"You Don't Need to Trust Codel"
A key feature of online databases, authentication providers, certification authorities and the like is that they require you to place a great deal of trust in them.
Of course, they put in a lot of infrastructure and effort designed to justify that trust and many make a very creditable stab at it.
Nevertheless, if you allow such entities to hold your valuable data you are always at some (greater or lesser) risk of all or part of that data falling into the wrong hands.
Our approach is to eliminate that risk altogether. We never hold sensitive data in the first place so however weak our physical security, nobody can get at your secrets through us.
We first developed this concept in the context of the Anti-Counterfeiting protocol, where it is necessary to avoid becoming a tempting target for hackers by storing plaintext VRs. By randomising the VRs and then only storing the hash values of the VRs, we made it impossible for any attacker to obtain valuable data from us which could help produce counterfeit goods. Yet, at the same time, we preserved the full functionality of the authentication database. Users, Supply chain personnel and the authorities can still all use the data to validate genuine articles and to expose counterfeits.
Similarly, when we come to validate documents and any claims you might make about them (which can be highly sensitive), we, again, don't store any data of interest to attackers. We store the hashes of the documents and the hashes of the claims.
For email validation, where the contents might be tested in court, we may appear to contradict the claim that you don't need to trust us. We play the role traditionally taken by the "Trusted 3rd Party". Essentially, we can prove that Alice sent Bob an email which Bob was able to open on a given date. But when you consider why a court would trust our evidence, it does not depend on anything intangible like reputation, skilled professionals or reliable hardware. The court would accept Codel evidence simply because - through our Protected Audit Trail (see below) - we can prove that the relevant transactions took place. And although we can help either side prove the entire transaction, we have no idea what was in the email. It never came through us, not even in encrypted form. In this case, we do that by storing non sensitive data other than hashes.
And so it goes with all our products. We don't store your secrets, we merely confirm them. So you can't lose them or expose them through our carelessness, miscalculation or malice.
Finally, our Protected Audit Trail provides a unique level of assurance that - unlike every other digital authentication system on the market today - does not rely, for its ultimate confirmation, on yet another digital record, but instead relies on the non digital publication of over a million copies of key "confirming" hashes which lock our audit trail (and yours if you've contributed to ours) into a state where - again, regardless of our performance or intentions - the validity of the data can be confirmed or refuted with mathematical precision.
We have achieved, therefore, the happy state in which we can say to all our customers or clients, with hand on heart, "You don't Need to Trust Codel. Anyone can check out our audit trail at any time. We can't hide our mistakes (or anyone elses). We'll be delighted, of course, if you choose to trust us, but you really don't need to - just check out the trail"
Paradoxically, we think this will eventually make us the most trusted online database in the world.
The Codel Protocols are designed to make it impossible for us to put your data or its integrity at risk.
