Technology
Connectivity made easy, without losing custody of your data
Zero-Trust Required
The Next Generation of Privacy Protection
It’s no secret that connecting data to develop actionable insights on customers and patients brings massive value across industries. But the current solutions leave gaps in identity protection. Karlsgate is here to fix that.
Introducing Cryptoidentity
Gone are the days of transferring custody of Personal Data. Cryptoidentity allows the free flow of insights while maintaining control of sensitive information. This breakthrough Privacy Enhancing Technology (PET) can extend your zero-trust approach beyond information security to data management as well. It’s finally data protection with simplicity and scale.

Karlsgate Identity Exchange
Karlsgate Identity Exchange (KIE™) shepherds in a new approach to connecting data. Using a distributed network architecture, it brings together all of the capabilities to support modern consumer data collaboration, making it easy to connect with anyone, anywhere, at any time in a safe and privacy-compliant manner.
Privacy by Design...
KIE ensures the highest level of data security and privacy compliance by using Cryptoidentities—encrypted, single-use pseudonymized tokens—and a distributed network architecture to match two data sets without sharing or exposing personal data.
- Personal data never leaves your data environment
- Built-in cryptography ensures that no party, including Karlsgate, can re-identify any data
- Distributed architecture democratizes connectivity and enables you to build private connectivity networks


...With Full Lifecycle Data Security
For protecting data at rest, Karlsgate has partnered with LexisNexis® Risk Solutions to deliver the next generation in de-identification services with LexisNexis® Gravitas™ – next-generation tokenization combined with identity resolution backed by a Referential Data Layer.
- Leveraging the expertly sourced and curated data assets from LexisNexis® Risk Solutions, KIE can detect ambiguous identities, reducing incorrect and missed matches typically found in current solutions, while also uncovering previously missed matches due to name and/or address changes
- Our Actionable De-identification™ means you have connectivity built into the token itself
- Privacy firewalls between each party ensures identity resolution does not leak identity during the tokenization process
- The next-generation tokenization solution, Gravitas™ - powered by KIE - combines access to a comprehensive data network with powerful, next-generation technology to unlock the power of real-world data for clinical research, gaining a more precise and more complete view of patients' healthcare journeys, and even removing barriers to care
Simplify Data Preparation
KIE removes and simplifies the workload involved in preparing data to be connected. From data format detection and normalization to the ease of data refresh, many of the lengthy and costly steps required before data is connected are now automatic.
- Keep your data format and structure intact (no transformations required)
- Scalable from 1 record to 1 billion records per listing, with unlimited listings per node and unlimited nodes per member
- Data refresh requires zero downtime; listings can be updated while actively connecting data files
- Key allineation enables users to match data effortlessly even if the underlying identifiers are subtly different


Handling Real-World Complexity
Automation cannot become a reality unless it is able to adapt to advanced scenarios and reduce custom effort. KIE brings efficiencies starting with a connect-once, transact with everyone approach. Free your IT resources from tactical data operations.
- Choose any identifiers for matching like email, address, device ID, IP address, geolocation, member-devised custom ID and more
- Matching rules are transparent and verifiable to both parties
- Optimize match rates using cascading match logic based on a pre-defined sequence
- Flexible outcomes for each match range from “see nothing” to appended attributes to anonymous record links
- Gain visibility into duplication within your data sets as well as your trading partners
Distributed Processing
Each data partner sets up a locally controlled node to facilitate data exchanges. Each node is a part of the distributed encryption and communication exchange network and automatically processes explicitly approved exchanges.
- Reads input identifiers from the original source file
- Negotiates shared secrets to protect each exchange
- Performs all hashing and encryption to create Cryptoidentities
- Uploads Cryptoidentities for match facilitation


Collaboration Portal
The KIE portal provides users direct access to the Exchange Proposal collaboration workflow. It allows users full control of the automated processes for connecting data.
- Requires zero technical coordination to execute transactions
- Discover data partners and available data
- Invite partners to connect data
- Manage match logic agreements digitally
- Control data matching rules
Lightweight and secure implementation
Deploy a one-time node software installation that runs on all major operating systems. Secure API using SSL encryption, password-protected network access and Cryptoidentities, so your Personal Data never leaves your environment.
Distributed automation
Minimize manual work and iterative troubleshooting with automation including secret key creation, linkage key detection, identifier compatibility alignment, in-line hashing algorithms, cascading match processing and attribute append execution.
Streamlined operations
Use auto-detection routines to reduce the effort involved in modeling data formats and structure. No external taxonomy is implied or needed. Your data modeling stays completely intact. A built-in ETL engine and resilient data transfer mechanisms keep the full exchange procedure “hands-off.”

Beyond Compliance: Business Associate Agreements Do Not Protect Data
Discover why relying solely on Business Associate Agreements for data protection is no longer enough in today's healthcare landscape.

Transforming Healthcare Data Connectivity for Precision Insights
There hasn’t been a way to access precision data needed at scale, without sacrificing the security of PHI in one way or another – until now...

The Healthcare Industry Has a Problem Linking Identifiable Data.
We know how to solve it.
FAQs
Frequently Asked Questions
How long does it take to process a trade?
It depends on the size of the files and the number of match passes and attributes appended. In general, 1 million records can be processed in 11 seconds (simple match pass) whilst 100 million records with 10 match passes and 600+ attributes appended would be processed in less than 18 hours.
Does Karlsgate do fuzzy matching?
We define fuzzy matching as loose matching rules based on probabilities. Our matching is fully deterministic—you will always have clarity over a match versus a non-match. To ensure that all potential matches are found, our software performs “soft matching,” or matching on equivalent alternatives, for examples “1 MAIN ST. APT. 2” = “1 Main Street #2”. Soft matching does not need direct access to PII to work and automatically rectifies differences in standardization, whitespace, punctuation, abbreviations, and phonetically similar words.
How does Karlsgate optimize matching to ensure high-quality match rates?
While the ultimate matching is deterministic due to the nature of the cryptoidentities being matched, Karlsgate’s node software performs robust data normalization and standardization processes to align identifying data elements prior to creating the cryptoidentities, which boosts match rates without over-matching.
How many match passes can I use?
For a single trade, you can have up to 10 different match passes, cascading down.