Home/Data Sovereignty

Solution

Sovereignty isn't where
your data lives.
It's who controls the keys.

Infrastructure does not determine control. Cryptography does. Lokblok removes provider control at the key layer, entirely.

The Illusion of Sovereignty

A decade of effort, and control still lives with the provider.

Governments and enterprises have spent years building sovereign infrastructure: sovereign cloud, national data centres, regional providers, legal protections. But there's a problem.

Infrastructure does not determine control.

Cryptography does.

The structural gap

Infrastructure sovereignty answers where systems run and who owns them.

It does not answer who can actually decrypt, revoke, or control access.

The Hidden Dependency

Most "sovereign" systems still rely on the provider.

Provider-controlled key management

The provider holds or can reconstruct master keys, making sovereignty conditional on their cooperation.

Centralised identity systems

Identity is managed by a central party who can revoke or modify access unilaterally.

Recovery and override mechanisms

"Break glass" paths are built into every platform, and those paths can be used against you.

Escrowed or reconstructable keys

If a provider can reconstruct keys, sovereignty is conditional, not absolute.

The Kill Switch Problem

Digital systems can be disabled without touching infrastructure.

The 2025 ICC sanctions exposed something uncomfortable. Financial access was revoked. Software access was disabled. Cloud systems were cut off. No servers were seized. No borders were crossed.

Control came from

Identity
Access
Keys

What this means for any organisation dependent on external providers

Providers can still access or reconstruct keys
Systems can still be disabled remotely
Data can still be exposed under compulsion
Sovereignty is conditional, not guaranteed

The Lokblok Model

Cryptographic Sovereignty.

Lokblok removes provider control at the key layer. No single provider or operator can reconstruct keys or revoke access.

What's removed, with Phantom Secrets™

No provider-held master keys
No escrowed recovery paths
No reconstructable secrets at rest
No unilateral administrative override

Instead

Keys distributed across independent parties
Reconstruction requires threshold cooperation
Keys exist only during authorised operations
Keys destroyed immediately after use
JurisdictionControl

Sovereignty becomes technical, not contractual.

TrustEnforcement

Providers cannot act outside defined policy, because they physically lack the capability.

"Can't""Impossible"

Not prohibited. Not unlikely. Impossible.

How It Works

Four layers of cryptographic control.

1

Non-custodial key fabric: Phantom Secrets™

No stored keys. No provider access. No recovery backdoors. Keys are distributed as public Regen Tokens, harmless on their own, reconstructable only under strict conditions inside certified hardware.

2

Threshold governance

Multiple independent parties are required to reconstruct any key. The quorum can be configured to reflect institutional checks and balances, for example a government authority, an independent agency, and a trusted third party. No single entity can act alone.

3

Hardware-rooted execution

Keys are reconstructed only inside certified hardware. They are never exposed outside the hardware boundary, not in memory, not in transit, not in logs.

4

Ephemeral lifecycle

Keys exist only during authorised operations, then are destroyed immediately. There is no persistent key state to harvest, compel, or exploit.

Real-World Applications

Where cryptographic sovereignty changes everything.

Sovereign Cloud (Oracle, Azure, AWS)

Today

Keys exist within provider-controlled boundaries
Recovery ultimately depends on provider capability

With Lokblok

No provider-accessible keys
No recovery via admin privileges
No exposure under legal compulsion: providers cannot disclose keys they do not hold

Digital Identity (EUDI & National Systems)

Today

Centralised recovery
Provider or state-controlled key paths

With Lokblok

Non-custodial recovery
Threshold-based identity control
No unilateral revocation. Identity sovereignty without key sovereignty remains incomplete.

Government & Critical Infrastructure

Today

Single operators can disable systems
Insiders can access sensitive data alone

With Lokblok

No single operator can disable systems
No insider can access sensitive data alone
No external actor can compel key disclosure

Cross-Jurisdiction Systems

Today

Single jurisdictions hold full control
Legal compulsion can force disclosure

With Lokblok

No single jurisdiction holds full control
Sovereign authority distributed by design
Legal compulsion cannot recreate non-existent keys

Why Traditional Models Fail

Every approach leaves the provider in control.

Sovereign cloud

Provider still holds master keys. Infrastructure sovereignty without key sovereignty.

KMS / HSM

Keys persist inside the provider boundary. The boundary can be compelled or bypassed.

Identity platforms

Centralised revocation power: the provider can disable identity unilaterally.

Key escrow

Recovery paths create attack surface. If the recovery path exists, it can be exploited.

Lokblok

No provider keys.
No central authority.
No kill switch.

Strategic Impact

Five outcomes that redefine what sovereignty means.

True independence

Not dependent on provider cooperation. Sovereignty is structural, not relational.

Legal resilience

Nothing to disclose under compulsion. Legal pressure cannot recreate keys that don't exist.

Operational continuity

Systems remain functional under disruption. No remote kill switch can be pulled.

Reduced insider risk

No single privileged actor can compromise systems. Threshold governance is enforced by the architecture.

Future-proof security

No long-lived keys to harvest or attack. Quantum computing has nothing to target.

Products Used in This Solution

Five products. One connected architecture.

Phantom Secrets™, Lokblok® zero-persistence key reconstruction modulePhantom Secrets™Phantom Gate™, Lokblok® zero-trust authentication gatewayPhantom Gate™Secure Terminal™, Lokblok® hardware execution layerSecure Terminal™ToughID™, Lokblok® hardware-bound identity attestation deviceToughID™Toughkey™, Lokblok® cryptographic hardware keyToughkey™

If someone else can access your keys,
they control your system.

Lokblok ensures they can't.

Get In TouchSovereign Architecture