myViewBoard Security Development Overview
This document is provided in response to the inquiry made to ViewSonic for requesting security development and deployment architecture for the myViewBoard project. Security and privacy are components of myViewBoard TM in the design, development, and delivery of this service.
In this document we will describe how we integrate Github, Docker, and Circle CI,deploy secure, scalable architecture on Amazon’s Web Service Cloud platform, WebRTC’s protocol for securing our streaming service, and how PGP (Pretty GoodPrivacy) is integrated in our secure file sharing and transmit use case. This approach is designed to balance customers’ needs for security and confidentiality with public information in regard to technologies and third-party solutions that myViewBoard integrates.
Secure Development Lifecycle
Security Development Lifecycle is a set of activities and milestones which can drive high-quality security outcomes in product and services development. It can be subdivided into 4 distinct sections: Architecture and Design, Implementation, Validation and Release. A review is conducted after each stage has been completed. Below are the activities that should be taken care of at each stage of the Secure Development Lifecycle process:
Continuous Integration and testing with cloud service
Security Design and Data in myViewBoard
Security is always the highest priority of our concerns. myViewBoard had introduced different techniques to ensure you could use our service always in the good and safe environment.
Security design and implementation
myViewBoard introduced the firewall to protect all the assets for the system. All the traffic had been monitored by a firewall to ensure there is no malicious connection connecting to our systems. Also, we introduced the PKI infrastructure to ensure the identity of the servers. The PKI could provide the integrity to ensure the service had been served in the proper secure way.
Besides the above, myViewBoard had already applied SSL certificates to encrypt all the transactions between you and our system. All the traffic you send and get through from our system is in private. myViewBoard uses SHA 256 with RSA encryption algorithm to ensure that all traffic is safe during data transmission. We do not allow any open-text connections to [myviewboard.com] so that all your connections would be in a highly secured way to connected with us.
Moreover, myViewBoard employed different cloud vendors for infrastructure support. By the empower of cloud vendors, your data and data transmission are placed in the most secure way that the top-tier cloud vendor provided. Inside the access, the encryption keys are required to use as the mandatory identity validation method. myViewBoard also deployed the Web Application Firewall (WAF) to protect your connection within the safe and proper good way for transmitting data. By the empowering of our WAF, DDoS protection and network vulnerability prevention had been formed into our infrastructure to provide you a clean and safe space for using our service.
In myViewBoard, your data will be saved on our secure database system which only a limited number of our internal colleagues could touch for. In most scenarios, myViewBoard would not directly access your data.
To perform the good data segregation standard, myViewBoard uses a different system to isolate our colleagues who could touch what category of data. We are working from the least privileged model which means your colleagues will not be able to access the data they do not need. Also, by the segregation of data concept, myViewBoard only collects the data need to perform our tasks. All the data and information you provided will be under our security protocol to perform regular access audits and review the control procedures.
In myViewBoard, all data will be encrypted and store in our database system. Besides the data at rest, myViewBoard also takes good care of data in transit.
For all services in myViewBoard, we had enabled the SSL/TLS encryption between different parties. All the traffic is transferred under the SHA256 encryption by our SSL certification. The certificate will be continuously updated and renew by us to ensure the safety of the data passing.
Besides the above, myViewBoard is concerned with all your data shared with us. All your temporary files will be deleted when you exit the application, sign out, switch users, or reach idle time. And as per the architecture by OAuth 2.0, we do not store your password on our system when you use other identity providers to access our system. In myViewBoard, we will not share or sell your data to a third party for any other purpose which means we will not allow other parties to access your information for any purpose. For the collection of data and its usage, including GDPR protection policy, please reference to https://myviewboard.com/policy for more details.
Secure Streaming Service
Browser-based communications eliminates cost and complexity
By breaking vendor and platform dependencies, WebRTC transforms enterprise communications. Until now, businesses have been limited to expensive desk phones and proprietary software clients. While vendors support open standards such as SIP (Session Initiation Protocol), many maximize product margins by providing support only for proprietary endpoints and separately licensed software clients. With more workers using smartphones as their primary handset, expensive desk phones are becoming increasingly difficult to justify. What businesses need is a way to make smartphones and tablets viable alternatives to traditional phones. However, traditional solutions for extending enterprise communication services to mobile devices are costly and inefficient.
Most UC (Unified Communications) vendors offer operating-system-specific soft clients that take time and money to qualify, deploy, and support. WebRTC overcomes these limitations by bringing real-time communications directly to the browser. This eliminates special purpose, OS-specific clients. With WebRTC, IT organizations can accelerate time-to-market and contain costs by extending enterprise communications services to any browser-enabled device (smartphone, tablet, or PC).
Users can access the WebRTC-enabled service over any network – public or private; WiFi, mobile broadband, or wired LAN. WebRTC reduces upfront IT expenses by containing client licensing fees, qualification efforts, and deployment costs. There are no proprietary clients to purchase, roll out, update, or support. The client application runs on an off-the-shelf "free"browser. Qualification, deployment, and maintenance costs are contained to the Web site. New features and fixes are implemented right on the Web page.
WebRTC Built-in Security Features
In essence, downloading any software from the internet carries an inherent risk that your PC may become infected by a virus, malware, spyware or various other 'bugs'that threaten the security of your data. As such, the principal solution to combat viruses is to install firewalls and anti-malware software that work to defend your computer against any potential threats.
With WebRTC however, there's no need to worry about any of that because since WebRTC works from browser to browser, you don't need to download any software or plugins in order to set up a video conference or VOIP call. All the security that you need is already contained within your browser and the WebRTC platform. Some of the in-built security features contained within the WebRTC platform include:
- End-to-end encryption between peers
- Datagram Transport Layer Security (DTLS)
- Secure Real-Time Protocol (SRTP)
Encryption is built in to WebRTC as a permanent feature and addresses all security concerns effectively. Regardless of what server or compatible browser you're using, private peer-to-peer communication is safe thanks to WebRTC's advanced end-to-end encryption features.
Data Transport Layer Security (DTLS)
Any data that is transferred through a WebRTC system is encrypted using the Datagram Transport Layer Security method. This encryption is already built into compatible web browsers (Firefox, Chrome, Opera), so that eavesdropping or data manipulation can't happen.
Secure Real-Time Protocol (SRTP)
In addition to offering DTLS encryption, WebRTC also encrypts data through Secure Real-Time Protocol, which safeguards IP communications from hackers, so that your video and audio data is kept private.
WebRTC Default Case - P2P
This is a true End-To-End encryption (E2E)
WebRTC Default Case - TURN
A TURN Sever DOES NOT terminate the encryption. In this case, it's a true End-To- End encryption (E2E)
Changes to the system environment:
This document relates exclusively to the details of the product or project specified above. This section is designed to provide requested details on how the product in question interacts with the system environment in question.
This product has software components that are installed in standard user directories. Any exceptions to this are listed below:
- Crossmatch Fingerprint SDK
This software component also adds or makes modifications to the following system attributes and configurations (such as registry entries, firewall settings, digital certificates, kernel mode drivers, and browser plugins):
- Registry Keys:
Services: The following are uses of cryptography:
- Hashing Algorithms: SHA25
- Public-Key Algorithms: RSA-204
- SSL Schemes: TLS 1.2
The following is a list of all known third party components used in this product:
- - MQTT 3.1 and 3.1.1 compliant
- - QoS 0 and QoS 1