Collaborate Disseminate
My requirement is to implement auto-login URLs for one-click authentication. We will generate an URL with a login token (e.g. https://my-company.com/autologin?token=${autoLoginToken}), which will act as a credential in our authentication.
… Continue reading Usage of OTPs in combination with long-lived auto login URLs
We are currently implementing envelope encryption to securely encrypt sensitive data(name, emails, phone numbers, photo, previous employers etc.) about our users. However, we are now thinking about to implement browser-side caching to redu… Continue reading Browser- side caching of encrypted sensitive informations in sessionStorage?
Our system produces preview images of A4 documents, which contain sensitive data (email, phone numbers, social networks and adresses) of our users. We would like to save those preview images in our cloud, to later present them to the corre… Continue reading Extraction of sensitive data out of down- scaled images
We are currently implementing an envelope encryption scheme in order to securely store PII data in our database. That means we will have a user- specific DEK (data encryption key), and a KEK, which will get derived from the user’s password… Continue reading Envelope Encryption: KEK management in Auto- Login case
Hello InformationSecurity community!
I have the following situation, and seeking for advice for our security architecture.
I am working for a client, who creates a resume builder app, where users can enter their details (e.g. email, phone … Continue reading Encryption of localStorage/indexedDb with server-side PBKDF2 derived secret secure?