Technical Details
WebsiteDiscordOverviewSupport
  • Overview
  • Identity Protocol
    • Overview
    • Registry
    • Nodes & NFTs
      • Manufacturer
      • Vehicle ID
      • DeviceID
      • License
    • Auxiliary Contracts
      • Access Control
      • AdLicenseValidator
      • Eip712Checker
      • Mapper
    • Architecture
    • Pairing
  • Device Canonical Name
    • Overview
    • Contracts
      • DcnRegistry
      • DcnManager
      • PriceManager
      • Resolvers
  • Token & Governance
    • Token
    • Rewards
    • Governance
  • Data
    • Platform Components
    • DBC Decoding
    • Software-Only Connectivity
    • Data Storage
    • Validation
    • Data Dictionary
      • Sample Data
  • Hardware
    • Ecosystem
    • Open Hardware Spec
    • Manufacturing License
      • DIMO Memorandum of Understanding
      • Staking $DIMO for a Manufacturer License
    • Device License
      • Device Minting Certificate
      • Hardware and Security Audit
      • Testing and Quality Control
  • Abstraction
    • Sign In With Ethereum
    • Metatransactions
  • Security
    • Methods
    • Audits
    • User Privacy
Powered by GitBook
On this page
  1. Security

Methods

How DIMO Secures User & Device Data

PreviousMetatransactionsNextAudits

Last updated 2 years ago

We adhere to principles of transparency (no security through secrecy) and least privilege. Our communication channels are end-to-end encrypted/ All data access is scoped by roles and we rely on strong user authentication to identify requesters.

Traffic management

All HTTP based traffic to dimo.zone, and related subdomains is routed through . TCP traffic is routed directly to the deployment. All of DIMO's kubernetes run within private VPCs on AWS.

Encryption in transit

All traffic is encrypted with a minimum supported TLS version of 1.2 and HSTS for any communication between user and platform, device to platform or between services in the same VPC.

Hardware Security Modules

DIMO uses hardware based security modules for storage of asymmetric and symmetric encryption keys. Private keys are never exposed anywhere outside of the HSM and DIMO cannot retrieve them.

Backups and durability

DIMO takes full database snapshots on a daily basis and uploads transaction logs for database instances to backup storage every 5 minutes. These snapshots are stored for 7 days, accordingly DIMO can safely restore databases to any point in the last week (with 5 minute granularity) as needed.

Encryption at rest

DIMO-managed databases are encrypted at rest, independently from the fact that any user-data is itself encrypted end-to-end.

Audit logs

DIMO HSM system currently has immutable audit logs generated via Amazon Cloudwatch. Every wrapper key generation, and data key encryption or decryption event appends an entry to the log. In parallel, DIMO logs data accesses from the KMS. DIMO plans to open up these logs to all users and developers in the near future. This will enable end-users to verify how their data is used, as well as developers to audit HSM usage on their end.

​
Cloudflare
​
​
​