Access to keys in data encryption
There is data encryption during transport and data encryption during storage.
- During signalling transport over the public internet (between web browser and Auvious backend), HTTPS is utilized which during the handshake makes use of asymmetric encryption, and in that case access to private key is only accessible by Auvious and Google.
- During media transport WebRTC Standards are used and more specifically DTLS-SRTP. Dtls handshake uses assymetric encryption. The client (browser) and the server(Auvious) each generate upon connection startup a new keypair and they exchange the public keys in order to be able to communicate. The private key in this case resides in the ephemeral memory of each peer, and can be accessed by whoever has access to that ephemeral memory.
- Data stored in Auvious database service, uses encryption at the disk level, managed by Atlas MongoDB Cloud service and access to this keys is limited to Atlas.
- Data stored temporarily such as recorded video/audio streams, uses encryption at disk level, managed by Google Cloud Platform, and access to the keys is limited to Google Cloud Platform.
- Data stored on the Customer supplied Storage, e.g. recording,snapshots,assets are transferred there using HTTPS (if using Google,Amazon,Azure object storage), or SFTP. In these cases private key is used as credentials, to provide access for Auvious to the Customer Object storage. Access to that private key is limited to Auvious, and the Customer Administrator(s).