App-level Encryption

Unbound Key Control (UKC) takes the complexity out of app-level encryption by fully abstracting the encryption layer, making it easy for developers to implement strong key security and authorized access to decrypted data.

( let’s talk )

The Most Secure Encryption is also the Most Challenging

According to most cryptography experts, encrypting sensitive data at the application layer is best. But practically speaking, there are many challenges involved in implementing encryption yourself.

Knowing which scheme to use and how to use it properly requires security and cryptography expertise

Often, there is no place to store the key that can allow all machines running the application secure access to it

Lack of good places to store keys means sometimes they’re stored on the server with the data which is totally insecure

HSMs are secure but rigid, so they are hard to operate, maintain and scale to support constantly changing business requirements

Deploy Secure App-Level Encryption with an Intuitive, Easy-to-Use API

Unbound Key Control (UKC) supports all standard crypto APIs (e.g.  PKCS#11, CNG) and includes a fully-integrated module for application-level encryption. This simple, yet secure solution provides developers with an intuitive, easy-to-use API that hides all the details of the encryption process from the developer, allowing him/her to concentrate on the application business logic.

Based on Unbound’s Distributed Trust Platform, UKC stores keys safely in any environment, including cloud, hybrid and on premise. Fully abstracted from hardware, UKC is easy to maintain and scale.

Developer Friendly

Out-of-the-box integration with Java and .NET APIs, as well as an intuitive, easy-to-use crypto-agile REST APIs

Software-Defined Crypto

Unbound App-Level Encryption manages all encryption aspects for you so you can focus on the business logic

Key Protection

Keys are automatically protected using Unbound’s Distributed Trust Platform, across any deployment including hybrid and cloud

Encrypt Data-in-Use

Supports tokenization and other operations on encrypted data using format, type and order-preserving encryption

App-Level Encryption without Hardware.
Any App. Any Platform. Anywhere.

There are two primary modes of deployment:

Unbound Key Control (UKC) seamlessly integrates with standard crypto APIs such as PKCS#11, Java JCE, Microsoft KSP. All of these APIs are supported by the UKC client that is installed on the application server, and can be seamlessly integrated with your applications.

In addition, UKC includes a full KMIP server, and thus enables consuming cryptographic services using KMIP or through an easy to use, intuitive and crypto-agile REST API.

The Unbound Key Control (UKC) Application-Level Encryption module has an intuitive and easy-to-use API that hides the encryption implementation details from the developer. It fully supports format-preserving encryption, order-preserving encryption and tokenization.

See it in Action

Let us show you how you can implement strong application-level encryption, key security and authorized access to decrypted data in your organization.

  ( Request a Demo )

Related Articles


Get an in-depth explanation of how Unbound uses MPC, a mathematically proven method to secure keys on any device.

( Download )


Control Your Own Keys in the Cloud (CYOK) can ensure your sensitive assets remain secure even in the event of a breach.

( Watch )


Learn how Unbound Key Control, the first secure-as-hardware key management system can protect your crypto keys anywhere.

( Download )


Learn more about how two major banks are using Unbound to reinvent data reinvent data protection in the Digital Banking age.

( Watch )