Goose mainly has two communication channels:
- Client - Cloud: this is the channel between the central cloud system and the various clients using the system
Cloud - gooConnector: this is the channel between the central cloud system and the internal company infrastructure.
All clients communicate with a central Cloud system on HTTPS port (443). The connection is protected with 256-bit encryption and uses TLS 1.0.
The connection has been encrypted using AES_256_CBC, with SHA1 for message authentication and RSA as the primary key exchange mechanism.
To further increase the security level an additional encryption level has also been developed on the JSON Web services both during SYNC and SEND.
Each message not only travels on a secure channel but is further encrypted with AES_128_CBC thanks to a pair of session keys (public/private).
In fact, when each user logs in, they are assigned a public key and a private key. The latter is recorded on the central server, whereas the public key is sent to the user during login and will be used by the client for encryption/decryption processes to and from the Cloud server.
The pair of keys is valid until the user logs out or if the latter is disabled by the central system The keys used can no longer be regenerated and/or re-used by the central system..
As for the gooConnector, a direct connection is established on port 3306 shielded by an IP firewall. The connection is managed directly by the server side application installed on own machines. Only the IP of the assignee company machine is able to communicate with the Cloud server on the communication port.
Do you want to ask us something?
Contact us at email@example.com