Hyker takes a strike at securing the data in a system, as opposed to securing the infrastructure. Hyker separates the access control of data from the process of sending it. A message or data protected by Hyker does not have an explicit addressee. There is no recipient, and nobody can decrypt it. Instead of encrypting it for a known recipient, the message is tagged with metadata of how to acquire the key. It is then up to a consuming party to request access to the decrypting key.
This makes the system highly suitable for pub-sub systems, especially when you have multiple parties involved, or the data is stored over time, or people in the system come and go.
This is all done using end-to-end encryption, protecting the data in an unbroken chain from producer to consumer. There is no central storage of decryption keys. The important thing is that sensitive data does not touch any part of a system it does not need to.
Securing a certain part of a system is always easy. Using good encryption, installing a firewall, separating processes, etc., are all great ways of doing this. The hard part is getting the overall security good. In other words, being sure that there is no part of the chain that is weaker than the rest. Hyker eliminates the need to trust the ultimate security of every part of the chain by focusing on securing the data instead of the infrastructure. This is done through a trust-based security model.