTP

Turn any web server into a fully authenticated and authorized web service in seconds. Enforce fine-grained Access Control based on path and query parts and user attributes.

Custom Transports

Open architecture allows custom integration with any Application Layer protocol with a TCP transport.

OSI Footprint

Application Layer
Application Layer
Transport Layer
Transport Layer
Application Layer
Application Layer
Transport Layer
Transport Layer
Application
Application
Protocol
Protocol
TLS
TLS
TCP
TCP
Ciphx
Ciphx
Protocol
Protocol
Ciphx
Ciphx
TLS/TCP
TLS/TCP
Protocol
Protocol
Mutual TLS Authentication
Mutual TLS Authentication
Protocol-specific Authentication
Protocol-specific Authentication
Application
Application

Built-in Identity Protocols

X509 PKI

Cryptographically-signed identity authority tree. Frequently used in security badges, password-less access keys and IoT devices.

OIDC/OAUTH2

Cryptographically-signed access tokens, with centralized database as source of truth. Common in cloud systems. Not appropriate for machine access.

Authorization Footprint

Ciphx
Ciphx
Authorize
Authorize
Translate
Translate
Protocol
Protocol
TLS
TLS
Application
Application
Mutual TLS Authorization
Mutual TLS Authorization
TCP
TCP
Ciphx
Ciphx
Authorize
Authorize
Protocol
Protocol
Protocol
Protocol
Application
Application
Protocol-specific Authorization
Protocol-specific Authorization
TLS/TCP
TLS/TCP

Data Exchange

Intra-organization

Binds with organization’s existing PKI infrastructure or OIDC service.

Users and devices can authenticate and begin sharing data instantly.

Ephemeral guest accounts can be enrolled or removed in seconds.

Host organization can adopt partner’s identity authority chain.

Cross-organization

Bridge Ciphx instances across multiple organizations.

Each organization hosts its own Ciphx instance while maintaining a sovereign identity tree.

Bridged Exchanges can share a common attributes authority to write policies against – bringing the ultimate in access control flexibility for cross-organizational data exchange.

Access Control

Attribute Based Access Control (ABAC)

Access Control policies can be as fine or broad as required.

Bind attributes from X509 certificate or OIDC JWT claims to policy rules.

Add third-party attributes authorities for precision access control.

Getting Started

Create an Account

Ciphx launches its self-service API in Q4. If you'd like to get started sooner, Email us at: info@ciphx.com. We'll set you up with a free preview account.

Custom Integrations

Need a custom PKI integration for your enterprise webservice? Or an OIDC multiuser data exchange for your customers? We can build that for you. Email us at: info@ciphx.com.

Roadmap

2023 Q4          2024 Q2         2024 Q4
▨▨▨▨▨▦▦▤▤▤▤▤▤▤▤▤▤▤▤▤▤▤▤▤▣▣▣▣▣▣▣▣▣▣▣▣▣▣▣▣

 ACME self-         Multi-party billing
  service API
    
 Launch             ML DPR integration
                      for RAG