Security

Private End-To-End encryption

Unbeatable security, guaranteed confidentiality

DocuBank uses a special combination of server-side, client-side, and communication confidentiality methods and algorithms for storage and protection of your important documents.

These algorithms, on the one hand, are such top category solutions used in the information technology that are also applied by government agencies, security technology firms, and large industrial enterprises, and, on the other hand, they are special technologies by assistance of which DocuBank ensures unique protection of your sensitive files.

DocuBank and the Private End-To-End (PETE) encryption

Compared to other End-To-End encryption methods, DocuBank ensures a higher encryption key protection. If you use DocuBank’s PETE client-side encryption, no information about the key used for the encryption will be sent through the network and will not be stored in DocuBank’s system anywhere. Consequently, the key required for reverse engineering will not be observable in any form for the hackers either. Moreover, even in the event of a possible blackmailing of the specialists operating DocuBank’s servers and data bases, no information may be obtained by any third party because the keys used for encryption are not present in any manner on the servers.  

Since the key required for reverse engineering of the files is not available for the firm representing DocuBank either, therefore, in the event the handover of data and files stored in the data bases is obliged by a final court decision, only the handover to the requesting office of meta data stored for the documents is possible .

What is the difference between ETE and PETE encryption?

End-To-End

The End-To-End encryption guarantees the encrypted handling of the document over the entire process. The encryption takes place already at the client-side; the document travels in this way through the various network channels, whether they be wired Internet, public Wi-Fi or any other. Then the documents are also stored in encrypted form. 

The de-encryption of the file takes place at the other endpoint only, that is, also on the client computer.

Private-End-to-End

The Private-End-to-End encryption additionally guarantees a very important thing compared to the End-To-End encryption, namely, that the key used for the encryption does not leave the client computer and will not be stored anywhere (not in the form encrypted by additional methods either).

After its use, the key is promptly deleted from the client’s memory.

How can be identified whether a service uses only End-To-End or PETE technology?

In general, it is difficult to deduce from the signs visible on the user interface of the services what the technology used is, however, in certain cases, the situation is clear-cut.

If a service states that it does not store the encryption key required for the End-To-End technology, that is, it handles our documents with a zero-knowledge approach, it is worth trying the following:

Let us suppose that the system enables a user to upload encrypted documents after access without giving any encryption key, then another invited user or user with the same privileges who uses the same account may have access and may view the document in question with giving the user name and password required for his or her own access. In such an event it might be clearly deduced that the system stores the key used for encryption in any, might even be in an encrypted, way.  

On reflection, if the de-encryption of the file takes place on the client of the invited user and this user gave no keyword in addition to the password required for the access, how the client knows what key is to be used for de-encryption of the file in question. In such an event, the client may obtain information from a server of any kind or from stored data only. Consequently, the system does not use Private-End-To-End encryption.

Encrypted documents

DocuBank’s encryption techniques

DocuBank uses several encryption technologies in order to protect your documents. From among them, you may optionally select the PETE encryption.

PETE

Legend:

  • DOC – Your document
  • Meta data – Arrangement information associated with your document
  • PETE (DOC) – A document with Private End-To-End encryption
  • HTTPS(PETE(DOC), meta data) – Data packet with network encryption
  • DB(AS256(PETE(DOC)),meta data)) – Encrypted data record stored in data base

 

Server-side AES 256 bite encryption

Independently of your decision, DocuBank stores all documents in encrypted way.  AES 256 bite algorithm is used for the encryption. Even if you upload your documents without client-side encryption, all of your uploaded documents will be protected. All documents will be forwarded and stored in encrypted form.  In this case your colleagues (users you grant access to the documents) will be able to download and open these documents.

Selectable client-side PETE encryption

If you switch on the optional PETE client-side encryption when you upload a document, the system will prompt you to enter your individual password by which it performs the encryption of the document but it does not retain the password in any form. Consequently, if you want to share this document with anyone, you should hand over the password used by you through any other channel (e.g., by word of mouth or by SMS). Otherwise the file cannot be opened.

Attention! If you forget the password of a file encrypted with using client-side PETE technology, there is no possibility of any kind for the de-encryption. Neither the DocuBank staff, nor anyone else can provide help, in that case the document becomes inaccessible once and for all.

We store your documents using AES 256 bit encryption

We set up an own database for you where we store your documents using AES 256 encryption. This means that even those persons who have access to server hard drives by duty or legal right - such as server operators, system administrators or authorities - can not get an insight into your documents.

AES became effective as a federal government standard on May 26, 2002 after approval by the Secretary of Commerce. AES is included in the ISO/IEC 18033-3 standard. AES is available in many different encryption packages, and is the first publicly accessible and open cipher approved by the National Security Agency (NSA) for top secret information when used in an NSA approved cryptographic module.

OPERATION SECURITY

Your documents are stored in European TIER 3 data centers

As default, DocuBank stores the documents uploaded by you in the T-Systems Cloud & DataCenter that is located in the area (Budapest - 1087 Budapest, Asztalos Sándor u. 13.) of Hungary belonging to the European Union.  This DataCenter guarantees the following reliability values:

  • Availability of electric power: 99.99%
  • Guaranteed controlled temperature: 99.99%
  • Availability of Internet connection: 99.9%
  • Availability of intranet: 99.9%

Physical environment required for the fail-safe operation ensured in the server rooms:

  • Uninterrupted power supply;
  • Air-conditioned environment;
  • Fire protection equipment;
  • Physical safety system;
  • Access to high-speed, reserved domestic and foreign Internet backbone network;
  • 0–24h Help-Desk
  • 0–24h operator attendance
  • 0–24h security service

If you buy a Professional Package, it is possible to store data in other countries on demand. Currently, we can provide the following opportunities to our clients:

  • GENEVA, SWITZERLAND
  • FRANKFURT AM MAIN, GERMANY

RAID Structures and daily security backup - storage on multiple servers

Operation security is very important for us. We exquisitely make sure that you will be able to access our services 24/7 and to have your documents at the highest security. Therefore we apply RAID 6 redundant data storages, which guarantees the possibility to replace any broken spare parts in the hard drives storing your database without causing any operational downtime.

Daily security backup and our backup strategy together allow restoring your earlier database should you request it so. We build the databases of our clients with professional package on server farms established on different physical locations, which guarantees the highest operation security to our clients.

Improved autentication

TOTP TOKEN guarantees that only you can access your documents.

In case of ordering our professional package, we deliver security HW tokens together with all our services. These security tokens are usually the size of a key holder and they generate unique login codes for you in every 30 seconds.

Once you activate the security tokens delivered to you after placing your order, you can be assured that nobody else will have access to your documents, except for those persons to whom you provided access and a security token. In case of the token being lost or broken, we provide new HW tokens for a delivery fee.

Network security

Nobody can track the documents you upload or download

All DocuBank services can be restrictedly accessed through HTTPS protocols. This means that a Transport Layer Security (TLS) protocol based secured data channel is established between DocuBank server and your computer after successful authentication.

All document uploads and downloads happen through this encrypted channel. Even when unauthorized persons monitor your internet traffic, they will not get access to the sent data or documents.

IN CASE OF PASSWORD IS FORGOTTEN

Loosing the HW token

Should you forget your password, we are able to restore an earlier version of the entire database as per your request, but since we have no access to your documents, we are not able to do more. In case of HW token is lost, we block the lost device and send you a new one if requested. You can enable the mobile authentication until you receive the new token.

 

 

New Customer

Register Account

By creating an account you will be able to shop faster, be up to date on an order's status, and keep track of the orders you have previously made.

Continue

Returning Customer