If you run a support forum, you will soon realize that you cannot answer every query remotely. Often it is necessary that your customer grants you access to the customer system. Several problems can quickly arise when the access data is transmitted:
- Not all necessary access data is transmitted by the customer
- The transmission and storage of the access data took place via an insecure channel (e.g. e-mail or conversation)
- Accesses were not removed after completion of the work
This process is relatively critical, since unauthorized access can quickly lead to the compromise of customer systems.
We have developed a new system that solves exactly these problems and enables secure handling of access data. If you need access to a customer system, there is an explicit request for access data directly in the article. This is limited to the access data which is necessary to solve the problem.
Your customers now have the possibility to store access data explicitly for this request. The passwords and potentially sensitive information are stored asymmetrically encrypted with a public key before being saved in the database. To decrypt the access data, the corresponding private key is required, which is not stored on the server. In the theoretical case that an attacker gets access to our database, the access data cannot be decrypted because the private key is missing. We use the cryptographic encryption standard (RSA 4096 bit, AES-256-CBC) recommended by the German Federal Office for Information Security (BSI) in the technical guideline BSI TR-02102-1 to ensure the highest possible security. After the request has been processed, the access data is deleted from the system. The customer will be informed by e-mail and advised to block or delete access or to change the passwords.
5 Stars (2)
4 Stars (0)
3 Stars (0)
2 Stars (0)
1 Star (0)