The Lochbox desktop and mobile application only connects to the Lochbox servers, and the organization’s key management server using the latest TLS (TLS 1.3).
Desktop and mobile devices each have their own private key. Devices are not trusted until a user fully authenticates upon the device. When a user logs out of a device, in-memory content is removed. Devices can also be flagged as untrusted, which has the effect of blocking user logins.
Other than user login and registration, all interaction from the device to the servers require an Authorization Token that is acquired upon successful login. When these Authorization Tokens expire, the user has to re-authenticate.
The Lochbox Cloud Servers are used for signaling, i.e. how calls and texts are directed to and from devices, where the organization’s Key Management Server (KMS) is where the devices acquire the needed content decryption keys. The decryption key is only distributed to the device after access permissions have been verified. Content is only decrypted on an authenticated, trusted, device. In all other cases, even under the redundant TLS transport encryption and even when stored on disk, the content is encrypted.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article