In distributed systems today, secure and resilient communication is everything. As both cyber threats and future quantum risks continue to evolve, architectures must prepare now for quantum-resistant data transport. Two technologies — MTE API Relay from Eclypses and Envoy Proxy — can work together to achieve exactly that.

Brief Introduction​

Envoy is a high-performance L4/L7 proxy designed for service-to-service communication, load balancing, observability, and traffic management. It powers many modern service meshes, such as Istio and Consul.

MTE API Relay is a lightweight, containerized proxy that provides end-to-end encryption using Eclypses’ MicroToken Exchange (MTE) technology. It protects every byte of data that moves between trusted server components, ensuring that no untrusted network or intermediary can access or alter sensitive information. MTE encryption is designed with Quantum Resistant Enforcement (QRE) in mind — protection not only for current threats but also for attacks possible in the quantum era.

The Eclypses MTE API Relay Container-type product is now available in the AWS Marketplace.

Eclypses MTE API Relay Server is a proxy server deployed through a docker container. Due to the success of the MTE Relay Server container for Client/Server use-cases, the decision was made to publish the MTE API Relay through the AWS marketplace for Server-to-Server network level communication for HTTP Requests between API Services.

Use Case​

Network-level protection for HTTP Requests between AWS and another AWS Region, account, etc. As the product evolves, the "3rd Party Environment" could be another cloud service like Azure, or an on-premise container.

Big changes:

• Server-to-Server support
• New usage guide

The Eclypses MTE Relay Server Container-type product is now available in the AWS Marketplace.

Big changes:

• Encoded Custom Headers
• Encoded URL Strings and Query Parameters
• Support for MKE Streaming

More information is available here.

Version 4.1​

• New Client / Server Licensed Build Types.
• Dropped MteSdr support for client / server builds.
• Many improvements for the demo projects and their ReadMe files.
• Documentation improvements regarding MKE compatibility, missing functions in MinSizeRel builds and the usage of “C” macros.

The Eclypses MTE Relay Server Container-type product is now available in the AWS Marketplace.

MTE Relay Server in AWS has been updated to include MTE 4.0 library and features.

Other changes:

• Added Kyber algorithm for the handshake
• Fixed bugs
• Support for streaming requests and responses
• Consolidated MTE-Relay Header

More information is available here.

The Eclypses MTE Relay Server Container-type product is now available in the AWS Marketplace.

Eclypses MTE Relay Server is a proxy server deployed through a docker container, and is ideal for companies that want to protect their Web application data, credentials, and other critical data. Originally, the Relay was designed as a one-size-fits-most implementation for MTE Web customers. Due to the success of the container, the decision was made to publish the MTE Relay through the AWS marketplace.

Big changes:

• Built-in support for AWS Services
  • ECS, Elasticache, CloudWatch
• Streaming support for pass-through routes

More information is available here.

Version 4.0​

• Jailbreak Add-on removed - both Android and iOS operating systems have made our previous detection techniques obsolete. iOS cannot be jailbroken anymore for several releases now. Android that is jailbroken with “Magisk” tools cannot be detected, therefore it rendered our jailbreak useless.

• New Add-on: Elliptic Curve Diffie-Hellman (ECDH)

• New Add-on: Kyber

• New Kyber Hash Algorithms: SHA3_STD and SHA2_90S

• New Random Number utility to seed the ECDH and Kyber add-ons

• Added the 'Paired Licenses' capability, which means that only paired-licensed MTE Builds will be able to communicate with one another.

• MKE now supports compatibility between non-chunked and chunked

• MKE no longer supports "ECB" and "CBC" cipher algorithms

• Fixed C struct macros that started to fail on certain C++ compilers under certain build configurations.

Version 3.1​

• Added build support for the nRF52833 microcontroller, including AES hardware acceleration.
• Demo improvements.
• Language interface improvements.
• Documentation improvements.
• Removed unnecessary interfaces in WASM language interface when add-ons are not used.

Version 3.0.0​

• Refactored C API for efficiency and size.
• Internal improvements to reduce library size and improve performance.
• Added thin wrapper API for language interfaces that cannot use the new C API.
• Removed C "supplemental" API.
• Updates to language interfaces to handle minimum-size release build changes and edge cases.
• Renamed Vault to Secure Data Replacement (SDR).
• Added build support for the 24FJ128GA204 microcontroller.
• Added build support for the ATMEGA2560 microcontroller.
• Added build support for the AVR128DA48 microcontroller.
• Added demos for WASM/JS SDR.
• Set minimum iOS/macOS target to avoid linker warnings.
• Set minimum Android target.
• Simplified WASM/JS APIs to use fewer stringified numbers where possible.

Version 2.2.0​

• Add WASM/JS MTE Vault implementation
• Support Java Exception serialization
• Pin all internal buffers in C# language interfaces to work around a bug in at least some C# compiler/runtime combinations that move buffer location without copying contents
• Update MKE C# interface to support strings more efficiently
• Redesign the WASM/JS SDK to create a single package that supports CommonJS modules, ECMAScript modules, and Typescript
• Fix an issue with WASM/JS where the saved state array would become invalid if the encoder/decoder was deleted
• Clarify Swift exception throwing in MTE Vault