The diagram shows the security aspect of end-to-end encryption between sending system, ONEiO and receiving system. There are the following steps:
- Sending system (Customer A in the diagram) sends a message with HTTP over TLS (HTTPS). Client can ensure that it's sending to ONEiO by trusting the certificate of the CA that has signed ONEiO's certificate. HTTPS communication ensures that messages cannot be read or forged by any third party.
- ONEiO encrypts the message that it has received and stores it to it's database. ONEiO servers have an encryption key used in the AES-256 encryption. This key is generated by ONEiO and known only by ONEiO, so even if someone could get access to the DB, they cannot read the message payloads. The database stores the data and backups using AES-256 encryption as well.
- ONEiO decrypts the message from database when it is transforming and translating it from source to target format. The message stays in plaintext form only in server memory. The produced target message is encrypted and stored to database.
- ONEiO decrypts the target message before it is being sent with HTTP over TLS to the target system (Customer B in the diagram) so that the target system can read it. HTTPS communication ensures that messages cannot be read or forged by any third party.
Customer's end-user can access the message data in plaintext form through ONEiO UI.