Defense in Depth
Four security layers protecting every document from creation through delivery.
Network Layer
Zero Exposed Ports
All services run on internal ports only. No direct internet exposure. External access is exclusively through Cloudflare Zero Trust tunnels.
Cloudflare Zero Trust
Every request passes through Cloudflare's edge network with identity verification, device posture checks, and geo-restrictions before reaching the tunnel.
Rate Limiting
Configurable per-endpoint rate limits with sliding window counters. Automatic blocking with exponential backoff for repeat offenders.
Webhook Validation
HMAC-SHA256 signature verification on all inbound webhooks with timestamp validation and replay attack prevention.
Application Layer
| Control | Implementation |
|---|---|
| Authentication | OTP-based verification for all signing and viewing sessions |
| Authorization | Three-tier governance model (Tier 0 auto, Tier 1 OTP, Tier 2 manual) |
| Session Isolation | Unique session IDs with time-limited access tokens |
| Viewer Protection | Copy, print, download, screenshot prevention in SDC viewer |
| Export Policy | Four-tier export control (none, watermarked, redacted, full) |
| Forensic Watermark | Invisible per-session watermarks for leak traceability |
Cryptographic Layer
| Function | Algorithm | Purpose |
|---|---|---|
| Encryption | AES-256-GCM | At-rest document and backup encryption |
| Hashing | SHA-256 | Document fingerprinting and chain integrity |
| Key Derivation | PBKDF2 (100k iterations) | Encryption key generation from passwords |
| Signatures | HMAC-SHA256 | Webhook validation and document signing |
| Canonicalization | Deterministic normalization | Reproducible hashing across formats |
Operational Layer
Encrypted Backups
AES-256-GCM encrypted archives with 7-day rotation, chain verification, and point-in-time recovery capability.
Immutable Ledgers
Seven independent hash-chain ledgers tracking governance, access, signing, conversation, perimeter, backup, and lifecycle events.
Health Monitoring
Real-time system health dashboard on port 3005. Service readiness checks, IPFS connectivity, and backup status monitoring.
Perimeter Logging
Every network event logged to the perimeter ledger: access grants, denials, rate limits, validation failures, and replay attempts.
Security Controls Summary
| Control | Layer | Status |
|---|---|---|
| Zero Trust tunnels | Network | Active |
| Rate limiting | Network | Active |
| HMAC webhook validation | Network | Active |
| Replay prevention | Network | Active |
| OTP verification | Application | Active |
| Tiered governance | Application | Active |
| Viewer protection | Application | Active |
| AES-256-GCM encryption | Cryptographic | Active |
| SHA-256 fingerprinting | Cryptographic | Active |
| Hash-chain ledgers | Cryptographic | Active |
| Encrypted backups | Operational | Active |
| Health monitoring | Operational | Active |
| Deterministic processing | Cryptographic | Active |
Compliance
| Standard | Coverage |
|---|---|
| ESIGN Act (2000) | Digital signature ceremonies with full consent capture |
| UETA | Electronic records with attribution and integrity |
| SEC Rule 17a-4 | Immutable storage via IPFS with hash-chain verification |
| SOC 2 (alignment) | Access controls, audit trails, encryption at rest |
| TCPA | Opt-in consent, STOP/HELP handling in telecom layer |