Online Repository
The data and files you store in our online repository are safeguarded by methods chosen for their appropriateness and security standards.
RB9
- Database
RB9 stores the password using secure hash algorithm SHA-512, so no one can decrypt
the password.
RB9 store sensitive data, such as birthdays, SSN, and Tax ID, using AES 256-bit
algorithm. The symmetric key is stored in SQL Server, and its password is managed by
OMTI. This means if someone steals the data, they cannot decrypt the data even if they
know the password.
The SQL Server cannot be accessed from other locations. Only our web server can
access. - Application
RB Connect uses an SSL with 2048-bit signatures and 256-bit encryption.
RB Connect only allows access via TLS 1.1/1.2. Other security protocols, such as SSL, TLS
1.0, which are outdated and vulnerable, cannot access RB Connect.
RB Connect uses the Microsoft Azure platform. Azure is HIPAA, TRUSTe, PCI DSS, NERC
CIP compliant. Additional Azure security info
More security measures will be applied in the future.
RB8 & MR8 - Database
These applications store sensitive data, such as password, birthdays, SSN, Tax ID, and
date of death (MR only), using AES 128-bit algorithm. Plus, the encryption key is
managed by OMTI.
The security of the SQL Server is managed by the client themselves, except RB8
Cloud and MR8 Cloud clients, whose servers reside in the cloud on the MicroSoft Azure
platform. - RB Web 8 & MR Web 8
These applications use an SSL with 2048-bit signatures and 256-bit encryption.
These applications only allow access by TLS 1.1/1.2. Other security protocols, such as
SSL, TLS 1.0, which are outdated and vulnerable, cannot access RB Web or MR Web.
These applications use the Microsoft Azure platform. Azure is HIPAA, TRUSTe, PCI DSS,
NERC CIP compliant.
These applications follow OWASP (Open Web Application Security Project) guidelines,
documentation, and tools to develop secure websites. The level of security is set to
maximum potential giving your RB Web/MR Web a rating of A+ according to content
security policy and security headers testing.