Unmatched Data Protection

Enterprise data security

platform for controlling and encrypting data

wherever it resides

Enterprise Functionality for Any Size Organization
ParaDoxBox™ Enterprise is a discrete, complete enhanced enterprise data security platform that enables users to protect data on their workstations, on enterprise networks, and in cloud storage systems (think Google Drive or Dropbox) while at the same time providing the enterprise guarantees that it can always recover its data.

ParaDoxBox™ Enterprise combines our endpoint encryption management platform with our flexible cloud-based SaaS Administration Portal to offer organizations the versatility to manage full disk, partition, and file level encryption as well as cloud hosted data.

With ParaDoxBox™ Enterprise, your enterprise never loses control over encrypted data. User encryption keys are encrypted with Saas Administrator owned and control keys-making them accessible to your SaaS Administrators and no one else. Not even us.


ParaDoxBox™ neutralizes emerging threats and mitigates the risk of unauthorized disclosure of enterprise data – even in the event of a breach

Infosec Awards 2018 Winner

See the Cyber Defense Magazine List of Winners

The ParaDoxBox™ Enterprise Data Security Platform incorporates rich enterprise administration features. Built for the enterprise, environment customizable.

It’s estimated that 96% of data stolen in enterprise breaches was unencrypted, and therefore exposed to malicious actors. In many cases, the failure to protect sensitive data was due to the difficulty involved in deploying encryption within an enterprise environment or be ill-prepared in protecting every endpoint. Secure Channels’ ParaDoxBox™ Enterprise Data Security Platform fills these gaps by providing SaaS Administrators an intuitive, user-friendly, comprehensive management interface while providing a wide array of encryption options and enterprise management functionality – ensuring positive control over users, billing, and data access.

ParaDoxBox™ Enterprise uses On-The-Fly-Encryption (OTFE) to encrypt and protect data on endpoints. OTFE ensures that data is never persistently stored in an unencrypted state. OTFE can license the PKMS2 Protocol, best of breed symmetric ciphers, enhanced authentication technology, and enterprise controls for key management, account management and billing. ParaDoxBox Enterprise offers enhanced security that flexibly supports enterprise requirements.


  • Intuitive, easy-to-use interface
  • Protects device, network and Cloud storage locations
  • Users choose encryption scope (disk, partition, volume, file, share, Cloud location, etc.), storage locations and the algorithms and modes of operation that encrypt data
  • Licenses PKMS2 and SUBROSA® multi factor authentication
  • SaaS Administrator Portal for easy access to administrative functions so an enterprise never loses control over their data
  • Central management for Windows Bitlocker
  • Provides data security future-proofing in accordance with NIST guidance
  • Extension of keyspace for symmetric block ciphers via PKMS2
  • Incorporation of Post-Quantum Cryptography (PQC) asymmetric ciphers

Key Product Benefits: Exponentially Increase Security

Pervasive Encryption The ParaDoxBox™ Enterprise Data Security Platform can be easily deployed to all of an enterprise’s laptops and workstations (either by download, isolated sandbox environment, or group policy installation). Once installed and registered, it can be used to provide any desired combination of full disk, partition, volume, hidden volume, file and file-for-sharing encryption at the administrator’s discretion. All users can encrypt all data, all the time. ParaDoxBox Enterprise’s administrative functionality guarantees that the enterprise retains complete, secure control of keys, ensuring data access.

Computational Future Proofing The ParaDoxBox™ Enterprise Data Security Platform licenses Secure Channels’ PKMS2 mode of operation that has been mathematically proven* to extend the effective key length of standard 256-bit ciphers by approximately 50% to 387 bits. As a result, the use of ParaDoxBox™ Enterprise provides security guarantees against both conventional and quantum improvements in computing power. These versions also provide fallback security: Even if one of the ParaDoxBox™ Enterprise encryption suite’s ciphers is found to be insecure, data using the PKMS2 mode of operation  remains protected. Additionally, the effort an attacker must exert to recover an entire message is significantly increased.

Bypass and Social Engineering Attack Protection The ParaDoxBox™ Enterprise Data Security Platform all but eliminates the threat of bypass and social engineering attacks by licensing Secure Channel’s SUBROSA® technology, which provides a multi factor authentication gateway to ParaDoxBox™ Enterprise, supporting knowledge, possession, biometric, machine inherence and external location based manage knowledge factor authentication credentials that can be tailored or combined based on enterprise requirements to provide the desired level of authentication assurance. SUBROSA’s credentials technology are long (thousands or tens of thousands of bits), non-human readable, binary strings that are unknown to but easily entered by the user. Users can’t reveal what they don’t know and they can’t share what they can’t read or write down.

*A mathematical analysis of PKMS2 was conducted by Dr. Jonathan Katz, Vice President of Cryptography Engineering, Secure Channels Inc., Professor, Computer Sciences, University of Maryland. Cryptoanalysis conducted by Dr. Yevgeniy Dodis, Professor, Computer Science, Courant Institute of Mathematical Sciences, NYU; Dr. Matthew Green, Assistant Professor, Computer Science, The Johns Hopkins University; Dr. Stefano Tessaro, Assistant Professor, Computer Science, University of California, Santa Barbara. See our Peer Review page.

ParaDoxBox Chart

Use Cases

ParaDoxBox™ Enterprise creates encrypted virtual containers on endpoints, networks or in the Cloud, providing protection levels that meet or exceed industry and national standards. It is transparent once deployed, requiring no specialized training. Users select the encryption algorithms and the standards with which to comply (e.g., FIPS 140-2 Annex A). ParaDoxBox™ Enterprise licenses the PKMS2 mode of operation, layering and combining multiple encryption algorithms while (optionally) remaining FIPS compliant as well as licensing Secure Channels’ SUBROSA® authentication technology. Even in the event the network is breached, ParaDoxBox™ Enterprise ensures that your enterprise data is safe.

Technical Details

Operating Systems

Encryption Algorithms
AES, Simon, Twofish, Serpent, MARS, Speck, Aria, Camellia

Modes of Operation

Key Hashing Algorithms
SHA-256, SHA-384, SHA-512, SHA3-256 (future), SHA3-384 (future), SHA3-512 (future), PBKDF2

Authentication Factors
Knowledge, Possession, Biometric, Machine Inherence