Security and encryption

SECURITY AND ENCRYPTION

CIFKM has three levels of security to guarantee that only the users authorized over each piece of information or specific file may view it.

Access and power permissions are assigned in each Data Smart Box

Deposit Protection Safe Box, flat style, colorful, vector iconEach CIFKM "Smart Box" incorporates its own system of permissions that determines who, or what "groups of users", may access its content and with what faculties. These may be predetermined in the corresponding "Smart Box" template with which it was created.

Thus, any "Smart Box" is only visible and accessible to the "groups of users" that have access permission (Data Smart Box Roles) to its contents whether just for consultation, or to modify it, or to manage permissions for other "user groups".

General encryption of all data and files in servers

The automatic encryption of all the files is performed in the CIFKM server after uploading or modifying files once their texts are indexed. It uses the AES algorithm and extends to all the stored data and files.

Untitled Drawing 10Therefore, files in the "Data Smart Boxes" can only be viewed by users using the CIFKM application according to the access rules and permits that "user groups" have for each "Smart Box". Thus, a person with access to a CIFKM server (there must always be someone) won't be able to view any file stored in this server if he doesn´t use the application with the appropriate permissions.

This way, backdoor leaks will be avoided. Nevertheless, for the user all is transparent, since the encryption and decryption of the files is done automatically when loading or downloading files from the application without any intervention on his part.

Personal encryption of confidential files at the user's workstation before uploading to servers

Encrypt a file and determine users allowed for decrypting it by means of CIFKM's client program in the user's workstation, before uploading it to CIFKM server

Personal file encryption is an additional functionality that the enterprise can made available to certain users (user roles). It is designed for files with especially confidential information.

Encrypt and users ENWith it, one successfully protects any possible vulnerability of the data base and one prevents anyone with direct access to it from viewing these files by altering the access permissions to the "Data Smart Boxes" that contain them. Encryption and decryption of files is done by the user's client program with a RSA random asymmetric pair of keys which, in turn, are encrypted with the AES algorithm applied to a personal encrypting password.

These encrypted files are uploaded and downloaded from the server and their texts are not indexed. Each "Data Smart Box" may have one or more personal encrypted files so that they may only be decrypted by the users who, having access to the corresponding "Data Smart Box", are over each specific file expressly authorized to decrypt, either by whoever encrypted it initially or by another user who is also authorized to decrypt it. The risk of diffusion of each file is in the hands of users who can decrypt it.

Presentation: CIFKM encryption, safe document management

Check S
Who may encrypt or decrypt files?

Any user that:

  • Has in his "user roles" the faculty to encrypt and decrypt files.
  • Has permission to upload and/or modify files in the corresponding "Smart Box".
  • Is expressly authorized over the specific file thus encrypted, either because he encrypted it initially or because he was authorized by another user who was previously authorized to decrypt it.

Check S
What advantages does encryption have?

Any organization has to manage confidential information. With this encryption of files one achieves:

  • That a user may have in CIFKM files that only he may decrypt.
  • That a group of persons may collaborate with the certainty that only they may decrypt the files they use and are available to them.
  • That two or more persons may correspond via emails, notices and CIFKM notes, with hyperlinks to confidential files thus encrypted, with the greatest security that only they, and no other person, may view them, even though this other person may access their email folders.

Check S
Are encryption and decryption easy for the user?

Encrypting and decrypting is very easy; CIFKM only asks the user to choose one password (expression, phrase, set of words and/or numerical characters) that he must remember and not tell anyone else.

(See......From a "smartbox", what a user must do for encrypting a file, uploading it, and authorizing other user to decrypt it?

Every time he encrypts, or decrypts a file that either he or another user has encrypted. CIFKM will only ask him to repeat the password he has chosen, and nothing else. It is this simple and transparent. The user may carry out these encryption or decryption operations in any computer that has the client program installed in which he identifies himself.

Check S
Is encryption robust and secure?

The security is complete since it only depends on someone being able to know the encrypting password that the user has selected (besides the password that identifies him). The entire process is carried out in the user's workstation by the CIFKM client program. The servers don´t intervene in the encryption and decryption processes. They only receive and save the encrypted files and encrypted keys. Everything hinges on each user's secret password. The process consists in the following:

  • The CIFKM client program, via the API-crypto of Windows, generates at the start for the user who has the faculty to encrypt or decrypt in his "user role", a pair of random asymmetric RSA keys (public and private). The private key is in turn encrypted with the user's chosen encrypting password by means of the AES algorithm and both asymmetric keys (the public one and the private already encrypted) are sent to the server to be available to the user anywhere.

    (See...... How the user creates his pair of keys, public and private, encrypts this last one by means of a secret password with an AES algorithm, and uploads it to the server?)

  • Encryption of a file is ordered by clicking the button encrypt of any "Data smart Box". Then the client program of the user generates a random key with which the file is encrypted with the AES algorithm, and that (the random key) in turn is encrypted with the public key of the user and with that of any other users who he has authorized.

    The entire encryption packet is later uploaded to the server. It seems obvious that to decrypt the file one has to previously have decrypted its random key with which it was encrypted, which may only be done with any of the private keys of the authorized users and that only they can decrypt them with their passwords.

  • If later one would like to authorize another user it won´t be necessary to move the file from the server, but only its encryption key, that will be decrypted and afterwards encrypted with the public key of the other authorized user. Everything is done in the workplace of the authorizer. He simply chooses the corresponding menu option of right mouse button on the encrypted file and enters his secret password
  • If later one would like to remove the authorization of a user, the key of the file that has been encrypted with his public key will be eliminated

    Everything is automated since for any operation that has been described user is only asked to fill in his encrypting password.

Printed from: http://info.cifkm.com/en/security-and-encryption .
© 2019.