Security

Communication is a business critical process. We take your business serous and have done everything in our power to ensure the security of your communication with our service. To us, security doesn’t stop at locking the door and throwing away the key. This page explains our position on availability, confidentiality and integrity of your data, communication and the ability to act.

Availability

Out dedicated servers are hosted in highly secure clean-rooms at professional hosting centres. Each subsystem can be hosted in a different location, and we offer our customers the possibility to host one or more subsystems on their premises.

Our hosting partners ensure telco-grade availability levels of network, servers and support, enabling us to ensure the same level of availability for our service. Our servers are implemented in redundant pairs, allowing automatic fail-over and load-balancing.

Confidentiality

The DCC system uses 4 subsystems to exchange information between the participants in a conference. These 4 subsystems communicate independently with each user and between each other. Below, we detail what measures are taken to ensure the identity of users and the confidentiality of communications between users and the system.

Communication between the subsystems is encrypted with the 256-bit SSL standard and transmitted over the Internet using the TCP/IP protocol.

The 3 subsystems support the exchange of information over the following channels:

1) Authentication / Billing

The first subsystem is the billing system, managing the entry-point of the user, serving the management console to the users and authenticating users that want to enter the secure zone of our servers.

Identity

User accounts are protected by username / login. We advise users to pick a good password. After an period of inactivity, the user is automatically logged out of his account to avoid abuse.

Invitees are identified by a unique PIN code that is only valid for a single meeting at or around its scheduled time. A small delay in the verification process of the PIN code to access the meeting ensures that a visitor or robot trying to find a PIN code with brute force will need enormous amounts of time to guess a PIN code.

When a meeting is over, the invitees’ PIN codes become useless, but stay reserved. When a meeting is archived, the PIN code is recycled with a 'cool-down' period of 1 month. During the cool-down period the PIN code is not used.

Confidentiality

Communication with the management console occurs through a secure web connection using the SSL standard to encrypt all communications. The HTTPS protocol ensures the user that he is in fact communicating with our servers and not with another system.

2) Voice

The voice subsystem supports switching and mixing of the voice channel, transmitting oral communication.

Identity

Voice is transmitted from a fixed or mobile (GSM) phone over the public switched telephone network (PSTN) and managed centrally by our audio conference bridge. The conference bridge can call out to meeting participants using the phone number as specified by the meeting moderator. Thus it is ensured that only the participant’s telephone is connected to a conference. Alternatively, meeting participants can call in to the meeting, in which case they must identify themselves with a PIN code. Also, their phone number is recorded for verification.

Confidentiality

Confidentiality of the exchanged conversation is ensured by the intrinsic secure nature of the PSTN. The conference bridge only exchanges information about telephone numbers and line status with the other subsystems, using encrypted communication.

3) Video and Interaction

The third subsystem is the interaction channel, sharing video streams, mouse pointers, drawings and other interactions between users. It also manages the way the screen of each participant is built up.

Identity

All meeting participants that join a conference must authenticate before they can access a conference with their PIN Code. As a second measure, the moderator can require a password to be entered when joining a conference. This password can be transmitted just before the meeting by a text message (SMS).

During the meeting, the moderator can see the video stream of each participant, enabling him to verify that the right person has joined the meeting.

Finally, the moderator can verify the geographic location of the computer that the participant uses. The system can detect if the location of the computer and telephone of one participant are different ¹⁾.

Confidentiality

All communication on the interaction channel is transmitted using the RTMPS protocol. RTMPS is a combination of SSL and RTMP, the proprietary real-time messaging protocol of Adobe Flash Communication Server. All RTMP packages are encrypted and encapsulated in an SSL socket connection, ensuring 256-bit encryption and VPN-level security.

In this subsystem, no information whatsoever is stored after the meeting.

4) Data

The third subsystem is the data channel, distributing documents and images that are shared between participants. Data resources are identified by a unique identifier, which is transmitted over the interaction channel when selected for sharing by the moderator.

Identity

When connecting to the interaction subsystem, each participant is identified and assigned a session key. Only users with both a valid session key and a resource identifier can access the data channel.

Confidentiality

Documents that are shared between participants are transmitted between participants and server using the HTTPS protocol.

Integrity

All systems that store user data are hosted on redundant servers with RAID arrays to store information. This means that there is no single point of failure that would compromise the user data. Optionally, users can request to have their data backed up as an extra security measure.

Finally, users can opt to take charge of the integrity of their data themselves by hosting one or more of the subsystems on their premises.

¹⁾ While intelligent algorithms can make an educated guess about the location of a computer, this location cannot be determined with 100% certainty. The indication of the location is just a help to the moderator in assessing the identity of each participant.