Usher uses the most robust industry standards to incorporate the best practices in system security.
The Usher server architecture is built on Public Key Infrastructure (PKI) to ensure that only authorized Usher users communicate with the Usher server, and only from authorized Usher client devices. The Usher server identifies a valid user by their client’s unique X.509 certificate, which the Usher server generates and assigns when the user initially launches the Usher app. This public-private key cryptography workflow ensures that requests to the Usher server only come from legitimate Usherenabled devices.
Furthermore, the Usher server provides an out-of-band (OOB) communication channel that uses 256-bit SSL protocol to prevent interception of sensitive data over public networks. User authentication occurs through this OOB channel, involving multiple factors (explained below) and employing TLS encryption for all traffic over the channel that does not allow phishing or interception of user credentials. AES-128 GCM encryption protects basic user data such as username and email.
Comments