🔐 Customer Best Practices Guide

How to effectively use the Patent #65 API for maximum security

📋 Table of Contents

  1. The Golden Rule
  2. Understanding What You Receive
  3. Key Management Strategies
  4. Pathway Selection Strategy
  5. File Organization System
  6. Security Tiers Framework
  7. Common Workflows
  8. Do's and Don'ts

🏆 1. The Golden Rule

⚠️ CRITICAL: You need ALL THREE components to decrypt your data: Ciphertext + Key + Pathway. Lose ANY ONE of them, and your data is PERMANENTLY UNRECOVERABLE. Not even we can help you—we don't store anything.

🔓 Your Data
↓ ENCRYPT
📄 Ciphertext
🔑 Key
🛤️ Pathway
↓ DECRYPT (need all 3!)
🔓 Your Data

✅ Best Practice: Always store these three components in DIFFERENT locations. If someone gets your encrypted file, they still can't decrypt without the key AND pathway.

📦 2. Understanding What You Receive

When you call /encrypt, you receive a JSON response with everything you need:

{
  "ciphertext": "4b17524655923e55bb8a9c...",  // Your encrypted data
  "key": "5c7c2580f4af820e73e07f1ab...",       // 64-character hex key
  "pathway_used": [3, 3, 3, 3],              // Which route through 4 shells
  "encryption_time_ms": 0.23,               // Performance metric
  "shells_traversed": 4,                    // Always 4
  "ciphertext_size": 156,                   // Bytes
  "plaintext_size": 100                      // Original size
}

Component Breakdown:

Component What It Is Security Level Can Be Stored
Ciphertext Your encrypted data (unreadable) Safe to store anywhere Cloud, database, public ✅
Key 64-character hex string ⚠️ SENSITIVE Password manager, secure vault
Pathway 4 numbers [1-7, 1-7, 1-7, 1-7] ⚠️ SENSITIVE With key OR memorized

🔑 3. Key Management Strategies

Strategy A: Separation (Recommended)

Store each component in a different location:

📄 Ciphertext

  • Your regular cloud storage
  • Database
  • Even public if needed

🔑 Key + Pathway

  • Password manager (1Password, Bitwarden)
  • Hardware security key
  • Encrypted local file

Strategy B: Key File Method

The file encryption demo at secure.sevencubedsevenlabs.com generates a .key file containing both key and pathway:

{
  "key": "5c7c2580f4af820e73e07f1ab6537c7b...",
  "pathway": [3, 3, 3, 3],
  "filename": "document.pdf",
  "encrypted_at": "2026-01-09T10:30:00Z"
}

💡 Tip: Store the .encrypted file in cloud storage (Google Drive, Dropbox) and the .key file locally or in a password manager. Even if your cloud is breached, attackers can't decrypt without the key file.

Strategy C: Database Integration

For applications encrypting database fields:

// Example: Storing encrypted SSN
{
  "user_id": 12345,
  "name": "John Smith",
  "ssn_encrypted": "4b17524655923e55bb...",  // In main DB
  "ssn_key_ref": "key_12345_ssn"            // Reference to key vault
}

// Keys stored separately in secure vault (AWS KMS, HashiCorp Vault)
{
  "key_12345_ssn": {
    "key": "5c7c2580f4af820e73...",
    "pathway": [4, 2, 6, 3]
  }
}

🛤️ 4. Pathway Selection Strategy

The pathway [S1, S2, S3, S4] determines which of the 2,401 unique encryption routes your data takes. Each number (1-7) selects a different cryptographic primitive in each shell.

Option 1: Consistent Pathways (Easier Management)

Use the same pathway for categories of data:

Data Type Pathway Rationale
General documents [3, 3, 3, 3] Balanced, easy to remember
Financial records [5, 2, 1, 4] Compliance-optimized
Healthcare/PHI [4, 5, 2, 6] HIPAA-recommended
Maximum security [7, 7, 7, 7] Highest security primitives

✅ Benefit: With consistent pathways, you only need to remember/store the KEY. The pathway is implicit based on data type.

Option 2: Random Pathways (Maximum Security)

Let the API choose random pathways for each encryption:

// Don't specify pathway - API generates random
{
  "plaintext": "sensitive data"
  // pathway omitted = random selection
}

⚠️ Important: With random pathways, you MUST store the pathway with each key. Every encryption uses a different route.

Option 3: Recommended Pathways (API-Assisted)

Ask the API for recommendations based on your use case:

POST /pathways/recommend
{
  "use_case": "healthcare",
  "security_level": "high"
}

// Response:
{
  "recommended_pathway": [4, 5, 2, 6],
  "rationale": "Optimized for healthcare with high security"
}

📁 5. File Organization System

Recommended Folder Structure:

📁 Encrypted_Files/
├── 📁 Documents/
│   ├── contract_2026_01.encrypted
│   ├── tax_return_2025.encrypted
│   └── medical_records.encrypted
├── 📁 Keys/                          ← KEEP SEPARATE & SECURE!
│   ├── contract_2026_01.key
│   ├── tax_return_2025.key
│   └── medical_records.key
└── 📁 Index/
    └── encryption_log.csv            ← Track what's what

Encryption Log Template:

Original File Encrypted File Date Pathway Key Location
contract.pdf contract_2026_01.encrypted 2026-01-09 [3,3,3,3] 1Password
tax_2025.xlsx tax_return_2025.encrypted 2026-01-09 [5,2,1,4] Keys folder

Naming Convention:

// Pattern: [description]_[date].[extension]

✅ Good:
  contract_acme_2026_01.encrypted
  medical_records_smith.encrypted
  backup_database_20260109.encrypted

❌ Bad:
  file1.encrypted          // What is this?
  encrypted.encrypted      // No context
  asdf.encrypted          // Meaningless

🛡️ 6. Security Tiers Framework

Not all data needs the same protection level. Use this framework:

Tier Data Examples Pathway Key Storage
🟢 Standard Internal docs, general files [1, 1, 1, 1] Password manager
🟡 Elevated Financial data, PII [3, 3, 3, 3] Encrypted vault
🟠 High Healthcare (PHI), legal [5, 5, 5, 5] Hardware security module
🔴 Maximum Trade secrets, classified [7, 7, 7, 7] or random Air-gapped + physical safe

💡 Why Different Tiers? Higher pathways use more computationally intensive primitives. For most data, [3,3,3,3] is more than sufficient. Reserve [7,7,7,7] for truly critical information.

⚡ 7. Common Workflows

Workflow A: Encrypt a Single File

  1. Go to secure.sevencubedsevenlabs.com
  2. Drag & drop your file
  3. Select pathway (or use default [3,3,3,3])
  4. Click "Encrypt"
  5. Download BOTH files:
    • filename.encrypted → Store in cloud/anywhere
    • filename.key → Store securely (password manager)
  6. Delete original file (if desired)

Workflow B: API Integration (Code)

# Python example
import requests
import json

# Encrypt
response = requests.post(
    'https://api.sevencubedsevenlabs.com/encrypt',
    headers={'Content-Type': 'application/json'},
    json={
        'plaintext': 'sensitive data here',
        'pathway': [3, 3, 3, 3]
    }
)

result = response.json()

# Store ciphertext in database
save_to_db(result['ciphertext'])

# Store key + pathway in secure vault
save_to_vault({
    'key': result['key'],
    'pathway': result['pathway_used']
})

Workflow C: Decrypt When Needed

  1. Retrieve ciphertext from storage
  2. Retrieve key + pathway from secure vault
  3. Call /decrypt with all three
  4. Use the plaintext
  5. Clear plaintext from memory when done
# Decrypt
response = requests.post(
    'https://api.sevencubedsevenlabs.com/decrypt',
    json={
        'ciphertext': stored_ciphertext,
        'key': vault_data['key'],
        'pathway': vault_data['pathway']
    }
)

plaintext = response.json()['plaintext']
# Use it, then clear from memory

✅❌ 8. Do's and Don'ts

✅ DO

  • Store ciphertext and keys separately
  • Use a password manager for keys
  • Keep backups of your keys
  • Use consistent pathways per data type
  • Log what you've encrypted
  • Test decryption after encrypting
  • Delete plaintext after encrypting
  • Use HTTPS for all API calls

❌ DON'T

  • Store key next to ciphertext
  • Email keys in plaintext
  • Forget to save the pathway
  • Use the same key for multiple encryptions
  • Store keys in version control (git)
  • Share keys over insecure channels
  • Assume you can recover without all 3 components
  • Ignore the .key file thinking you don't need it

⚠️ Most Common Mistake: Users encrypt data, download only the .encrypted file, and ignore the .key file. When they try to decrypt later, they realize they can't. ALWAYS download and secure BOTH files!

📋 Quick Reference Card

Action Command/Location
Encrypt (web) secure.sevencubedsevenlabs.com
Encrypt (API) POST /encrypt
Decrypt (API) POST /decrypt
Get pathway recommendation POST /pathways/recommend
API Documentation api.sevencubedsevenlabs.com/docs
Support [email protected]

🎉 You're Ready! Follow these best practices and your data will be protected by 2,401 pathways of defense. If you have questions, we're here to help.

Seven Cubed Seven Labs LLC

7³ × 7 = 2,401 | Patent Pending