Security

Administration Interface

All user accounts are protected by an email address and password. 256 bit TLS is used to encyrpt traffic between
the web browser and user interface (when SSL Certificate installed). All passwords are hashed (bcrypt) before storage.
Live traffic analysis is performed to prevent brute force attacks. All actions, including failed password
attempts, are stored in an audit log that can not be deleted.

Devices

There are two layers of security between devices and servers.
All data on the first layer is digitally signed by a 2048 bit private key.
Devices verify the data using their public key prior to invoking second layer communications.
The second layer uses digital signatures in additional to an optional 256 bit TLS connection.
Keys can be automatically rotated in the event of a private key security breach.

Servers in Europe, America and Asia from multiple cloud service providers use asynchronous replication with eventual consistency to provide low latency connections, scalability and resilience worldwide.
Multimedia is stored and delivered from Amazon S3 and Google Cloud Storage. Additional storage and CDNs can be configured.

Please contact your digital signage administrator before connecting 100 or more screens.

Automatic Network Setup

No inbound ports need to be opened in your firewall. Blob data sharing on local area network requires
no additional configuration.

Daily Bandwidth Estimate

The following estimates are based on loader comms every 30 seconds and player comms every 1 minute with infrequent updates over
a full 24 hour period. Transfer of multimedia (Blob communications) must be added to estimations. Blob data is only transferred
once and cached locally.