Zero-Trust Required: The Next Generation of Privacy Protection
Consumer data drives modern business. Consumers expect richer brand experiences, but the data ecosystem to deliver them is broken. Poor protections, financial and reputational risks and more privacy regulation are disrupting the data supply chain. Karlsgate Identity Exchange™ overcomes these challenges with zero-trust data sharing.
Introducing Cryptoidentity

Personal Data can’t be protected if custody is transferred to another party. The current generation of data protection solutions are insufficient. All require trusting a 3rd party who takes custody of your data. Karlsgate developed Cryptoidentity to eliminate the need for a trusted transfer of data custody.
Karlsgate Identity Exchange
Karlsgate Identity Exchange (KIE™) is the next generation of data sharing platforms. Using a distributed network architecture, it brings together all of the capabilities to support modern consumer data collaboration.
- Central Exchange Registrar coordinates exchanges and communications with Member Nodes
- Member Node handles extract, transform, load (ETL), Cryptoidentity hashing and network communication
- Virtual Facilitators provide temporary in-line match processing for each exchange
- Collaboration Portal allows users to discover, negotiate and manage exchanges with partners without any technical coordination between parties




Privacy by Design
KIE ensures the highest level of data security and privacy compliance by using Cryptoidentities—encrypted, single-use pseudonymized tokens—and a distributed network architecture to match two data sets without sharing or exposing Personal Data.
- Personal Data never leaves your data environment
- No party receives both the input and output of the hashing function
- Virtual facilitator can’t unscramble or deduce the original identifiers with a lookup graph
- Multi-layered network security protocols with swappable hashing and encryption algorithms


Identity Resolution
KIE uses a Virtual Facilitator for data matching. The platform allows trading partners to agree and set the match logic prior to initiating an exchange. All matches are 100% deterministic and achieved only through an exact match of the Cryptoidentities.
- Choose any identity for matching like email, address, device ID, IP address, member-devised custom ID and more
- Matching rules are transparent and verifiable to both parties
- Optimize match rates using cascading match logic based on a pre-defined sequence


Distributed processing
Each trading partner installs a local KIE Member Node to facilitate data exchanges. Each node is a part of the distributed encryption and communication exchange network and automatically processes exchanges in-conjunction with the Central Exchange Registrar.
- Reads Personal Data from original source file
- Negotiates the shared secrets for each exchange
- Performs the hashing/encryption to create Cryptoidentities
- Uploads Cryptoidentities for facilitation
- Downloads and appends match indicators and attributes to the original source file


Collaboration Portal
The KIE portal provides users direct access to the Exchange Proposal collaboration workflow. It allows users control of the automated processes for exchanging data.
- Discover data partners and available data
- Invite partners to trade data
- Manage digital contracts
- Control data match rules
Simple and Secure Identity Exchange Without the Work
Lightweight and secure implementation
Deploy a one-time node software installation that runs on all major operating systems. Secure API using SSL encryption, password-protected network access and Cryptoidentities, so your Personal Data never leaves your environment.
Distributed automation
Minimize manual work and iterative troubleshooting with automation including secret key creation, linkage key detection, identifier compatibility alignment, in-line hashing algorithms, cascading match processing and attribute append execution.
Streamlined operations
Use auto-detection routines to reduce the effort involved in modeling data formats and structure. No external taxonomy is implied or needed. Your data modeling stays completely intact. A built-in ETL engine and resilient data transfer mechanisms keep the full exchange procedure “hands-off.”