Defense
in Depth
Four independent security layers protect every document from creation through delivery. No single point of failure. Every action logged.
Zero Exposed Ports
Zero Exposed Ports
All services run on internal ports only. No direct internet exposure. External access exclusively through Cloudflare Zero Trust tunnels. Attack surface: zero.
Cloudflare Zero Trust
Every request passes through Cloudflare's edge with identity verification, device posture checks, and geo-restrictions before reaching the tunnel.
Rate Limiting
Configurable per-endpoint rate limits with sliding window counters. Automatic blocking with exponential backoff for repeat offenders.
Webhook Validation
HMAC-SHA256 signature verification on all inbound webhooks with timestamp validation and replay attack prevention (5-minute window).
Session Isolation & Control
| Control | Mechanism |
|---|---|
| Authentication | OTP-based verification for all signing and viewing sessions (6-digit, 5-minute window) |
| Authorization | Three-tier governance model (Tier 0 auto, Tier 1 OTP, Tier 2 manual) |
| Session Isolation | Unique session IDs with time-limited access tokens per recipient |
| Viewer Protection | Copy, print, download, screenshot prevention in SDC viewer |
| Export Policy | Four-tier export control: none / watermarked / redacted / full |
| Forensic Watermark | Invisible per-session watermarks enable leak traceability to session/identity |
Military-Grade Primitives
| Primitive | Algorithm | Application |
|---|---|---|
| Encryption | AES-256-GCM | At-rest document and backup encryption |
| Hashing | SHA-256 | Document fingerprinting and hash-chain integrity |
| Key Derivation | PBKDF2 (100k iterations) | Encryption key generation from passwords |
| Signatures | HMAC-SHA256 | Webhook validation and document signing |
| Canonicalization | Deterministic | Reproducible hashing across all formats |
Immutable Audit Infrastructure
Encrypted Backups
AES-256-GCM encrypted archives with 7-day rotation, chain verification, and point-in-time recovery capability.
Immutable Ledgers
Seven independent hash-chain ledgers tracking governance, access, signing, conversation, perimeter, backup, and lifecycle events.
Health Monitoring
Real-time system health dashboard on port 3005. Service readiness checks, IPFS connectivity, and backup status monitoring.
Perimeter Logging
Every network event logged: access grants, denials, rate limits, validation failures, and replay attempts. Tamper-evident ledger.
Active Security Controls
| Control | Layer | Status |
|---|---|---|
| Zero Trust tunnels | Network | ACTIVE |
| Rate limiting | Network | ACTIVE |
| HMAC webhook validation | Network | ACTIVE |
| Replay prevention | Network | ACTIVE |
| OTP verification | Application | ACTIVE |
| Tiered governance | Application | ACTIVE |
| Viewer protection | Application | ACTIVE |
| AES-256-GCM encryption | Cryptographic | ACTIVE |
| SHA-256 fingerprinting | Cryptographic | ACTIVE |
| Hash-chain ledgers | Cryptographic | ACTIVE |
| Encrypted backups | Operational | ACTIVE |
| Health monitoring | Operational | ACTIVE |