EntropyX Advanced Compression
EntropyX Advanced Compression
  • Home
  • EntropyX: Nexus
  • EntropyX: Core
  • EntropyX: IAM
  • Features Demo
  • Downloadable Documents
  • About us
  • Contact
  • More
    • Home
    • EntropyX: Nexus
    • EntropyX: Core
    • EntropyX: IAM
    • Features Demo
    • Downloadable Documents
    • About us
    • Contact
  • Home
  • EntropyX: Nexus
  • EntropyX: Core
  • EntropyX: IAM
  • Features Demo
  • Downloadable Documents
  • About us
  • Contact

EntropyX: IAM Advanced Compression

EntropyX: IAM

 EntropyX: IAM is a secure, enterprise-only identity and access management (IAM) suite designed for centralized control over user accounts and software licenses. Built with a modern Python backend, it offers robust authentication, granular access controls, and tamper-evident unified audit logging, providing reliable compliance and accountability for professional organizations. 

 

Key Features

  • Centralized License & Account Database: Securely stores all user accounts and license keys in a centralized SQLite database.


  • Supports transparent database encryption with machine-specific keys. License format: 55555-55555-55555-HASH with computer binding on first use. No default admin or backdoor accounts. Admins must be provisioned manually.


  • Granular Role-Based Access Control: Uses a strict separation of roles: ADMIN, USER, AUDITOR. Only authenticated users can access compression features. Admins have full access including exclusive analytics dashboard and password changes and account creation.


  • Enterprise-Grade Authentication: All credentials are protected by bcrypt password hashing with salt. Authentication is session-based with 8-hour expiration and automatic cleanup of expired sessions. Session tokens use cryptographically secure random generation.


  • Unified Tamper-Evident Audit Logging: Every action, including logins, license activations, file operations, file operations, and security events, is recorded in a single rotating log file (entropyx_unified.log) with 30-day retention, session IDs, integrity hashes, and detailed metadata for compliance.


  • **License Tracking & Character license keys with format validation, computer hash binding (8-character SHA256), usage tracking with timestamps and counters. Supports license validation against centralized database with detailed usage logging.


  • Database Encryption Management: Optional transparent encryption for all databases using Fernet encryption with machine-specific keys stored in EntropyX_Keys directory. Encrypted databases remain fully functional while being unreadable by external tools.


  • No External Telemetry or Backdoors: No data is ever sent to external servers. No telemetry, no anonymous usage statistics, no domain call-outs, and no hidden access. All processing occurs locally with comprehensive audit trails.


  • Advanced Analytics Dashboard (ADMIN-only): Real-time operational metrics, security monitoring, compliance scoring, cost analysis with ROI calculations, user risk assessment, and comprehensive reporting. Includes failed login tracking, security violation detection, and bandwidth savings analysis.


  • Multi-Format Compression Suite: 
    • Batch compression with ZIP format (configurable compression levels 1-9)
    • DOCX to PDF conversion with ultra-aggressive Ghostscript optimization (36 DPI, grayscale conversion, font removal)
    • Media compression using FFmpeg for audio/video files with quality presets
    • Support for 20+ file formats including TIFF, RAW camera formats (CR2, NEF, ARW), DICOM medical imaging, FITS astronomy files, and SQL databases


  • Security Hardening: 
    • Input validation with filename sanitization and path traversal prevention
    • 500MB file size limit per file
    • Reserved Windows filename checking
    • Dangerous character filtering
    • Real-time security event logging with severity levels


 Enterprise-Grade by Design EntropyX: IAM requires manual setup via License Generator tools for initial database and account creation. All compression operations mandate user authentication. No anonymous processing is permitted. Every action is protected against tampering with SHA256 integrity hashes, detailed log rotation, and session tracking. Database encryption ensures data protection at rest while maintaining full application functionality. This security model is fully enforced by code validation through the require_authentication() function that blocks all compression features until valid credentials are provided. 

EntropyX: IAM Security implements enterprise-grade security controls with centralized user management and comprehensive audit capabilities. The following technical features are built into the Identity and Access Management system:


Authentication & Access Control:

  • Strong Password Hashing: BCrypt with cost factor 14 (16,384 iterations) plus SHA-256 pre-hashing
  • Brute Force Protection: 5-attempt limit with 15-minute account lockout and IP tracking
  • Session Management: 8-hour token-based sessions with 30-minute idle timeout
  • Role-Based Access: ADMIN (full system access) and USER (compression only) privilege separation
  • Timing Attack Protection: Dummy hash operations and random delays (0-9ms) prevent analysis
  • Multi-Factor Ready: Architecture supports MFA integration with secure session tokens
  • Database Integration: Centralized SQLite authentication with parameterized queries


Database Security & Encryption:

  • Triple Database Encryption: licenses.db, accounts.db, and analytics.db with individual keys
  • Algorithm: Fernet (AES-128-CBC + HMAC-SHA256) with metadata verification
  • Key Derivation: PBKDF2 with 100,000 iterations and machine-specific salts
  • Secure Key Management: Isolated EntropyX_Keys directory with file system protection
  • Connection Security: Encrypted database wrappers with automatic re-encryption
  • Backup Protection: Automatic encrypted backups before database operations
  • Schema Validation: Database integrity checks and secure connection management


Advanced Threat Protection:

  • SQL Injection Prevention: 15+ pattern detection with parameterized queries
  • Path Traversal Defense: Enhanced detection for ../, encoded variants, and UNC paths
  • ZIP Bomb Detection: 50:1 compression ratio limit, 512MB uncompressed size, 500 file maximum
  • File Validation: Magic number verification against 25+ supported file extensions
  • Input Sanitization: Unicode normalization, dangerous character removal, length validation
  • Process Isolation: Controlled external tool execution with resource limits
  • Memory Protection: Secure deletion of temporary files and sensitive data


Comprehensive Audit & Analytics:

  • Unified Logging: Single tamper-evident log with integrity hashing and session correlation
  • Real-Time Monitoring: Live security event detection with automated response capabilities
  • Compliance Scoring: 100-point scale with automated risk assessment and trend analysis
  • User Behavior Analytics: Failed login tracking, security violation scoring, and anomaly detection
  • Forensic Capabilities: Complete audit trails with timeline reconstruction and correlation analysis
  • ADMIN-Only Dashboard: Advanced analytics with security metrics and compliance reporting
  • Export Capabilities: Multi-format report generation (CSV, JSON) with audit trail preservation


Enterprise Security Architecture:

  • Zero Trust Model: Authentication required for all compression operations
  • Centralized Management: Shared database locations with user-specific isolation
  • Auto-Detection: Dynamic user path discovery with fallback location hierarchy
  • Security Validation: Six-point application integrity verification on every startup
  • Encryption Management: ADMIN-controlled database encryption with secure key rotation
  • Access Logging: Every operation logged with user attribution and timestamp verification


Please note: These technical security features provide enterprise-grade protection and compliance foundation. Full regulatory compliance may require additional organizational policies and procedures beyond the application's technical capabilities

 EntropyX: IAM Compliance is engineered to align with leading industry security and privacy frameworks. The following controls are implemented to support compliance across major enterprise standards:


OWASP Top Ten:

  • Authentication Controls: BCrypt hashing with PBKDF2 key derivation prevents credential attacks
  • Session Management: Secure token-based sessions with automatic timeout and invalidation
  • Input Validation: SQL injection prevention with 15+ pattern detection and parameterized queries
  • Access Control: Role-based permissions with least privilege enforcement
  • Security Logging: Comprehensive audit trails with integrity protection and real-time monitoring
  • Cryptographic Protection: AES-128-CBC encryption for data at rest with secure key management
  • Error Handling: Sanitized error messages preventing information disclosure
  • Configuration Security: Secure defaults with validation checks and integrity verification


NIST Cybersecurity Framework:

  • Identify: Asset inventory through database tracking and automated risk assessment scoring
  • Protect: Multi-layer security with encryption, access controls, and authentication mechanisms
  • Detect: Real-time security monitoring with anomaly detection and threat identification
  • Respond: Automated incident response with user lockouts and security event correlation
  • Recover: Database backup procedures with secure restoration and integrity verification


ISO 27001 Controls:

  • A.9 Access Control: Centralized user management with role-based access and session controls
  • A.10 Cryptography: AES encryption implementation with secure key lifecycle management
  • A.12 Operations Security: Comprehensive logging, monitoring, and automated backup procedures
  • A.16 Incident Management: Security event detection, logging, and automated response capabilities
  • A.18 Compliance: Continuous compliance monitoring with automated scoring and audit trails


FISMA/FedRAMP Controls:

  • AC (Access Control): Account management with strong authentication and session controls
  • AU (Audit): Tamper-evident logging with 30-day retention and integrity verification
  • IA (Authentication): Multi-factor ready architecture with strong password policies
  • SC (System Protection): Database encryption and secure communication protocols
  • SI (System Integrity): Input validation, malware protection, and application integrity checks


Healthcare & Financial Compliance:

  • HIPAA Technical Safeguards: Access control, audit logs, integrity controls, and encryption
  • PCI DSS Requirements: Strong authentication, comprehensive logging, and data protection
  • SOX IT Controls: Detailed audit trails supporting operational transparency and internal controls
  • GLBA Safeguards: Customer information protection through encryption and access controls


Data Protection Regulations:

  • GDPR Article 32: Security of processing through encryption, access controls, and audit capabilities
  • CCPA Technical Safeguards: Data protection measures with comprehensive audit trails
  • Privacy by Design: Local processing with centralized authentication and minimal data collection
  • Data Minimization: Only necessary authentication data collected with automatic expiration policies


Please note: While EntropyX IAM includes foundational security and privacy features required by these frameworks, full compliance may require additional organizational, deployment, or administrative controls, such as user authentication policies, log retention procedures, and protected audit log storage.

Verified by Automated Security Testing

 All major versions of EntropyX: IAM are scanned with Bandit and Semgrep static analysis tools.

Latest results: 7/19/25

  • Zero high or medium severity issues
     
  • All subprocess and input handling reviewed and documented for safety
     
  • No code paths that allow for command injection or unsafe deserialization
     

Full scan logs are available on request.


Developed with Industry Best Practices

EntropyX: IAM follows secure coding standards inspired by the OWASP Top Ten and privacy-by-design principles, ensuring no hidden data collection or remote processing.


 All major versions of EntropyX: IAM are continuously scanned with Bandit and Semgrep security tools to ensure zero critical code vulnerabilities, robust subprocess handling, and strong protection against unsafe deserialization or command injection. 

Copyright © 2025 EntropyX ™  Advanced Compression - All Rights Reserved.

  • Downloadable Documents
  • About us
  • Contact

Powered by

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

Accept