Security and DIB

Protocols and tokens

DIB is a true WEB-based application plus it includes a mobile APP that communicates with the DIB-DIstributor server.

Communication between the WEB-clients are using the HTTPS-protocol.

REST API are also using the HTTPS-protocol

Communication between the DIB-APP and the DIB-Distributor also uses the HTTPS-protocol.

On all the above items the system is providing a JSON WEB-token upon request or logging in to the system. Expiration can be set on the token as a part of the configuration.

Valid certificates is also expected and must be provided by the DIB-customer as a part of the installation and on-going updates. A valid certicate also means the whole chain is valid.

Security breach

In case of a security breach where data could be compromised we will strongly recommend the DIB customer to close down system immediately to mimimise the potential damage. After shutdown all authentications must be verified and probably changed. So as an example private/public keys in REST must be renewed. After shutdown and authentications have been changed it must discussed what further to do. This is a field which is not an expertise the DIB-team provides.