Security

The following information details the current security provision for the Decipher IDP components and inter-component communication.

Component Security measures

Decipher Web Client

  • The Decipher Web Client can be bound to a certificate for HTTPs.

  • Local data can be secured by using secure storage.

RabbitMQ

  • TLS encryption can be used for encryption in transit.

  • No Data at Rest capabilities.

Decipher Server

  • Communication is secured through certificates.

  • No data stored locally.

Decipher Automated Clients

  • Communication is secured through certificates.

  • No data stored locally.

Communication security

Decipher Web Clients and Decipher Server

Communication between Decipher Web Clients and the Decipher Server uses TCP with Secure Sockets Layer (SSL) enabled and is TLS 1.2 supported.

Validation of the server certificate chain at the client side is turned off in order to allow the use of self-signed certificates. This provides flexibility when creating the encrypted communication channel. Once the communication channel is created, the Decipher Server requires authentication and accepts requests only from authenticated clients.

Blue Prism and Decipher IDP

The following security currently applies to the communication between Blue Prism and Decipher IDP:

  • To send batches from Blue Prism runtime resources to Decipher IDP, the VBO uses TCP with Secure Sockets Layer (SSL) enabled. The server contains a fixed certificate, which does not need to be added separately, to prevent casual interception of document data.
  • To retrieve completed batches from Decipher IDP, the VBO uses standard RabbitMQ communication. This doesn’t currently support TLS but only returns the batch ID and the document IDs it contains.
  • Runtime resources that secure inbound connections are configured to support TLS 1.2 by default, this includes instructional and web service connections in addition to outbound HTTPS connections.
  • Completed document data is retrieved by Blue Prism from the Decipher Server servers using TCP with Secure Sockets Layer (SSL) enabled.

Runtime resources and RabbitMQ

The RabbitMQ messages between Decipher IDP and Blue Prism contain only the batch ID and document IDs. The messages between the Optical Character Recognition (OCR) component and Decipher Web Client do contain text extracted from the documents, as they are stored on the same machine as Decipher Automated Clients. TLS is currently not supported for external RabbitMQ access, as required for high-availability, but will be addressed in a future release.