Karlsgate Identity Exchange (KIE)

If you want to learn more about membership or have questions, reach us at: contact@karlsgate.com

Visit our 3-step Getting Started tutorial to register a KIE membership for your organization as well as a user account.

Karlsgate Identity Exchange matching process is an orchestrated procedure between three (3) locations: (a) your internal network, (b) your trading partner's internal network, and (c) a cloud-based facilitator. The important detail is that zero identifying data leaves your environment – only cryptoidentities (single-use, secret keyed hash values derived from the original identifiers) are transmitted to a secure third-party escrow. Cryptoidentities are compared by a Karlsgate-controlled, temporary virtual machine (facilitation processor, i.e., facilitator) hosted by a major cloud provider.

The facilitator and its associated escrow storage are destroyed after every trade. No transmitted data is kept by Karlsgate after a trade (again, the escrow is purged). The cryptoidentities (single-use hash values) that are transmitted to the facilitator have no identifying value, since they are scrambled with a shared secret key between two trading partners for that one specific trade only (hence, their single-use), and the shared secret is never communicated to Karlsgate.

Unlike data clean rooms, the facilitator does not exist before each trade it processes and does not rely on any previously stored information.

Karlsgate never receives identifying or pseudonymous data. All data from our point of view is anonymized, since there is no possibility to re-identify individuals by using the data we receive.

The cryptoidentities (single-use hashes) are stored in a secure cloud storage escrow during the facilitation process. Once facilitation is completed, the facilitator (temporary virtual machine) and escrow storage are purged and decommissioned immediately. There is no residual data stored by Karlsgate.

The Karlsgate Identity Exchange (KIE), is a zero-trust data connectivity network technology, enabling companies to match and share data with complete security, privacy compliance and efficiency. Our users keep full custody of their own data, and never reveal PII (Personally Identifiable Information) to any other parties (including Karlsgate) during the entire matching and sharing process.

A node can host 1+ (multiple) listings (that is, a KIE member does not need a new node for every new listing or new trade).

No underlying source data will be uploaded to our platform. Once a listing is created, some data file details will be available on the platform, including source name, total number of records, identifier type & corresponding quantity, attribute name & corresponding quantity. That is, only some metadata is shared with us never your data.

Create an account on the Karlsgate Identity Exchange (KIE) and then deploy a node & add a listing to engage in a fully zero-trust environment.

1. Visit the KIE Portal to register for a KIE membership and user account
2. Deploy the KIE Node using one of the deployment methods described earlier (above)
3. Add a listing to the KIE Node using a delimited data file

Direct your trading partner to visit the 3-step Getting Started tutorial, which encapsulates the above actions, by sending them this URL:

https://portal.karlsgate.com/Help

In order to perform an internal trade, your organization must deploy at least two nodes with each node hosting a listing. When proposing an internal trade, your listings participating in the trade must be hosted on different nodes (that is, an intra-node trade is not supported).

Yes. It is free to get started using our Introductory level package. Once set up, you can facilitate a test trade between your company and our SampleBot, which hosts a listing consisting of 1,000 example records. Alternatively, invite a trading partner using one of the free, unrestricted trade requests you get when signing up.

Visit our 3-step Getting Started tutorial to use KIE and download our sample data (saving it as: sample.txt) during the tutorial.

Karlsgate is a global solution. Karlsgate adheres to US Department of State restrictions regarding prohibited countries.

Yes, the Karlsgate Identity Exchange (KIE) Node is required to be deployed on a cloud resource, virtual machine, or server under your control in your environment. This is what keeps your data safe.

Desktop quick test: This approach can help a user to rapidly get a node operational without requiring administrator access to a server. (Usually, root access or Run as administrator permissions to server requires a server administrator's involvement.) For example, you might run this on your local computer (desktop or laptop). A sample data file and a corresponding sample listing will be ready when deployment is complete. This sample listing can be used for test trade. It is an easy way to test and understand how to trade but running (or re-running) the quick test is required for each subsequent trade. This approach is useful for initial testing or for proof-of-concept purposes but is neither intended nor supported for production use.

Azure Marketplace, AWS Marketplace, Google Cloud Platform, Docker container, Linux server, or Windows server: The node becomes a critical service on the server, either physical or virtual. (The Linux server method requires root access to a server to perform the Linux systemd service deployment, while the Windows server method requires elevated permissions, that is, a command prompt opened with Run as Administrator, to perform the Windows service deployment.) These deployment methods are supported for production use and all include the following benefits:

• launches automatically whenever the environment is started;
• no user is required to login and run the service; and
• applies pending updates automatically.

Note, the Azure Marketplace, AWS Marketplace, Google Cloud Platform, and Docker container methods all utilize a container-based deployments of the node.

Production deployment options for the KIE Node are (a) as an Azure Marketplace or AWS Marketplace deployment; (b) on a container host capable of running a Docker image, including in Azure, AWS, or Google Cloud Platform; (c) as a Linux systemd service; or (d) as a Windows service. The recommended deployment method is Azure Marketplace.

The KIE Node only requires access to port 443 (HTTPS) for outgoing (egress) traffic. The node does not require allowing any incoming traffic (i.e., opening your ports) in your network. That is, there is no/zero ingress traffic to the node (again, only egress traffic).