Security

Fully electronic process

Our solution is unique due to its fully electronic depositing process which benefits from features of asymmetric cryptography. This design is based on an analysis of all the risks related to the issues of source codes depositing. A combination of an asymmetric and symmetric cipher algorithm ensures a high-level protection of source codes during the whole process of receiving an archive in the deposit and during the whole deposit period. Absence of any physical manipulation with the media raises the efficiency of the whole process and eliminates the risks related to such manipulation (e.g. damaged media etc).

Protected archive

The data in form of a ciphered archive are specularly stored at two geographically separated storages in Prague (primary) and Olomouc (back-up). Consistency of the deposited files is checked regularly, automatically, and independently of each other. The files at the primary storage are backed up regularly. In case of any extraordinary event (e.g. damaged data consistency due to an error in the file system), a process to remove such an error and restore the original status of the deposit is immediately launched.

Parameters of the deposited archive

  • symmetric cipher algorithm (data ciphering): AES-256,
  • asymmetric cipher algorithm (securing the secret key for a symmetric cipher): RSA (2048bit keys),
  • owner of the private key: software user.

Parameters of the primary storage

  • daily regular back-up of the data,
  • data server locked in a rack in a professional server house in Prague center,
  • continuous power supply from 2 independent city circuits,
  • back-up power supply by UPC, diesel aggregate,
  • security guards in the building, entrance only with a chip card and an ID,
  • on-line CCTV – corridors and every rack,
  • A/C units,
  • fire protection – smoke and temperature sensors.

Protected software escrow and the most serious risks

Source codes revealed (DEPONEST, ex-employee of the producer, third party)
The whole archive is ciphered by a powerful symmetric algorithm, and the secret key is ciphered by the public key of the software user. The user is then the only one able to deciphered the archive.

Physical loss of the archive
The archive is kept at two geographically separated storages with an independent and automatic integrity check. The primary storage is regularly backed up.

The user gains access to the archive without fulfilling the conditions
DEPONEST by its process ensures that the user gains access to the archive only after the correspondent conditions have been met, as defined in the agreement. The storage the user would download the archive from is not physically identical with the storage the archive is typically kept at.

The archive does not contain the materials agreed on
The cipher tool enables DEPONEST to check if the materials agreed on (file names and directories only) are present at the storage with no need to decipher the data.