ZoTrus Technology is a Security Practice

Zero trust is a security concept. At present, major cyber security providers have proposed their own zero trust security solutions. Each provider provides corresponding solutions according to their own fields and knowledge. The core concept of zero trust is "Never Trust, Always Verify". The solution provided by ZoTrus Technology is a zero trust security practice based on PKI (Public Key Infrastructure) technology, which is essentially different from the "Sherlock Holmes" zero trust security solutions currently on the market, because these solutions are designed based on traditional security protection solution.

In the European Union, a CA that is qualified to issue digital certificates that comply with the European Electronic Signature Law is called a "Trust Service Provider (TSP)". Wikipedia explains PKI this way: PKI provides "trust services" - in plain terms trusting the actions or outputs of entities, be they people or computers. Trust service objectives respect one or more of the following capabilities: Confidentiality, Integrity and Authenticity. PKI is a cryptographic technique that enables entities to securely communicate on an insecure public network, and reliably verify the identity of an entity via digital signatures.

In layman's terms: with cryptography, there is a public key infrastructure; with a public key infrastructure, there is a digital certificate to ensure the secure communication of the Internet and the trusted of the individual's identity. Cryptography and PKI technology are born out of trust. They are "native trust" technologies and the only reliable technology to solve trust problems. This is why CA company is called "trust service provider". Therefore, to apply the concept of zero trust to protect the security of the Internet of Everything, of course, digital certificates must be used to ensure that the identities of individuals and objects are trusted. Only trusted identities can use corresponding data resources through verification.

However, we should further think about why we need to solve the problems of trust, and its essence is to solve the problems of data security. Therefore, digital certificates are not only used for trust services (digital signature and identity validation), but also for encryption. HTTPS encryption, email encryption, document encryption, data encryption, etc., cryptography not only solves the problem of trust, but more importantly, it also solves the security problem of the data itself, which is an upgrade and supplement to the concept of zero trust.

Therefore, the concept of a zero trust security solution based on cryptographic technology is "Never Trust, Always Verify, Always Encrypt", which is also an innovative security practice for cryptographic applications, which is exclusively implemented by ZoTrus Technology and provides services to the public. Specifically, the following five zero trust security cloud services related to core Internet security are provided.

1. Website Security Cloud Service:
   Never trust http websites transmitted in cleartext, never trust websites without security protection, and never trust websites that have not passed trusted identity validation. ZoTrus Technology is the first in the world to provide website security inclusive services based on cloud PKI, cloud WAF and cloud identity validation, and fully realize the trinity website security solution of https encryption, WAF protection and trusted identity, helping customers to realize the website zero trust security without pain.
2. Email Security Cloud Service:
   Never trust emails transmitted in cleartext. ZoTrus Technology is the first in the world to provide email encryption cloud services, users do not need to replace the email client software, fully automatic configuration of publicly trusted email certificates, fully automatic realization of email encryption and digital signatures, fully automatic exchange of public keys, and fully automatic key management and fully automatic email timestamping, helping users to realize the email zero trust security without pain.
3. Document Security Cloud Service:
   Never trust electronic documents without trusted identities. ZoTrus Technology is the first in China to provide a fully automatic document cloud signing service that follows the cloud signature standard formulated by the Cloud Signature Consortium. Customers do not need to purchase and manage document signing certificates and timestamping services, but only need to purchase document security cloud services, helping customers to realize the document zero trust security without pain.
4. Application Security Cloud Service:
   Never trust applications without trusted identities. ZoTrus Technology is the first in China to provide a fully automatic code signing cloud service that follows the cloud signing standard formulated by the Cloud Signature Consortium. Customers do not need to purchase and manage code signing certificates, and timestamping services, but only need to purchase application security cloud services, helping customers to realize the application zero trust security without pain.
5. Identity Trusted Cloud Service:
   Never trust entities without validated identities. Website identity is the first identity on the Internet, ZoTrus Website Trusted Identity Validation Service is an identity trusted cloud service designed to make up for the fact that the current DV SSL certificate does not validate the identity of the website owner. It is also a supporting service for the Website Security Cloud Service. And ZoTrus plans to provide a unified identity authentication cloud service based on digital identity certificates, automatically configure trusted digital identity certificates for entities (people and things), which are used to verify entities trusted identities in real time and access data resources according to security policies, helping customers to realize the zero trust security of data resource access.

It should be pointed out that: ZoTrus digital signature cloud service (including code signing and document signing) follows the concept of zero trust. It does not upload the user's software to be signed and documents to be signed to the cloud, but only submits the HASH of the file to be signed to the cloud. After the cloud signing service completes the digital signature, it sends the signed data to the ZoTrus signature tool on the user computer, and the signature tool completes the digital signature on the user's local computer, thus realizing zero trust to the e-signing service platform.

In summary, to achieve zero trust security, first, we should find the right technical route, and what technology is the key technology to solve the trust problem; second, we should figure out what the purpose of solving the trust problem is. Only by thinking clearly about these two questions can we choose the right zero trust security solution. ZoTrus Technology adopts the principal of zero trust and cryptographic technology, which is a security practice. It is an innovation of cyber security practice that fully adopts cryptographic technology. ZoTrus Technology will spare no effort to seek it.