Data protection should be simple  The past years have shown an increasing vulnerability to intrusion threats. Protecting against these threats has become a burden for companies. With ZFKS, we believe that protecting data should be within reach of any company, even if it has limited IT capacities.

Your data should always be in your control  Following the zero-knowledge design, we have no means, as storage provider, to decrypt the stored data. This doesn't only mean that we have no access to our customers' data, but also that a breach in our system would not lead to a customer data leak as we do not keep keys to decrypt it.

Privacy shouldn't imply sacrifices  Respecting privacy and security should not prevent companies from offering nice and complex features to their customer. That is why ZKFS provides a simple yet extended SDK that can be used exactly like your previous storage solution, but with privacy by design.

Limits of account authentication

Classical users management in an application implies the creation of user accounts secured by passwords with or without multi-factor authentication. Such accounts are adequate for the core services, but quickly become a hassle when users have to manage them with an increasing number of services:

• They have to remember or store several passwords (this often leads to risky password reuse).
• They lose track of their personal data that is spread across the Web.

Multiplication of accounts leads to frustration and high security risks. This discourage users from using new services.

Qr-code authentication

On the other hand, using a QR code to access a service without having to provide any personal information or credential is a breath of fresh air and clearly encourages the user to make use of the service. At the end of the day, ZKFS QR code authentication offers better security than poorly managed passwords and is much more convenient to generate, distribute and manage.

Optionally, if security requires it, QR code based authentication can be reinforced with a second authentication factor in the form of a password, a TOTP, an SMS code, or another QR code to scan. And of course, nothing prevents the application from adding an account layer on top -or instead- of the QR code based access.

Application developers can pre-allocate quota for their users and have fine control over data usage while not being able to read this data as it is encrypted with keys only their users have. This allows for complete privacy for the users and keeps application developers in control of application costs. Our ZKFS solution also allows for full delegation of all allocations in a hierarchical way.

This solution keeps the costs foreseeable for the company and allow it to grant the right to manage a certain part of the file system to their customers. It therefore extends the zero-knowledge principle to the company towards their clients.

The file system API  provides functions to execute all the standard file system commands, like move, save, delete, list directory content, grant/revoke rights, ... This powerful and time-tested interface allows ZKFS to be integrated easily into existing applications.

This virtual file system API is similar to solutions like Amazon S3 but with the added benefit of true end-to-end encryption and file system like right management.

Since its core is compiled in web assembly bytecode (WASM), it can be quickly adapted to a great deal of languages in addition to the already existing Javascript and Elixir SDK.

High-level widgets complete the low level file system API:

• File browsers, similar to services like Dropbox.
• File upload, for example to request identity or official documents.
• Document signing.

With time, more widgets, like chat or form will be added for out-of-the-box integration into applications. Third party developers can also extend our widget collection through our plug-in system.

Preserving data privacy has become a crucial challenge in the current years.

On the one hand, the use of services offered by big Internet actors often implies exposing private data to unintended use by the host company. Those uses include marketing, customer targeting, data mining, IA feeding or even spying. When this is well known for services like Facebook or Google, it is also relevant for closed-source services that seem to take privacy more seriously. For example, for services advertising end-to-end encryption like WhatsApp, a gray zone remains about the possibility of data interception by the provider. Similarly, cloud storage services, such as Amazon S3, while providing encryption at rest, often do not offer easy-to-use end-to-end encryption for applications.

On the other hand, many nefarious actors are constantly trying to exploit vulnerabilities in servers to steal data and blackmail their legitimate owner. It has become very expensive to completely exclude unauthorized access, this is why encryption plays an important role in protecting data as it makes stolen data worthless.

Zero-knowledge storage solutions like ZKFS address both these concerns. As the data is being encrypted on the client side, no information is readable server-side and because the information is protected by a key the server never possesses, absolutely no operation can be made on it. In other words, ZKFS provides privacy by design as well as data leak prevention. Its features not only protect users' data but also drastically reduce the risk of liability for service providers using this storage solution.