Foundational concepts
Section purpose: convey the conceptual foundation of ANKASecure© — the architectural shift it represents, the framework that operationalizes it, and the deployment organization model that materializes it.
Audience: Solution Architects, Enterprise Architects, CISOs, IT Directors, and any reader new to the platform's conceptual underpinnings.
What this section answers
mindmap
root((Foundational<br/>concepts))
Why does ANKASecure© exist?
Three doors, one solution
The Cryptographic Control Plane
What is the framework?
CAPA — Crypto Agility Posture Architecture
The five pillars
Cryptographic sovereignty
Where do I stand today?
The Cryptographic Maturity Model
How is the platform organized?
Deployment organization model
Entities, layers, relationships
What primitives support it?
KID system, hybrid keys, JOSE
Multi-tenant isolation
Envelope encryptionThree doors, one destination
Most enterprises arrive at ANKASecure© through one of three concerns:
| Entry concern | What the buyer is asking | What they get |
|---|---|---|
| 🎯 Enterprise crypto control | "How do I govern cryptography across my entire enterprise without ripping out application code?" | A control plane — and as bonuses, sovereign exchanges with third parties and PQC readiness |
| ⚛️ Post-quantum readiness | "How do I migrate to PQC without rebuilding every application?" | PQC-by-policy — and as bonuses, enterprise governance and sovereign third-party exchange |
| 🛡️ Cryptographic sovereignty | "How do I share data with third parties without surrendering control over my keys?" | Mediated capabilities instead of shared keys — and as bonuses, PQC readiness and enterprise governance |
These are not three different products. They are three different doors into the same architectural shift: cryptography becomes infrastructure governed by policy, not code embedded in applications.
The full narrative is in Three doors, one solution.
Reading paths by reader profile
For Enterprise Architects and CIOs/CTOs
Start with the architectural narrative, then explore the framework, then the model:
- Three doors, one solution
- The Cryptographic Control Plane
- The CAPA framework and the five pillars
- The Cryptographic Maturity Model
- Deployment organization model
For CISOs and security leaders focused on third-party risk
Start with sovereignty, then move to the broader model:
- Cryptographic sovereignty
- Three doors, one solution
- The Cryptographic Control Plane
- Reference scenarios — particularly the BPO and card-issuance examples
- The CAPA framework
For PQC migration leads
Start with the maturity context, then the framework, then the technical primitives:
- The Cryptographic Maturity Model
- The CAPA framework, particularly Crypto-Agility and Frictionless Modernization
- Policy-Driven Crypto-Agility
- Hybrid vs Composite Keys
- Deployment organization model
For Solution Architects designing a deployment
Go directly to the model, with the framework as supporting context:
- Deployment organization model
- Entity reference
- Reference scenarios
- The CAPA framework for governance vocabulary
- Cryptographic sovereignty for third-party exchange patterns
Conceptual map of this section
flowchart TB
OV["Overview<br/><i>this page</i>"]
TD["Three doors,<br/>one solution"]
CCP["The Cryptographic<br/>Control Plane"]
CAPA["The CAPA<br/>framework"]
SOV["Cryptographic<br/>sovereignty"]
MAT["Cryptographic<br/>Maturity Model"]
DOM["Deployment<br/>organization model"]
PRIM["Cryptographic<br/>primitives & patterns"]
OV --> TD
TD --> CCP
TD --> SOV
CCP --> CAPA
CAPA --> MAT
SOV --> DOM
MAT --> DOM
CAPA --> DOM
DOM --> PRIM
style OV fill:#e8f4f8,stroke:#1a5276,stroke-width:2px
style TD fill:#fdebd0,stroke:#d68910,stroke-width:2px
style DOM fill:#d5f5e3,stroke:#1e8449,stroke-width:2px
style PRIM fill:#e8daef,stroke:#7d3c98Section contents
The architectural narrative
- Three doors, one solution — why three different buyer concerns converge on the same platform
- The Cryptographic Control Plane — the architectural shift from embedded cryptography to governed infrastructure
- Cryptographic sovereignty — the principle of keeping cryptographic control in the data owner's domain
- The Cryptographic Maturity Model — five levels of organizational cryptographic capability
The CAPA framework
- Overview and the five pillars
- Pillar 1 — Crypto-Agility
- Pillar 2 — Cryptographic Sovereignty
- Pillar 3 — Frictionless Modernization
- Pillar 4 — Policy-Driven Governance
- Pillar 5 — Regulatory Compliance
The deployment organization model
Cryptographic primitives and patterns
- Hybrid vs Composite Keys
- Policy-Driven Crypto-Agility
- Key Identifier (KID) System
- Multi-Tenant Isolation Model
- Envelope Encryption Pattern
- Detached Signatures & Streaming
- Interoperability & Standards
- JOSE Technical Reference
How this section relates to the rest of the documentation
| For… | See… |
|---|---|
| The technical architecture of the platform | Architecture section |
| The implementation of the control plane | Cryptographic Control Plane Architecture |
| Component-level details | Components section |
| Migration planning | Cryptographic Maturity Model and CAPA framework |
| Sales and partner enablement | Sales & marketing (links back to this section) |
This section is the single source of truth for foundational concepts. Other sections — sales material, training, architecture detail — reference these pages rather than duplicating them.