 |
Physical, Network and Legal Security |
|
|
Intrinsic Data Security |
|
 |
Data Access Controls |
|
a. |
Permissions and Log-ins, with Optional Encryption in Transit |
|
Client venue administrators are given four levels of "company relationship" and five levels of "permission" within them to control the awarding of access to users. With the purchase of an SSL Certificate, passwords and User IDs may be encrypted when entered during the log-in process. |
|
b. |
Never-revealed User IDs |
|
The user registration process may be designed to avoid transmission of explicit User IDs over the web; this is done by requiring each corporate user to register his Company Employee ID as part of the process (optionally encrypted in transit) and then notifying him to use his (unrevealed) Employee ID as his log-in User ID. |
|
c. |
Custom Registration Screenings |
|
Corporate clients may require registered email addresses to end in a corporate suffix or otherwise program custom screening methods for new registrations. All new registrations are flagged for review by emails sent to venue administrators, and standard reports can identify all registrations and log-in activity over a specified time period for each company venue. |
|
d. |
Pseudo Intranet Linkage |
|
Dynaprice venues may be designed to screen out all HTTP requests not arriving from an approved list of corporate network proxies. This can limit access to private internal redeployment sites to users logged into a corporate intranet -- but without Dynaprice having to know the employees' secure access codes or having access to anything behind the corporate firewall, in other words, without Dynaprice representing a security threat.
|
 |
