Encrypting data
The system is extremely easy to use for end users. After the admin work - installation of Clyp system functions, MS Excel© and MS Word© plugin and enabling the user token from the admin interface (Clyp does not have end user passwords), all that the user needs to do is press a button - "Encrypt".
Managing files
After encryption Clyp returns a Clyp ID and replaces the existing text with it. The ID does not contain the original text, it is just a reference to where the data is stored on clyp.eu. Before it is stored the data is encrypted on the user's device with the public data key, assigned to the user, so no unencrypted data leaves the user device - it travels and is stored encrypted. After encryption the file can be considered completely anonimized for external users and does not need to follow strict process management with GDPR so the file can be used, processed, analyzed without the need to treat it the same way as personal and confidential information.
Decrypting data
Decrypting data is as simple as encrypting it - just select the Clyp ID and press "Decrypt". Of course to do so you need access to the company private key, valid access token to Clyp as well as the private key with which the data was encrypted.
Dashboard
Clyp's web admin dashboard shows at a glance the status of the system: Active tokens, encrypted records, denied writes and denied reads over the last week. It also shows the usage of the system.
Token management
Clyp does not have logins and passwords for the end users - only for the administrators to manage the system. Instead of passwords we use tokens - when Clyp is installed on a machine and in a particular user account it generates a token request, that appears in the admin panel. The administrator can then enable the token, as well as disable it any time necessary. The token is unique for a computer+user and is not transfered accross machines, which limits the risk of using unauthrized devices to access Clyp by end users. The combination of login+password as default company protection policy and access token per device and user we believe increases substantially the security of the system.
Communication and data keys
Clyp uses two types of keys. One is company wide communication key, to which all users need to have access (both the private and the public part). This key is used to validate communication as well as to allow different tenants of Clyp to send files to each other, which have been encrypted with the other company's public key. On top of the communication key each tenant of Clyp can generate unlimited number of data keys, with which the encryptions of own data happen. Key can be assigned to users per company decision (individual keys, keys per department, keys by geographical location, etc.). Each user has exactly one key, with which all own data is encrypted, and can have access to multiple private keys of other users, so that data generated by them can be decrypted when needed.