STRENGTHENED SECURITY. End to end ENCRYPTION of CONFIDENTIAL FILES
Security really matters. Users shall assign to every piece of information its “range of diffusion”. It must be easily available inside its “range of diffusion” and safely kept out of reach beyond it.
CIFKM incorporates 3 safety levels:
1.- General encryption of all data and files at the servers, after having indexed texts, that secures them from outdoors assails.
2.- Each “Data Smart Box (DSB) incorporates its own permission system.
3.- Authorized users can perform end to end encryption of special confidential files. Encryption is performed before uploading files and, simultaneously to the encryption process, it can be specified who (users) can decrypt each of them. It combines algorithms AES+RSA.
1. General encryption of all data and files at CIFKM server
A general encryption of database and files, using 256 AES algorithm, is automatically performed at CIFKM servers, having previously indexed the texts of files once uploaded to a DSB. When a file is downloaded from a DSB, CIFKM application decrypts it, what means that only users through the application can view it.
2. Each DSB incorporates its own permission system
Each DSB incorporates its own permission system (DSB roles) that determines who “groups of users”, may access its content and with what powers. These rights may be predetermined in the specific DSB template used to create the DSB.
Thus, any DSB is only accessible to the “groups of users” that have rights over it (DSB Roles whether just for consulting, modifying, or managing the DBS).
3. End to end encryption of confidential files at the user’s PC before uploading them to CIFKM server
In addition to the foregoing, a built-in tool allows authorized users (by his user role) to perform end to end encryption of very confidential files, before being uploaded to server, determining simultaneously to the encryption process who (users) are allowed to decrypt each of them.
Each authorized user chooses a unique and secret (he only knows it) encryption passphrase to encrypt/decrypt all files in which he is authorized, either because he has performed the encryption or by other users. The system is fully robust combining algorithms AES and RSA (public and private key) and uses Windows Crypto API at the user’s PC.
The process is transparent for users, who are only required to insert his secret passphrase for encrypting /decrypting files.
Files are uploaded and downloaded already encrypted, so that their texts are not indexed. In each DSB you can keep multiple encrypted files, which can only be decrypted by users that, having access the corresponding DSB, are expressly authorized to decrypt the corresponding file, either by whom encrypted it initially, or by any other user authorized to decrypt it.
Thus, the risk of diffusion of each file is only in the hands of those who can decrypt it.