Security
The following information details the current security provision for the
Component | Security measures |
---|---|
Decipher Web Client |
|
RabbitMQ |
|
Decipher Server |
|
Decipher Automated Clients |
|
Communication security
Decipher Web Clients and Decipher Server
Communication between Decipher Web Clients and the Decipher Server uses TCP with Secure Sockets Layer (SSL) enabled and is TLS 1.2 supported.
Validation of the server certificate chain at the client side is turned off in order to allow the use of self-signed certificates. This provides flexibility when creating the encrypted communication channel. Once the communication channel is created, the Decipher Server requires authentication and accepts requests only from authenticated clients.
Blue Prism and Decipher IDP
The following security currently applies to the communication between Blue Prism and Decipher IDP:
- To send batches from Blue Prism runtime resources to Decipher IDP, the VBO uses TCP with Secure Sockets Layer (SSL) enabled. The server contains a fixed certificate, which does not need to be added separately, to prevent casual interception of document data.
- To retrieve completed batches from Decipher IDP, the VBO uses standard RabbitMQ communication. This doesn’t currently support TLS but only returns the batch ID and the document IDs it contains.
- Runtime resources that secure inbound connections are configured to support TLS 1.2 by default, this includes instructional and web service connections in addition to outbound HTTPS connections.
- Completed document data is retrieved by Blue Prism from the Decipher Server servers using TCP with Secure Sockets Layer (SSL) enabled.
Runtime resources and RabbitMQ
The RabbitMQ messages between Decipher IDP and Blue Prism contain only the batch ID and document IDs. The messages between the Optical Character Recognition (OCR) component and Decipher Web Client do contain text extracted from the documents, as they are stored on the same machine as Decipher Automated Clients. TLS is currently not supported for external RabbitMQ access, as required for high-availability, but will be addressed in a future release.