senditcertified security documentation...senditcertified security documentation https/ssl message...
TRANSCRIPT
Introduction
Privacy Data Systems, LLC is the provider of SenditCertified, a web-based system that enables subscribers to securely exchange messages and large files online. SenditCertified includes four main components – encrypted bi-directional messaging, encrypted web-based storage, patented biometric authentication, and electronic signatures (ESIGN compliant). SenditCertified’s architecture meets NIST standards and Meaningful Use requirements for HIPAA compliance.
SenditCertified Security Documentation
▪ HTTPS/SSL Message and Attachment Encryption
◦ HTTPS (Hyper Text Transfer Protocol Secure) is a secure version of the Hyper Text Transfer Protocol (http). ◦ HTTPS encrypts the session with a digital certificate i.e., HTTP over SSL (Secure Sockets Layer) which can be used by web browsers and HTTPS - capable client programs.
▪ Extended Validation SSL SGC CA
◦ With SGC (Server Gated Cryptography) a hacker with the time, tools, and motivation to attack using brute force would require a trillion years to break into a session protected by an SGC-enabled certificate.
▪ AES the Advanced Encryption Standard (AES) - Enables 256-bit encryption, much stronger than 128-bit.
Protected Storage (Data at Rest)
• SenditCertified Data Centers are SSAE 16 compliant (formerly SAS 70 Type 2):
Physical Security:
◦ 24x7 monitoring to ensure our servers are always safe
◦ Logged and monitored access into and out of facility monitored
◦ 24x7x365, with card access required
◦ Video monitoring inside and outside facility 24x7x365
◦ N+1 power generator architecture, N+2 redundant data center HVAC
(heating, ventilation, air conditioning) systems
◦ Advanced fire suppression systems to keep any fires localized
Network Security
◦ 250+ Gbps of transit network capacity to six Tier 1 backbone networks
◦ 7-Factor Threat Scenario Modeling, automatically identifies irregular
behavior patterns and threats
◦ Dedicated firewalls and load balancers, A + B power feeds available
from multiple UPS’s, Dedicated Ethernet switch
◦ Brocade Server Iron line of load balancers
◦ DDoS – Distributed Denial Of Service attack
◦ Cisco physical firewalls, O/S hardened servers
Protected Transmission (Data in Motion)
• Database Encryption – AES-256
◦ AES Encryption Standard (AES) - encryption of entire database, data files, and log files
◦ Database is even protected from a physical on-premise attack
• Individual Data Objects – AES-256
◦ Individual objects are encrypted with NIST/FIPS 140-2 approved CVMP Cryptographic Modules (Certificate available upon
request)
◦ NIST 800-53 Compliant Key Management Infrastructure (KMI) – centralized management of encryption keys
◦ Multi-tiered Storage (separation of web-facing and non web-facing servers)
How It Works:
An encrypted SecurePackage travels over an encrypted path directly to an encrypted vault for pickup by an authenticated recipient, also via a direct encrypted path. No special PC software required.
StandardWebBrowser
StandardWebBrowser
Direct AES encrypted path
OPTIONAL FINGERPRINT SCAN
SENDER RECIPIENT
OPTIONAL FINGERPRINT SCAN
Direct AES encrypted path
Authenticate Senderand Create SecurePackage
Authenticate Recipientand Deliver SecurePackage
Store SecurePackage(Storage Encryption)
Authentication• Multi-Factor Protection
◦ Password protection
◦ Site Image Verification
◦ Optional Fingerprint scan authentication
◦ Keystroke Logging prevention via graphical virtual keyboard interface
◦ Session management – proprietary intrusion detection
Privacy Certification• SenditCertified privacy standards have been reviewed and confirmed by TRUSTe
TRUSTe is an independent non-profit organization best known for its Web Privacy Seal. TRUSTe runs the world's largest privacy seal
program, with more than 2,000 Web sites certified, including major internet portals and leading brands such as IBM, Oracle Corporation,
Intuit, and eBay. TRUSTe's purpose is to establish trusting relationships between individuals and online organizations based on respect for
personal identity and information in the evolving networked world.
• The TRUSTe Web Privacy Seal marks companies that adhere to TRUSTe's strict privacy principles, and comply with the TRUSTe Watchdog dispute
resolution process. Principles include:
Creating a privacy policy to be reviewed by TRUSTe
Posting notice and disclosure of collection and use practices of personally identifiable information
Giving users choice and consent over how their information is used and shared
Code Signing VerificationCode Signing Digital IDs enable software developers to add a digital signature to software and macros including Microsoft Authenticode, Microsoft
Office and VBA Signing, Sun Java Signing, Adobe Air, Netscape Object Signing, Macromedia Shockwave, and Marimba Castanet Channel Digital IDs
for secure delivery over the Internet. Digital IDs are virtual "shrink-wrap" for your software; if your code is tampered with in any way after it is signed, the
digital signature will break and alert customers that the code is not trustworthy.
• Message Delivery Protection
◦ Electronic Signature – Required
◦ Optional Access Code (Password)
◦ Optional Biometric Authentication (Fingerprint Scan)
◦ Session management - proprietary intrusion detection
DKIM for Email AlertsDomain Keys Identified Mail (DKIM) lets an organization take responsibility for alert messages while in transit. The organization is a handler of the
message, either as its originator or as an intermediary. Their reputation is the basis for evaluating whether to trust the message for delivery. Technically,
DKIM provides a method for validating a domain name identity that is associated with a message through cryptographic authentication.
RecognitionPrivacy Data Systems was selected Top 20 “Best-in-Class” Security Companies of 2010 ;; SenditCertified was selected to introduce its innovative
security technology during the Security Innovation Network™ (SINET) Showcase 2010 in Washington, D.C. SINET is an organization focused on
advancing Cyber security innovation through public-private collaboration.