Sentinel ID · a Born Between Generals, LLC product
PII tokenization-as-a-service. Your working systems hold one-way tokens, never raw identity. Re-identification lives behind a separate, quorum-gated custody vault — so a breach of the app, the database, or a vendor exposes nothing usable.
Every app that stores names, emails, SSNs, or account numbers is a breach waiting to be reported. "Encryption at rest" doesn't help when the application itself can decrypt everything — one stolen credential, one insider, one over-scoped vendor, and the whole identity graph walks out the door.
Sentinel ID removes raw identity from your working systems entirely. What's left is a token. Tokens can't be reversed without the custody vault, and the vault doesn't open for one person.
Identity fields are replaced with deterministic, keyed HMAC tokens before they ever reach your database. The same person always maps to the same token (so joins and analytics still work), but the token cannot be turned back into a person without the vault.
The mapping from token to real identity is held in a dedicated custody vault, isolated from your application and its database. Your working systems never hold the keys — a full dump of your app exposes only tokens.
Re-identification is Shamir-gated: it takes a threshold of independent key-holders to reconstruct, plus a written reason. No single admin — and no single stolen credential — can unmask the population. Break-glass is real, logged, and alerted.
Need counts and trends without identities? Sentinel ID answers aggregate queries over tokenized data with differential-privacy controls, so analytics never require opening the vault.
Sentinel ID is licensed as the identity boundary around your existing stack — a dedicated, isolated instance for your organization, or white-labeled for platforms protecting identity on behalf of their own customers.
Sentinel ID is a product of Born Between Generals, LLC. To see tokenization, the custody vault, and quorum break-glass run end-to-end — and to discuss licensing — get in touch.
Architecture, threat model, crypto review, and key-ceremony docs available to qualified reviewers on request.