|
Online Backup - Client's Security Encryption
Keys
In order to secure customer information that is transferred to the Online Backup
Datacenter, the online backup software encrypts every file it sends to the Online
Backup Datacenter with secure encryption keys provided and created by the customer. The files remain encrypted
in the Online Backup Datacenter at all times.
The decryption process occurs during the restore operation on the online backup
client itself. This ensures that any information transferred and stored outside
the customer location is always encrypted. Currently, the online backup software uses AES
encryption algorithm (128-bit, 192-bit, or 256-bit).
Configuration and Location of Online Backup Encryption Keys
The online backup encryption keys are configured during the online backup
software installation or with the online backup client configuration program. Encryption keys are stored in the
registry in encrypted form, so even a person
with full access to the online backup client computer (like administrators)
cannot find out the values of the encryption keys.
Online Backup Encryption Key Types and Usage
The online backup client software can be configured with two encryption keys: a private
key and an account key:
Online Backup Private Key (Mandatory)
This is a default encryption key that always used by the online backup client
except in the cases outlined below.
Online Backup Account Key (Optional)
If the customer account has more than one online backup client installation,
each online backup client for this customer account must be configured with the
same account key. An online backup client that is configured with the wrong (or
no) account key will not be granted connection to Online Backup Datacenter.
There are two cases when the account key is used to encrypt customer files.
One is when using shared/attached backups sets. The other is if the online
backup client discovers (during the backup process) that a backup file was
already backed up to the Online Backup Datacenter by another online backup
client within same customer account. In this case, the file will be located in
the account library area and encrypted with the account key.
Online Backup
Encryption Key Verification
In order to ensure that the online backup client uses the same encryption keys
as were initially configured (reinstalling online backup client or hackers), the
Online Backup Datacenter is able to verify the online backup client key
integrity on every connection. This is accomplished by comparing the encryption
cookies (code generated with the encryption key, but not the key itself) that
the online backup client sends on every connection request, with the cookies
that the Online Backup Datacenter received during the initial online backup client
registration.
Intentional or unintentional changes to the encryption keys will make data
stored at the Online Backup Datacenter unusable. This verification process
ensures integrity of both private and account keys (account key verification
ensures that all online backup clients for the same customer account are
configured with the same account key).
End of Online Backup Knowledge Base
Article. |
