Authentication of users is based on a combination of: who they are, what they have, and what they know – such as their username, password and the TAN sent to the user's mobile number.

Every user action is logged and the log files are chained together, sealed using the user's signature and locked with an administrator key. Additional notarization in a public blockchain protects even against collusion of users and system administrators.

Data persisted in the storage is deleted by an automated job as soon as their individually configured retention period is over. Before final deletion, data can be downloaded or moved to another storage.

Tracking of documents exported from the system based on information added to or concealed within them. The tracking information can be made visible or even undetectable. It is used for identifying each individual copy of the document exported by the users.

Three levels of access control are combined to ensure that only authorized users have access to the storage, can locate data within the storage and retrieve or overwrite it depending on their permissions.

Beside creating native identities for registered users, standard protocols for integrating enterprise directories and social identity providers are also available to authenticate users based on their existing credentials.

An unforgeable timestamp of the upload or the last modification of specific content in the storage is represented by an immutable record in a public blockchain, which proves that the content has not been altered afterwards.

Messages exchanged between users regarding e.g. sharing content can not be distinguished from other data persisted in the storage. Thus, only the data owner knows with whom the data was shared.

Unregistered users can access shared files by using a temporary link with optional password protection generated by the file's owner and provided to the unregistered users.

Based on defined rules, access keys can be split into shares and distributed among a group of people, who can collaboratively reconstruct them in case of emergency.

Files and folders can be uploaded, shared and accessed in the storage directly from the browser on any computer or smartphone.

Permissions to access shared content are verified based on non-interactive zero knowledge proofs, which do not disclose any information about the identity of the user requesting access.

Based on data sovereignty requirements applying to their use case, customers can choose their preferred cloud provider and region.

Beside public and private clouds, customers can also protect their data persisted in on-premise storage solutions.

Processing directives enable the automation of human tasks like downloading and deleting transferred documents and the enforcement of security policies such as applying upload fiters or steganography on the users' client.

Beside files and folder hierarchies, the obfuscation and anonymization techniques will be adopted to other data structures and exchange protocols like MQTT.

Data is filtered for malicious code and illegal content before it gets encrypted and uploaded to the storage.

Uploading, sharing and accessing files and folders in the storage will be integrated into the file explorer of common operating systems.

The core cryptography library is written in C/C++ to enable integration into embedded system environments.

Remote attestations ensure that only genuine clients can connect to a gateway and prevent fake clients which could circumvent processing directives from accessing data persisted in the storage.