Tricryption is a software based, centrally served, symmetrical key management and storage capability supporting multiple encryption software clients. Tricryption is not a specialized encryption algorithm, but rather a three-part method that makes our key management unique (“Tri”cryption). A brief description of the method is:

1. Encrypt the data/file with a symmetric encryption key

2. Encrypt the symmetric key from Step 1 and store the newly encrypted key in a central key repository

3. Encrypt links between data/files and encryption keys forming a “Hidden Link”, and add to the data/files creating a ’Linked Envelope’

Key management and storage functions are typically hosted separately from the supported encryption clients, but may also be combined on a single compute platform as requirements dictate. Tricryption’s key management has unique capabilities enabling flexible secure solutions without workflow disruptions:

	Keys: Tricryption uses centrally generated, controlled, and securely stored symmetrical keys. Supported keys include AES (128, 192, & 256 bit), 3DES, Blowfish and customer proprietary.
	Key Identification: Key ID pointers are created, assigned, and stored with their associated symmetrical key. Associated Key IDs are encrypted to form a protected “Hidden Link” and appended to the encrypted data/file for secure reference.
	Access Control List: Each key in the Tricryption system is assigned an Access Control List (ACL) supporting group, individual, system, and conditional access to the key and therefore the encrypted information.
	Secure Communications: Communications between Key Servers and clients are secured the by use of OpenSSL supporting Elliptical Curve Cryptography - Transport Layer Security (ECC-TLS).
	Logs: All key actions are logged by the Key Server and stored in a specified relational database (key on the key database or on a separate database). Key logging data is available to both reporting and dynamic monitoring capabilities.
	Scaling & Federation: Tricryption key management scales and federates to allow high availability and optimal integration with decentralized architectures. Key Servers may be horizontally scaled and linked to a single key database. Multiple Key Servers may be federated with each other through uni or bi-directional trust relationships.