About the Company and Technology.

  • KL Data Security is an Australian company developing leading edge privacy solutions.
  • Our flagship product ARKpX allows our customers to share information with absolute privacy and control beyond the corporate firewall.
  • Using our unique key management system our users are empowered to protect their own data with encryption with total control.
  • Only our users are able to access the keys and therefore they have complete control over who they share them with.
  • We provide security, privacy, and control of your data, no matter who it is shared with, where it is stored, or which devices it is stored on.
  • No trusted third party is required, as long as someone else holds the keys there is always a way in.

ARKpX sets a new benchmark in privacy. It is different by design.

  • Decentralised peer-to-peer client-side encryption and key management
  • End-to-end encryption and full signing of encrypted files
  • Strong authentication using certificate-based
  • Full digital signatures to verify information integrity
  • Control, even when files are downloaded to a local device
  • A complete audit trail of access
  • Choice of data storage provider and location


ARKpX for the cloud


ARKpX for financial services

  • How it Works

  • Privacy

  • Control

How it works diagram


Document-level, end-to-end encryption and peer-to-peer, user-controlled keys. The only way to ensure a private exchange between users.

Unlike traditional cloud storage, ARKpX delivers robust client-side encryption for every file. When you share a file with another party, it is individually encrypted locally on your device, in transit and on the other user’s device. You control the keys. No one, not even ARKpX, can look at your data.

You also retain complete control of the files you have shared – even on someone else’s server, desktop or mobile device through Privacy@Rest®. This allows you to revoke access, even if the file has been downloaded. It also allows you to enforce Digital Rights Management (DRM) on files, even within ARKpX.

There is no middleman with ARKpX and no extra hardware or IT infrastructure required. While it uses highly sophisticated and robust technology, developed by leading figures in encryption, the user experience is seamless, elegant and mobile.

Talk to an ARKpX expert

Privacy Diagram


By delivering client-side file encryption and user control as the standard, we are able to offer truly private exchange between external parties for the first time.

ARKpX uses strong certificate-based authentication instead of simple passwords. Our security foundation is in advance of best-practice. Find out more about the technology here.

Your files remain private on your device, in transit and on the device of the person you are sharing with. Even if a device is hacked, your files remain encrypted, secure and protected. ARKpX only facilitates storage of your encrypted data. You alone control the keys.

Our privacy benchmark even extends to where ARKpX stores your data. Choose the storage jurisdiction and provider, with no data sovereignty concerns.

Guard against lost or stolen devices through our Mobile File Management (MFM), without needing MDM or BYOD restrictions.

Talk to an ARKpX expert

Control Diagram


You generate keys, certificates and passwords. You give access. You revoke access. You delete. Even after your files have been downloaded elsewhere. You’re in control.

Expand the digital boundary of your organisation to your extended enterprise and still maintain absolute privacy for your data. With ARKpX you generate, and revoke, keys to access your data. That means you choose who you trust. The way it should be. At rest or in transit, and on every device, your data is protected from unintentional and malicious interference.

As all data is digitally signed, you can be assured of its integrity.

When the data is no longer needed, you delete the file and can be assured that it has been completely erased, everywhere.

Talk to an ARKpX expert

ARKpX Technical Features

User Control 





  • Client-side encryption
  • Client-generated encryption keys
  • Client-side keystore
  • Digital signatures
  • OCSP revocation checking



  • Two-factor invitation process
  • Strong credentials
  • Key rolling on un-invite




  • Credential backup
  • Client workspace management
  • Client password reset

Public/Private Keys and Certificates (RSA 2048, X.509)


  • Client-side SSL
  • Signing
  • Encryption
  • Certificate management
  • Email


Symmetric Keys (AES-256)


  • Documents
  • Workspaces
  • Communities


Short-lived Authorization Codes

  • Email verification
  • Invitations



  • Microsoft Windows
  • Apple Mac, iPad and iPhone
  • Android (coming)
  • API (REST) interfaces



  • Client software code signed
  • No ability for administrators to override keys or encryption
  • Self-enforcing access controls
  • Strong authentication
  • Mutual (client-auth) SSL
  • Strict segregation and compartmentalization
  • Full certificate management (CMP, CRMF, OCSP)



  • Decentralized administration
  • Standard cryptographic algorithms
  • Redundant Tier 1 data centers
  • Ongoing security assessments

Abbreviations and Acronyms

  • API – Application Programing Interface
  • AES – Advanced Encryption Standard specified in FIPS 197
  • CMP – Certificate Management Protocol specified in RFC 4210
  • CRMF – Certificate Request Message Format specified in RFC 4211
  • FIPS – Federal Information Processing Standard
  • MSSL/MTLS – Mutual (client authenticated) Secure Sockets Layer/Transport Layer Security
  • OCSP – Online Certificate Status Protocol specified in RFC 2560
  • RFC – Request for Comments documents of IETF
  • RSA – Rivest, Shamir, Adelman (an algorithm)
  • SSL/TLS – Secure Sockets Layer/Transport Layer Security
  • X.509 – Public Key Certificate specified in RFC 5280

ARKpX Architecture

ARKpX Architecture diagram

Strong Credentials

On registration, the user creates a set of personal cryptographic keys and stores them in a local protected (encrypted) keystore. The keystore contains duty specific key pairs, one each for (data) signing, encryption, (mutual SSL) communications, email and (agent-to-agent) message signing.

Strong Trust

Strong trust is established with the exchange of personal certificates using a two-factor system that creates a cryptographically secure channel. The peer-to-peer exchange of certificates ensures that you and the person you have invited have established a trust relationship. There is no central authority.

Strong Keys and Protection

Each new ARK, whether for a client or a peer, and the files within, have their own distinct encryption keys. These are generated client-side and accessed via a key hierarchy in which the ARK keys are distributed with the encryption certificate of the invited members. This provides for scalability while providing an extremely high degree of privacy for shared information.

Talk to an ARKpX expert