Voucher:Security

From Akorena Wiki

Contents 1 Security Design 1.1 PIN and Password 1.2 Data Security 1.3 Automatic Suspend Idle Account 1.4 Event source Checking 2 Secure Operation 2.1 Separate Users Application 2.2 Audit Trail

Security Design

PIN and Password

Account has two kind of security tokens:

• PIN (Personal Information Number) is a sequence of number that can be used to execute transactions on the system.
• Password is an alpha-numeric characters sequence that used to access the system.

Data Security

To ensure that sensitive information is safe, we gave additional encryption layer to data. Account's PIN (Personal Information Number) and Password are encrypted using cryptographic hash functions on database level itself. It means that anyone can not read Account's PIN and password even if an attacker can read the database.

'But what if one of my users loses his/her password? Can't I remind it to him/her?'

The answer is a loud and clear NO. Not only you cannot do such a thing as reminding their passwords to them, but in fact you should not even have a way to get to read/know/see your users' passwords, no matter if you are the system administrator! If one of your users loses his/her password, just reset it to a new value and send him/her a message to a verified email address with the new one, asking to change it as soon as possible.

Automatic Suspend Idle Account

Accounts that have no activity in certain period will be suspended. In that way no transaction can be performed on behalf suspended account until re-activated.

Off course the threshold period can be easily configured on system, it might be 30 days, 60 days, etc.

Event source Checking

System can be configured to allow only accept transaction request from registered event source (phone number, instant messenger account, IP address).

Secure Operation

Separate Users Application

Audit Trail

Next release