Security Trailblazer Program

Single solution to three complex problems. Fixed Price. One Week. Guaranteed.

Single solution to three security problems. Fixed Price. One Week Guaranteed

What is it?

The Security Trailblazer Program (STP) is a cost-effective program to provide a cohesive answer to three vexing problems quickly. Namely, how to:

  1. Use public clouds really securely.
  2. Deal with password breaches and password database thefts.
  3. Manage cryptographic keys effectively for PII, PHI, PCI-data protection.

The STP delivers, within one week, a demonstrable proof-of-concept solution at a fixed price of $19,995 (plus shipping and taxes/duties, if any). Guaranteed! It includes the following:

  1. StrongAuth KeyAppliance® 2.0
  2. StrongKey CryptoEngine™ 2.0
  3. StrongKey CryptoCabinet™ 2.0
  4. FIDO Ready™ Authenticators
  5. Live web-training
  6. Support for 1 full year

Why do I need it?

Using the discretionary funds from your 2014 budget, you can use it to:

  1. Prove to business units that you have the definitive answer to all problems listed above, in a single solution.
  2. Generate funding to scale this into Production in 2015, while establishing the foundation to address other data-protection problems across the enterprise.

Read More

Data Encryption Infrastructure

Protecting Sensitive Data Inline with Your Business Process.

Data Encryption Infrastructure provides scalable, highly-available and secure cryptographic services
The DEI Architecture. (Read More)

What is it?

The Data Encryption Infrastructure (DEI) is a collection of technology components and application architecture governing the protection of sensitive data within an enterprise. It can handle data of any type and any size. It is ubiquitous, independent, centralized, location-transparent, regulation-transparent, provides auto-scaling and is based on free and open-source software.

DEI is made up of,

  1. CryptoDocument Appliance®
  2. KeyAppliance®
  3. StrongKey CryptoEngine™
  4. StrongKey CryptoDriver™
  5. Identity and Access Management
  6. Local or Cloud Storage

Why do I need it?

You can use it to,

  1. Manage the protection of sensitive data within your enterprise.
  2. Provide scalable, highly-available and secure cryptographic services for your enterprise.

Read More

Regulatory Compliant Cloud Computing

Architecture to Secure Data in the Cloud.

Regulatory Compliant Cloud Computing - Architecture to Secure Data in the Cloud
The RC3 Architecture. (Read More)

What is it?

It stands for Regulatory Compliant Cloud Computing (RC3). It is an architecture to secure data in the cloud while following PCI-DSS level security.

Its Characteristics

  1. Data-classification
  2. Separate processing zones
  3. Encryption Key Management Infrastructure

Where can I use it?

You can use RC3 in,

  1. Your private and public clouds.
  2. Your e-commerce, healthcare and legal web-applications.

Learn how to build a regulatory compliant web application

Read Our White Paper

Happy Clients

We're Trusted by Dozens of Great Customers Across 6 Continents.

Our Clients use,

  1. StrongAuth's encryption and key-management solutions to address their PCI-DSS compliance requirements.
  2. StrongAuth's Public Key Infrastructure (PKI) solutions to address their security requirements.
  3. StrongKey Lite Encryption solution for tokenization , key management, data encryption and hardware protection systems to address their PCI-DSS compliance requirements.

SurveyMonkey key-management products

Chenega Enterprise public key infrastructure encryption

Recurly encryption software

Zeltiq pki certificates tokenization for PCI-DSS Compliance

Jameco Electronics Limited key management services

PayHub secure storage solution tokenization of credit card data

Pagosonline  PCI Compliance for credit card processing

Secure Your Data. Anytime, Anywhere.


Our Integrated Open Source Solutions Perform Encryption, Decryption, Tokenization and Key-Management

Free Software

Choose the Best One for You

NOTE: All our Open-Source software is released under the GNU/LGPL License.

Next Generation Data Protection.

Our Services

We Provide Support and Professional Services

Leaders in Enterprise Key Management Infrastructure


Who Are We? Information About Us.

StrongAuth, Inc. is a privately held company based in Silicon Valley, California. It is the leader in Enterprise Key Management Infrastructure, bringing new levels of capability and data security at a price point significantly lower than other solutions on the market.

Providing products and services in Symmetric Key Management, Encryption, Tokenization and PKI, StrongAuth is focused on securing data in the areas of Cloud Computing, E-Commerce, Healthcare, Finance and other sectors mandating protection of sensitive data. StrongAuth's solutions are installed at customer sites around the world and are key components of mission-critical business operations.

StrongAuth has defined a unique web-application architecture - Regulatory Compliant Cloud Computing (RC3) - which enables secure cloud-computing. It has the singular advantage that it not only ensures strong security of sensitive data in the public cloud, but can do so at lower costs than companies currently spend on enterprise security. The RC3 architecture has been validated by customers for securing financial and healthcare data using StrongAuth's solutions.

Events Where We Can Be Found

News & Events

StrongAuth, Inc. announces FIDO U2F support in StrongKeyCryptoEngine™ 2.0

by Arshad Noor, CTO, StrongAuth, Inc. | October 21, 2014 | Tags: FIDO U2F file security cloud storage

Regulatory Compliant Cloud Computing (RC3) on IBM developerWorks

by Arshad Noor, CTO, StrongAuth, Inc. | March 02, 2012 | Tags: RC3 web security

Regulatory Compliant Cloud Computing (RC3) at OWASP AppSec AsiaPac 2012

by Arshad Noor, CTO, StrongAuth, Inc. | April 11, 2012 | Tags : RC3 web security

Regulatory Compliant Cloud Computing (RC3) in The ISSA Journal

by Arshad Noor, CTO, StrongAuth, Inc. | March 01, 2012 | Tags : RC3 web architecture

Free workshop on Secure Cloud Computing, RSA 2012

by Arshad Noor, CTO, StrongAuth, Inc. | March 01, 2012 | Tags : workshop cloud free

See the CryptoEngine. Sophos, Booth 1817

by Arshad Noor, CTO, StrongAuth, Inc. | March 02, 2012 | Tags : CryptoEngine event demo

See you at the RSA Conference 2012, Booth 2520

by Arshad Noor, CTO, StrongAuth, Inc. | March 02, 2012 | Tags : RSA event security

Regulatory Compliant Cloud Computing (RC3)

by Arshad Noor, CTO, StrongAuth, Inc. | Dec 16, 2011 | Tags : cloud security architecture

New Ways to Keep Hackers Out of Your Business

Want to keep your computers, e-mails, and business secrets safe? Learn the latest in data encryption.

by Christina DesMarais, | Nov 8, 2011 | Tags : data security encryption hacking

RC3 presentation at OWASP, Hyderabad, India

by Arshad Noor, CTO, StrongAuth, Inc. | Dec 17, 2011 | Tags : RC3 speaker demo

MeetUp in SFO on Protecting Sensitive Data in the Cloud

by Arshad Noor, CTO, StrongAuth, Inc. | Dec 1, 2011 | Tags : RC3 meetup data

StrongKey CryptoEngine (SKCE) Release

by darkREADING | October 8, 2011 | Tags : skce cloud secure

Putting Data In the Cloud? Retain Control

Security researcher warns many companies are trading catastrophic problems for gains in efficiency.

by Robert Lemos | July 28, 2011 | Tags : cloud data control

The Indifferent Response to Security Breaches

Key institutions aren't making much of an effort to secure your data — there oughta be a law!

by Andrew Binstock | June 06, 2011 | Tags : key-based security HIPAA

Enterprise Key Management for Cloud

EKMI is dead, long live EKMI.

by Davi Ottenheimer | June 29, 2011 | Tags : EKMI PCI SKSML

We are hiring

We Look Forward to Hearing from You.
Software Engineer (Posted on 03/03/2014)

StrongAuth, Inc. is seeking a full-time Software Engineer to augment its staff in its Sunnyvale, CA office.

Job Description

  • Integrate software modules into a packaged application for installation and deployment on new computer servers for customers.
  • Trouble-shoot customer problems, analyze error messages, track down bugs in software and remedy the problem;
  • Work with specialized hardware and software - Hardware Security Modules, Trusted Platform Module and Smart cards - and understand their integration to StrongAuth's products and services;
  • Work with the customer's technical team at their location to install rack-mounted servers, configure the servers into appliances to perform specialized functions;
  • Develop documentation on complex cryptographic operations and identify how StrongAuth's products assist customer's to comply with data-security regulations;
  • Assist in building and maintaining a Testing environment that tests StrongAuth's products continuously;
  • Perform testing on developed software modules.

Experience Required

  • Master's or foreign academic equivalent in Computer Science or related field of study
  • Travel/relocation to unanticipated client sites throughout US.
  • Courses, studies, knowledge or experience with Cryptography and Computer Security, Design and Analysis of Algorithms, Advanced Computer Architecture, Database Systems Principles, Server Web Programming required.
Qualified candidates are encouraged to send their resume with a cover letter to jobs for consideration.
Junior Software Engineer

StrongAuth, Inc. is seeking a full-time Software Engineer to augment its staff in its Sunnyvale, CA office.
The requirements it seeks in candidates are as follows:

  • A Bachelors degree
  • 1-2 years of experience in the following:
    1. Linux
    2. Java
    3. Servlets and/or Swing
    4. Web Services
  • Excellent communication skills
The hired candidate will be expected to perform the following duties:
  • Maintain existing/Write new Java code for StrongAuth products
  • Perform unit, integration and performance testing
  • Write product documentation
  • Install our appliances at customer sites, as necessary
  • Provide Level-1 support to customers
The hired candidate can expect the following:
  • Learning new skills in cryptography from a world-class innovator - specifically, JCE, PKCS11, TPM, HSM, smartcards, encryption, digital signatures, etc.
  • Learning a new web-application architecture - Regulatory Compliant Cloud Computing (RC3) - to secure data in public clouds such as AWS, Azure, etc.
  • Understanding business compliance requirements to laws and regulations mandating encryption of sensitive data
  • A reasonable compensation plan with an opportunity for performance bonuses and health-care benefits
  • An innovative and dynamic environment where no two days are the same
Qualified candidates are encouraged to send their resume with a cover letter to jobs for consideration.

Encryption, Tokenization, Key Management and Secure Cloud Computing

White Papers

Helping you Understand Concepts, Technologies and Issues Related to Data-Protection.

Automating Data Protection Across the Enterprise

Published in on Feb 07, 2013

The DEI is the logical evolution to make data-protection an ubiquitous service on the network, accessible to systems and applications through a uniform interface, with the ability to address diverse data-security regulations while leveraging the cloud for business benefits.

Analysis of the PCI-DSS 2.0 Encryption & Key Management Analysis

A StrongAuth, Inc. White-Paper published on, August 12, 2012

The Payment Card Industry (PCI) Security Standards Council recently released the Data Security Standard (DSS) version 1.2 on October 01, 2008. StrongAuth, Inc. analyzes the Encryption and Key Management requirements from the DSS and presents what covered entities must do in this white-paper.

Introduction to Public Key Cryptography

Mozilla Developer Network

For those interested in understanding some simple mechanics of how digital certificates work, why are they necessary and how they can protect you, a good introductory paper can be found at this link.

Regulatory Compliant Cloud Computing (RC3)

A StrongAuth, Inc. White-Paper published on, March 15, 2011

This white-paper presents an architecture for building the next generation of web-applications. This architecture allows you to leverage emerging technologies such as cloud-computing, cloud-storage and enterprise key-management (EKM) to derive benefits such as lower costs, faster time-to-market and immense scalability with smaller investments – while proving compliance to PCI-DSS, HIPAA/HITECH and similar data-security regulations. We call this Regulatory Compliant Cloud Computing, or RC3.

Data Protection for Companies

Published in the ABA SciTech Lawyer, Volume 5 Issue 1, Summer 2008

In 2003, California passed Senate Bill 386, requiring companies to report reaches of computerized systems resulting in access to sensitive information about a California resident. With the subsequent assage of similar laws in nearly 40 other U.S. states, it is now evident that our computer infrastructure is far more porous than we previously imagined. Selected as one of The Best Articles Published by the ABA

Identity Protection Factor (IPF)

Published in the NIST IDTrust 2008 conference, March 2008

Since the dawn of computing, operating systems and applications have used many schemes to identify and authenticate ntities accessing resources within computers. While the technologies and schemes have varied, there appears to have been little attempt to classify them based on their ability to resist attacks from unauthorized entities. With the proliferation of identity management technologies in the market today, it is becoming increasingly difficult to assess and compare them with each other. As the threat level continues to rise on the internet, and regulations governing information technology continue to grow, risk managers need more objective mechanisms to assign risk to their systems so they may apply appropriate mitigating controls. This paper attempts to describe a classification scheme that will permit the comparison of seemingly different identification and authentication (I&A) technologies on the basis of their vulnerability to attacks. With a better understanding of related authentication technologies, companies can determine the appropriate technology to use for mitigatingauthentication risks .

Symmetric Key Management Systems

Published in the ISSA Journal, February 2007

Most security professionals are familiar with symmetric key-based cryptography when presented with terms such as Data Encryption Standard (DES), Triple DES (3DES) and the Advanced Encryption Standard (AES). Some are also familiar with Public Key Infrastructure (PKI) as an enterprise-level solution for managing the life-cycle of digital certificates used with asymmetric-key cryptography. However, the term Symmetric Key Management System (SKMS) – which refers to the discipline of securely generating, escrowing, managing, providing access to, and destroying symmetric encryption keys – will almost always draw blank stares.

Successful PKI implementations

Published in the ISSA Journal, September 2005

Contrary to what you might have heard, or read in the Information Technology (IT) press, companies have built Public Key Infrastructures (PKI) successfully, and use them daily to solve day-to-day business problems. What is little known, however, is the magic potion these companies used to make their PKIs successful. This paper will attempt to demystify some of that magic and provide you guidance that can help you navigate the pitfalls as you deploy your PKI.

Blueprint for managing SB 1386 compliance

Published in the ISSA Journal, May 2003

Businesses need to address SB 1386 compliance effectively by implementing this four-part solution. This document presents an overview of what companies need to address, when putting their SB 1386 compliance infrastructure together.


Presentations StrongAuth has given at Conferences Around the World.

Case Study featuring Kanda Software

Implementation of RC3 web-application architecture using the StrongAuth KeyAppliance™ to achieve state-of-the-art security of sensitive data in the public cloud. (Read Also, Trending at Kanda: Data and Application Security. StrongAuth and Security Innovation)

Kanda Software | Feb 25, 2014 | Sunnyvale, CA

Regulatory Compliant Cloud Computing (RC3) on IBM developerWorks

A web-application architecture for Secure Cloud Computing

Black Hat 2012 Conference | July 25- July 26, 2012 | Las Vegas, Nevada, USA

Secure Cloud Computing

A security solution that lets you take advantage of Public Clouds while proving compliance to regulations!

JavaOne 2011 Conference | Oct 2-6, 2011 | San Francisco, California, USA

StrongAuth's Introduction to Secure Cloud Computing

A security solution that will reduce the scope of compliance audits, manage trillions of keys/objects and, is fully operational in 48 hours or less.

RSA 2011 Conference | February 14, 2011 | San Francisco, California, USA

StrongKey - The industry's first open-source SKMS

A security solution that provides secure cloud computing.

NIST Cryptographic Key Management Workshop | June 9, 2009 | Gaithersburg, Maryland, USA

OASIS Enterprise Key Management Infrastructure (EKMI)

A collection of technology, policies and procedures for managing the life-cycle of all cryptographic keys in the enterprise.

IEEE Key Management Summit 2008 | September 23, 2008 | Baltimore, Maryland, USA


The industry's first open-source SKMS

IEEE Key Management Summit 2008 | September 23, 2008 | Baltimore, Maryland, USA

Identity Protection Factor (IPF)

Get an overview of Identity Protection Factor (IPF).

NIST IDtrust 2008 | March 4, 2008 | Gaithersburg, Maryland, USA

Securing the core with an Enterprise Key Management System (EKMI)

Overview of EKMI, its components, how to build and secure one, the SKSMS Protocol.

NIST IDtrust 2008 | March 5, 2008 | Gaithersburg, Maryland, USA

Free Resources

Download these Free Resources

Get In Touch

Thanks for Looking. We'd Love to Hear from You.



(408) 331-2000

150 W. Iowa Ave, Suite 204
Sunnyvale, CA 94086
USA (Map)

We are a provider of solutions in the fields of Enterprise Key Management, which includes public-key cryptography & symmetric-key management. If you're looking for solutions, or are confused about solutions to problems in these areas, contact us - we are certain we can help.