Electronic Online Deposit - Technical Details

Print This Page

Summary

• All pages are served over HTTPS and encrypted using Transport Layer Security (TLS)
• Uploaded are encrypted in-transit over HTTPS and at-rest with one of the strongest encryption ciphers available (AES-256)
• Files are stored in the Amazon Web Services cloud (AWS), with regular offline backups stored in a secure location
• Data access is tightly controlled through user authentication and role-based access control (RBAC)

Data Storage

• Deposited files are stored in highly durable cloud storage on AWS
• Integrity of uploaded files is verified using file checksums
• Deposited files checksums are calculated as MD5 digests and provided in abbreviated form on the Deposit Certificate as the deposit “Signature”

Data Security and Encryption

• All connections to the SoftEscrow Client Portal are served over HTTPS with TLS encryption, providing in-transit encryption
• All web servers serving the SoftEscrow Client Portal have full-disk encryption enabled, providing at-rest encryption
• All data transmitted between SoftEscrow web servers and AWS cloud storage is sent over HTTPS with TLS, providing in-transit encryption
• Deposited files are stored in AWS with Server-Side Encryption using the 256–bit Advanced Encryption Standard (AES-256) block cipher, providing at-rest encryption

Data Access

• Uploaded files are only accessible by administrator users with designated roles (RBAC) for the purposes of making offline backups
• All user passwords, including administrator passwords, are hashed with unique, per-password salts
• Direct cloud storage access is available only to SoftEscrow super-user administrators
• Authentication and access records are retained for web application, server, and cloud storage access attempts