Circle is a transformative security API built on next-gen patented unified architecture that secures identity, data and privacy for third-party applications, APIs, and IoT devices with no compromise. Circle API was designed to enable developers, IT teams and DevSecOps to "shift left" by delivering its breakthrough architecture as a REST API, making it far easier to incorporate and support fundamentally strong security in these three areas with:
- far less complexity - meaning developers will use it; and
- greatly improved user experience - meaning users will use it.
Circle API does not seek to replace the Cloud - it is a powerful and critical infrastructure driving the success of modern application development and digital infrastructure. Rather, it addresses some of the fundamental weaknesses of current cloud-native architectures in a way that enables the efficiencies and power of the cloud to be preserved while radically improving security.
Unique Characteristics of Circle's Hybrid Cloud P2P Architecture
There are four characteristics of Circle's architecture that are particularly important to its security, utility and uniqueness. These are also different in some important ways from typical REST APIs which developers leverage for cloud applications, so understanding these can be helpful to both implementing and integrating Circle as well as thinking of innovative ways that it can be used.
- The Circle software service installed on the device performs as a local host web service on the endpoint device. After the initial set-up, the system web server has no role in authentication and no access to any data that is used to perform it. All communications and actions are performed only between the application web server and the software service running on the local device.
- Encryption keys are created and stored on the endpoint device and are never shared with any web server. The Web Server itself never receives or stores a copy of the key - the information stored in the secure capsule can only be requested by the Web Server, and then decrypted locally on the device and transmitted to the web application server for authentication purposes. The Circle platform's web server also never receives or stores any keys, nor can it request or in any way access information that is stored in secure capsules.
- It creates AES 256 encrypted Secure Capsules. which can be bound to the device upon which they are authorized, but also can be uniquely bound to the human or machine user they are intended to protect. Secure capsule can be securely replicated and synchronized to other devices controlled by the same end user through a peer-to-peer process of invitation and authentication. This enables a single end user to replicate and control the same Secure Capsules across multiple devices, browsers and contexts.
- There is no centralized certificate authority or credentialing system required. The existence of the Secure Capsule on the endpoint device, and the use of the secrets and/or biometrics by the Web Server is all that is required for authentication of both the device, and the user on the device. Circle-of-Trust provides a mechanism to step-up to human-in-the-loop identity verification whenever needed.
Circle API Products
Since Circle API can do so many different things, we found in our engagement with developers and partners in our early access program that it is helpful to structure our offering, and the supporting content for integration, implementation and development in the following packages. These group together and match areas of functionality in the API to use cases that developers and end users want and can be easily slotted and integrated to meet specific needs within the SMB market and enterprise IT infrastructure. These are also grouped into the area of cybersecurity that they address.
When securing user and device authentication, Circle API leverages Secure Capsules to protect credentials, tokens, encryption keys and other means of ensuring that only the unique user and endpoint devices that the user has authorized are able to log-in to any application, network or resource. When securing identity verification, Circle API leverages both Circles and its patented distributed P2P multi-factor authentication.
- Circle Access. Powers cryptographic, credential-free authentication to deliver both improved, frictionless user experience and radically improved security. Circle Access has 3 options for implementation:
- Circle Access Desktop. Installs Circle Service on the endpoint device, enabling that device to have credential-free authentication directly.
- Circle Access Mobile. Requires the end user to install and use the Circle Access App, which is similar to but goes far beyond the typical "Authenticator" application in both ease of use for the end user, and the security capabilities it can power for protection of authentication, identity and data.
- Circle Access 360. Integrated the Circle Access app and Circle Service together with multiple benefits, starting with enabling developers to offer both UX options. But much more.
- Circle-of-Trust. Enables step-up-escalation to human-in-the-loop identity verification that is cryptographically fused to authentication and device authorization. At the highest levels, all communications and actions operate within AES 256 encrypted Circles.
When securing data, Circle API+ leverages the same Circle encryption key management and Secure Capsules used to authenticate identities and their actions to secure data and communications end-to-end protecting data on the endpoint devices and in Cloud. It also leverages the Circle Immutable DLT, which is built into the structure of Circles and Secure Capsules. This can be used in different ways.
- Circle Guard. Secures data and communications across endpoint devices and in Cloud with End-to-End Encryption (E2EE).
- Circle Vault. Puts the Enterprise in charge of its data while respecting its employees' privacy.
- Circle Verite. Ensures digital trust for user journeys, actions, interactions and transactions, supporting
- continuous cryptographic authentication;
- multi-party authorization workflows;
- data and transaction integrity.
When securing privacy, developers leverage only the functionalities of Circle API that are completely distributed and decentralized, putting end users in total control of the privacy and security of their communications and data.
- Circle Prive. This capability can be used in many different ways. Initially, there are two primary use cases that we understand fully.
- Secure Collaboration. Organizations can leverage Circle Prive to ensure that the communications of any designated staff and groups can be kept completely private. This leverages Circle-of-Trust and the authorization API methods in Circle Verite to provide mechanisms whereby corporate control and access can still be assured, but with appropriate safeguards .
- Secure End User Privacy. Developers can give end user the privacy that they - and governments - are demanding and deserve. NOBODY other than the Data Owner has access to their data - or metadata - EVER.
Learn How to Implement Circle
The following resources have been developed to help you get coding and implementing Circle rapidly.
Then each API Product has its own focused set of Getting Started articles. Circle also has SDK + Libraries for developers that wish to integrated Circle's capabilities into device native applications.
Because Circle's architecture and principles are different, it can be confusing at first for developers to think about implementing it and understand the power of what it can do, This section provides higher level explanations and illustrations to help orient developers to both how Circle works and what it can do. We encourage you to read first:
Implementing Circle API normally involves both integrations with other applications, platforms or system components. While many of our partners and developers have deep expertise in their own areas, some may not understand all of the complexities and options involved. This area will be where we build a knowledge base based on our customer needs as they arise.
Circle also does some things that are quite unique and different. We have written two articles on these to start, and will create more articles as we go forward.