Wednesday, September 13, 2017

Security and nsquared documents

One of the questions commonly asked about nsquared documents is around the security of the NFC tags and the associated PIN.

It is difficult to know how much we should disclose about the way we secure your authentication information. Therefore I will keep this post at a fairly high level and explain the concepts that keep your details safe.
First the obligatory disclaimer; nothing is truly safe. Seriously, if you believe you have a system that is 100% secure you are naïve. In order for encrypted data to be useful it needs to be decrypted. The encryption and decryption is done in software using mathematical algorithms to make it hard for people without the correct corresponding components to access the data. The question, with security, is how hard do you make it for "bad" people to access your information? At nsquared we believe we have made it difficult for anyone to access your data without substantial effort.

When you log in to one of your cloud document stores (OneDrive, Dropbox etc) the service responds with a token that enables the software to access that cloud store. Somehow nsquared documents needs to store that token. We don’t need to store your username and password. In fact we don’t even have access to your username and password. That is hidden by the login screens provided by the cloud store providers (Microsoft and Dropbox). Even if we did have that data we wouldn’t store it, as we don’t need it.
We then associate an NFC tag to that token. The NFC tag contains a unique ID, nothing else. We do not store the token or your PIN on the tag. The tag is like a locker number. It uniquely identifies a place your data is stored. Except it is encrypted. So even with that unique number on your tag your still need to know how to decrypt it in order to find the locker.
So what about the PIN? We never store your PIN anywhere. The only place the PIN is stored is in your head. Please don’t write it down somewhere, your security will be lower. The PIN is a bit like your locker key. We use the PIN in combination with your tag ID to identify who you are, where your data is stored and how to decrypt your data.
If you lose your tag and are concerned about the fact your PIN was written on a sticky note on your desk (yes, you know who I am talking about). Then you can go to your cloud store provider and disable access for nsquared documents to access your store. You can then create a new tag using nsquared documents and this will generate a whole new setup.
If you are using a Surface Hub please download the free trial of nsquared documents from here
If there are any features you would like to see added to nsquared documents please let us know.

No comments: