© 2017 by GRAVIO Team

Information

security concept

All the stored and passed content is encrypted, including the one stored on the user's device. The protocol to serve as the basis for exchange will be subjected to encryption too. In other words:

Access key is required for the absolute level of protection for all user data. For different cognitive technologies to function, it takes access to the user's correspondence (chats, group chats, speech-to-text data, objective data from devices), personal data and only with the purpose of allowing machine learning. In no other cases, will the user data be used. For this, the user must establish "trusting" relations with the network.

 

Transport sessions and the content passed within the transport session will be encrypted.

Content keys will be stored in the user account, encrypted with the public key; respectively the content key can be decrypted only with the private key. The pairs, both the open and the closed, will also be stored (it is necessary to restore the account and use the same account on different devices) in the context of the user account on the BE (back-end) of the system.

 

Access to the account and the paired key is provided by means of an access key that will be generated every time, if necessary, based on user name and a secret key phrase using a stationary hash algorithm (an algorithm independent of the platform, operating system, or bits) - i.e. the resulting hash key will always be the same on all user's devices.

 

The transmitted p2p messages are encrypted with content keys (symmetric encryption). A content key is formed by the inviting party. To exchange content keys, a pair of keys is generated a public and a private one. This pair is generated once when registering the user and pre-saved on the system's servers, pre-coded with an access key.

A group of users is an entity that is created by one of the users - the owner of the group - who invites in other participants (candidates for inclusion). If a participant accepts an invitation, his/her public key is openly passed for participation in the group. If the same user rejects the invitation, it is excluded from the list of candidates for inclusion. If the user confirms the participation, the owner of the group passes the content key to the newly added user, having encrypted it previously with a new user public key.

 

When a group is created, its owner enters the group name and generates a constant content key for that group. The group content key is stored in the owner's user account, encrypted with the owner's public key. When inviting a user to the group, the content key is sent (by the group owner) to the appropriate invited user, encrypted with the user's public key, and a content key for that group is encrypted and secured in the invited user's account.

 

Accordingly, to send a message to the group, the user uploads (and caches) the content key encrypted with his/her public key and decrypts it with the private key. Next, using the decrypted content key the user encrypts the message sent to the group context (or a file).

 

All the group members, having each on his/her side a proper content key (which has also been downloaded and decrypted), decrypt the sent message or file arriving to their client application.

 

If you remove a user from the group or if the user leaves the group, the information about the content key of this group is removed from the user's account and to regain access the user would need to go through the invitation procedure.

 

Group ownership can be transferred to another private person. The owner of the group can leave the group only after the transfer of ownership. The group can delete only the owner together with all the data.

  • The transport session set between the client and the FE (front-end) server is encrypted with a session key

  • In the context of the transport session messages will be transmitted whose contents will be encrypted (for the p2p or group chat) with a unique content key

  • Unique content key within the chat (p2p or group) will be available exclusively to the chat users, but neither the transportation system nor the server system will not know about it and, consequently, there would be no explicit access to the content. Moreover, content keys (used in symmetric encryption) will be encrypted with the public key from the pair that will be generated during user registration. Thus, the content key can be opened with the private part of the paired key (this information can be accessed only by the owner of the account), and information about the account and the paired key will be encoded in turn with the access key that will be generated each time based on user data - name and key secret phrase - and will not be stored anywhere.