User GuideDocumentationAPI DocumentationReference

AI Security

Here is a comprehensive example of using Locktera to secure documents in a central repository backing an AI system—where each document is encoded with DRM, and the AI model can only query documents the requesting user is authorized to access.

Use Locktera to Secure AI Training Repository with Per-User Access Controls

Use Case:
You operate an AI system that queries internal documents (e.g., support knowledge base, financial reports, legal memos). Each document is protected in a .tera container with user-specific access rules. When a query comes in, the AI is restricted to search only documents the authenticated user is authorized to access.

Architecture Overview

  1. Documents are encoded using Locktera into .tera containers with DRM.

  2. DRM rules specify allowed users (or roles/groups), access windows, and optional geo/IP filters.

  3. The AI app queries a filtered index that:

    • Validates the user via ORG_ID / API_KEY

    • Only decrypts and indexes allowed documents

  4. On each query, results are drawn only from decrypted documents the user can access.

Step-by-Step Encoding Process

1. Encode Each Document with Per-User DRM
{
  "container_name": "Legal_Notice_Q1",
  "org_id": "your-org-id",
  "dynamic": true,
  "downloadable": false,
  "recipients": [
    "legal.team@company.com",
    "cfo@company.com"
  ],
  "time": {
    "start": "2025-05-06T00:00:00Z",
    "end": "2026-01-01T00:00:00Z"
  }
}

Python-style code to encode:

def encode_secure_document(doc_path, container_name, recipients):
    manifest = {
        "container_name": container_name,
        "org_id": "your-org-id",
        "dynamic": True,
        "recipients": recipients,
        "downloadable": False
    }

    files = {
        "manifest.json": ("manifest.json", json.dumps(manifest), "application/json"),
        "files": (doc_path, open(doc_path, "rb"))
    }

    response = requests.post(
        "https://dev.locktera.com/api/v1/users/{user_id}/containers/encode",
        headers={"Authorization": f"Bearer {API_KEY}"},
        files=files
    )
    return response.json()

AI Query Workflow

On User Query:

  1. Authenticate the user via your SSO or access layer.

  2. Request list of accessible containers via Locktera API:

GET /api/v1/users/{user_id}/containers?access=allowed
Authorization: Bearer YOUR_API_KEY

3. Decrypt and mount only authorized .tera files into the AI retrieval index.

4. AI vector store or RAG engine uses in-memory content from decrypted containers.

5. Return results only from accessible content.

Benefits:

  • Enforces zero-trust access for every document in your AI corpus.

  • Supports multi-user, multi-team AI access with no data leakage.

  • Flexible: Apply DRM by user, time, IP, or geo.

  • Enables auditable AI queries, mapping data access to user identity.