How can documents be exchanged securely on the digital way while still retaining their authenticity? What can be done to avert reading and intercepting documents?
The encryption technologies of Next Generation Document Exchange provide the answer: on the one hand, the transport route of the document can be encrypted, and on the other, the document itself can be encrypted. Trust, sensitivity and data security are three central issues when it comes to modern communication solutions. Since telephony, and thus fax as well, has been routed over IP routes, intercepting and reading documents has become much easier. It is already possible through use of malicious software. NGDX uses various encryption technologies to prevent documents from being read or intercepted. Both the document itself and the transport route are encrypted. The following paragraph gives an insight into the two technologies used by NGDX.
The encryption of documents prevents documents and their contents from being viewed. NGDX combines two different encryption methods: asymmetric and symmetric encryption.
NGDX combines both methods in so-called hybrid encryption. The dynamically calculated symmetric key is used to encrypt the document. The symmetric key is secured with the help of the key pair. Here is how it works:
- The sender calculates a random symmetric key. The sender uses this key to package the document.
- The sender uses the recipient's public key to pack the symmetric key.
- After successful transmission, the recipient decrypts the symmetric key using its own private key.
- Now the recipient has the symmetric key available and can decrypt the document.
Although the documents are transmitted unmanipulatably using hybrid encryption, it is still possible to identify the communication participants involved. This aspect can be regulated with NGDX using transport encryption.
NGDX is based on IP communication in the telephone network. As with telephony, the communication between the individual hops on the telephone line can be encrypted using TLS. In detail, this means that a trustworthy connection can be established from the server with the application for NGDX to the customer's solution. However, each participant on the route can only request encryption for their own connections. At each intermediate station, the transport encryption is broken and ideally re-established during the connection to the next subscriber. Our conclusion is therefore: There is no guarantee for end-to-end encryption. In addition, the data retention laws require carriers to store metadata on communications. For these reasons, we do not currently consider encryption of the transport route to be given.