Saturday, July 29, 2017

Tozny Launches InnoVault - Encryption Toolkit For Developers

We are proud to announce the release of our latest product, InnoVault - a toolkit that enables developers building websites, apps, and other software to easily embed end-to-end encryption for data security and privacy. 2016 saw a 40% increase in data breaches over 2015, and the team here at Tozny decided we wanted to do something about it. InnoVault is our answer to protecting user data with the same type of robust measures already used for credit cards, but too often left off of other user data.

Friday, June 16, 2017

Tozny at the Cloud Identity Summit and the Design Automation Conference

Tozny’s CEO, Isaac Potoczny-Jones, will be presenting at Cloud Identity Summit (CIS) in Chicago on June 19, 2017.  Come learn about E3DB, a security toolkit to build privacy-preserving products from the ground-up.
Talk Abstract: On the modern Internet, securely collecting personal data is extremely challenging. Software developers and enterprises are losing the arms race against malicious attackers every day. The Internet of Things (IoT) adds new challenges, including hardware limitations, lack of upgrade paths, and control of physical systems. In this talk, Isaac will outline Tozny's work with NIST on E3DB, a security toolkit to build privacy-preserving products from the ground-up.
The Design Automation Conference is in Austin - Isaac will be participating in a panel discussion on June 20, 2017 on hardware security technologies.
Panel Summary: Hardware security schemes are often treated as an afterthought: an extension of the system but not an inherent design metric for the whole system. This limits their adoption and benefit to real-world architectures. Emerging applications, for instance in IoT area, increasingly involve large numbers of connected and heterogeneous device swarms and pose crucial challenges on the underlying security architectures. In the recent years we have seen hardware security solutions from Trusted Platform Modules (TPM), ARM's TrustZone, to Intel's SGX, to name some have been rolled out. However, these solutions are rarely used by user applications, require strong trust assumptions in manufacturers, are too expensive for small constrained devices, and not scalable. This panel will discuss the real-world impact of currently available security hardware, the related shortcomings as well as new research and development directions in hardware-assisted security and privacy solutions.
Are you heading to CIS or DAC? Contact Isaac to meet up! @SyntaxPolice Top image credit: User BitchBuzz, Creative Commons

Friday, May 5, 2017

Tozny at HCSS - High Confidence Software and Systems


Tozny's CEO, Isaac Potoczny-Jones, will be presenting at the High Confidence Software and Systems Conference (HCSS) on May 9, 2017.  Come learn about NIST's Risk Management Framework and how you can apply it to your work.  And if you happen to be out in Annapolis, meet up with Isaac at the conference! @SyntaxPolice

Applying NIST's New Privacy Risk Management Framework (Abstract)

NIST’s influential cybersecurity frameworks have been a cornerstone of the certification process. They provide methodologies and standards to help organizations rigorously analyze the security of their systems. These standards are an important step in clarifying the policy, technical, and mental models that can lead to formal and semi-formal implementations. Building on the impact of the Risk Management Frameworks for cybersecurity, NIST is developing a Privacy Risk Management Framework. Rather than emphasizing the classic cybersecurity triad of Confidentiality, Integrity, and Availability it contributes the core privacy principles of Predictability, Manageability, and Disassociability. According to NISTIR 8062:
  • Predictability is the enabling of reliable assumptions by individuals, owners, and operators about personal information and its processing by an information system.
  • Manageability is providing the capability for granular administration of personal information including alteration, deletion, and selective disclosure.
  • Disassociability is enabling the processing of personal information or events without association to individuals or devices beyond the operational requirements of the system.
Tozny is implementing an End-to-End Encrypted DataBase (E3DB) for any type of mobile or web application to build secure workflows into their systems. It is a type of Personal Data Service (PDS). A PDS is designed to give end users significant control over the collection, retention, and sharing of their personal data. This approach improves privacy by inverting the model where data brokers control user data and choose which 3rd parties access user data. E3DB is one of the first projects implemented using NIST’s new privacy frameworks. In this talk, we will provide:
  • An overview of NIST’s Privacy Framework, and related standards (800-53, 800-63),
  • An experience report on implementing a product based on these standards, and
  • An in-depth review of our cryptographic approach and how it supports privacy.

Tuesday, April 11, 2017

The Security Panacea: Striking Balance with Usability



To keep up in today’s competitive technology market, perfecting the user experience is a must; making added security measures a tough sell to leadership. We consistently see brands sacrifice security, adopting the attitude, ‘it won’t happen to me.’ But when it does (which it will), brands are unprepared and scrutinized for their lack of foresight.

Read the interview with Manuela Marques, tyntec’s Product Marketing Director and Isaac Potoczny-Jones, CEO of Tozny, a leader in multi-factor authentication systems. We discuss the common mistakes brands make with security and provide insight on how brands can balance security and usability.

Thursday, February 2, 2017

Visit Tozny at the RSA Conference


We are now in an age where security can breached with just a simple push of a button. With today’s technological breakthroughs come an increasing demand for a more well-rounded and tightened cybersecurity. The tools required to protect each individual from cyber-attacks and threats has also proven that more technical expertise is now more than just a necessity, but of great significance as well.

RSA Conference will be held at Moscone Center in in San Francisco, February 13-17th, 2017 To better educate individuals and to lend them insights on the matter, a panel discussion is organized to be held on February 16, 2017 at Moscone West with a roster of notable names in the cyber privacy and security industry, including Tozny CEO Isaac Potoczny-Jones.

Privacy Enhancing Technologies Work—But Can Anyone Use Them?
  • Thursday 02/16/2017
  • 2:45 PM- 3:30 PM
  • Room: Moscone West | 2018
  • Session length: 45 Minutes
  • Track: Human Element
  • Session code: HUM-R11
Tools that help people assess and protect their own privacy are not new. But as the challenges to protect individuals' privacy become more substantial, the tools to insulate people from privacy risks require more technical expertise. This panel will discuss specific privacy challenges and review research efforts to make advanced privacy-enhancing technologies more accessible to everyday people.



Isaac Potoczny-Jones is the founder and CEO of Tozny. Previously, Isaac worked as a developer of security and authentication solutions for defense agencies and other government agencies with 10 years under his belt as a cybersecurity researcher at Galois. He graduated with a Bachelor’s Degree in Computer Science and Master's degree in Cybersecurity.
Other panelist include:
  • Lee Tien, Senior Staff Attorney and Adams Chair for Internet Rights for Electronic Frontier Foundation
  • Tanvi Vyas, Tech Lead, Security User Experience for Mozilla.
  • Naomi Lefkovitz, Senior Privacy Policy Advisor for NIST will act as moderator.

Come meet us

You can come meet us at the NIST booth (number S2815) at the following times:
  • Tuesday 2/14 Noon - 2:00 PM
  • Wednesday 2/15 at 5:00 PM