Zero Knowledge: More Security Through Less Knowledge
2 min read
“The hardest thing of all is to find a black cat in a dark room, especially if there is no cat.” - Confucius
The Zero Knowledge principle is an encryption method, which allows private data to be so securely encrypted that neither the data processing company, nor the transfer and storage provider can gain access to the content of the data. But how exactly does that work?
Imagine you’re travelling abroad and you need a few documents from your safe. Since the safe is locked with a numerical code only you know about, other do not have access. In order to get the documents to you the whole safe has to be sent. On the journey the safe will be handled by the post office, the freight supplier, the customs office and finally the local postal service. At no point of time have these parties the opportunity to get access to the documents inside the safe. Even if they use a hammer, water or fire. The safe can only be opened by you with the correct code.
More Data Privacy Through Zero Knowledge
Zero Knowledge follows the same principle. The user encrypts the data on the device with his personal password. For encrypting data there are various security levels available, among them the worldwide most secure encryption standard AES. Only after the data is securely stored in the “safe”, the data transfer starts. On the journey the data safe may pass by a cloud storage provider or an external provider which facilitates the data transfer. No matter how long the transfer takes or how long the data is stored, because of its encrypted format none of these parties can decrypt, gain access nor evaluate the data. When companies use Zero Knowledge, only the person who knows the password, can transform the data into plain text.
Zero Knowledge at Outbank
Data security and data privacy has highest priority at Outbank. Zero Knowledge is therefore a must. At Outbank the data gets encrypted on the user device by the user’s individual master password. Only when he enables data synchronization, the data will leave the device. The data will be sent to a AWS server based in Germany as an encrypted data safe (or non-decipherable chiffre text). From there it travels to your other devices, where you decrypt them by entering your password. Because of the continuous encryption, also called end-to-end encryption, neither Outbank nor Amazon as server provider has access or insights into the transferred data. The meta data, which matches the encrypted data package with your Outbank ID, is stored on a separate server system which is not run by Amazon. Therefore the encrypted data is completely anonymous.