DESKERIO Security

DESKERIO protects remote support sessions with multiple layers of security: connections are established exclusively via time-limited session PINs, all communication is end-to-end encrypted (AES-256), and all Windows apps are signed with a Microsoft Code Signing Certificate.

Connection setup via 9-digit session PIN

For on-demand sessions, the connection is established using a 9-digit, random, purely numeric session PIN (Personal Identification Number). This PIN can be easily shared with the session partner by phone, email, or chat and is essentially a one-time password that is automatically generated when a session is started. Sessions can only be started by employees of registered companies who have previously authenticated themselves with a username, password and second factor (2FA) via the respective application.

DESKERIO – randomly generated 9-digit session PIN for secure remote support session
Fig 1. - Randomly generated, 9-digit session PIN.

By default, the session PIN is valid for a maximum of 5 minutes1. However, it expires once the invited partner has joined the session using the PIN. Third parties can then no longer join the session with this PIN. This ensures that even in the case of very long remote control sessions, uninvolved third parties cannot gain access to running sessions by “trying out” PINs.

Optional session secret

The session PINs generated by DESKERIO as one-time passwords contain a total of one billion (1x109) possible number combinations due to their 9-digit nature.

To further increase the security of a connection, a session can be secured with a session secret. When this option is enabled, the session partner will need the corresponding 4-digit secret in addition to the 9-digit session PIN. Combining these two random numbers increases the number of possible number combinations to 10 trillion (1*1013).

DESKERIO session PIN with additional 4-digit secret – 10 trillion possible combinations
Fig 2. - Session PIN with additional 4-digit secret.

Delay after entering an invalid session PIN

In principle, anyone can download the DESKERIO application and then try to guess a currently active session PIN that is valid for a maximum of 5 minutes1.

To prevent abuse from the outset, the waiting time for a new entry is doubled for every incorrectly entered PIN on all DESKERIO apps. For example, after seven incorrect attempts, the delay is more than two minutes.

If the session is additionally secured with an optional session secret, the timeout is also doubled each time the session secret is entered incorrectly.

Website, Apps and API

TLS transport encryption

All communication between our websites, apps, and our web and API servers (backend) is always TLS transport encrypted. TLS stands for ‘Transport Layer Security’ and is the successor to the ‘Secure Sockets Layer’ (SSL) encryption protocol, which was replaced in 2015. As with its predecessor, SSL, TLS transport security is always ensured by using the https:// prefix in browsers and applications.

A+ ranking for deskerio.com from Qualys SSL Labs

We regularly analyze our website using the independent testing tool Qualys SSL Labs. This globally recognized tool evaluates websites’ SSL/TLS configurations based on strict criteria. The A+ ranking achieved by deskerio.com confirms the excellent, cutting-edge configuration of our systems and our consistent efforts to protect data transmitted via our infrastructure as best as possible at all times. This A+ ranking is not only confirmed for our website, but also for DESKERIO-Launchpad, web app, and our globally available relay servers.

A+ ranking for deskerio.com at Qualys SSL Labs – TLS encryption for remote support
Fig 3. - A+ ranking for our website at Qualys SSL Labs

Security requirements are constantly changing, and new challenges arise daily. Therefore, the above screenshot is only a snapshot. You can view an updated analysis of our website on Qualys SSL Labs at any time.

A+ ranking for deskerio.com from SecurityHeaders.com

Transport Layer Security (TLS) encryption is only one criterion for evaluating the security of a website. Other important criteria include correctly implementing key HTTP security mechanisms, such as Content Security Policy (CSP), HTTP Strict Transport Security (HSTS), and X-Frame-Options.

We also use the independent online tool Security Headers to regularly check these security mechanisms. This tool confirms that the DESKERIO websites comply with the above security guidelines and receive the top rating, A+.

A+ ranking for deskerio.com at SecurityHeaders.com – HTTP security headers
Fig 4. - A+ ranking for our website at SecurityHeaders.com

Of course, new security requirements are constantly emerging in this area as well. You can always check the current status of our security header implementation here.

End-to-end encryption (E2EE)

In addition to TLS transport encryption, all communications between DESKERIO applications, the customer portal, and the private client API are additionally encrypted end-to-end using public key cryptography in conjunction with AES-256.

This ensures that even in the case of a man-in-the-middle attack, the information exchanged between applications and the API over the public Internet will always remain confidential. This also applies to all screen, mouse, keyboard, and clipboard data transmitted as part of a DESKERIO session, as well as files exchanged via file transfer.

Digital app certificate from Microsoft

DESKERIO für Windows is digitally signed with a code signing certificate from Microsoft. This means that the application has a high Windows SmartScreen Reputation as soon as it is downloaded. This allows the user to start and use the application immediately without any operating system warnings.

Thanks to the digital signature, the user can always be sure that the executable file is an original DESKERIO application and has not been modified by a third party.

High availability and reliability

Our API and relay hubs are currently hosted in more than 30 data centers around the world. This makes our solution highly available on a global scale, and in terms of low latency, users are always routed to a data center that is close to their current location.

Data storage in regional data centers

By default, personal data for all companies based in the European Union will be processed only in EU data centers. However, companies located outside the EU may select an alternative region for data storage when registering. The selected region will be the default location for data stored by the company and its employees in the DESKERIO cloud.

For sessions that are routed through relay servers, it is also ensured that only servers located in EU data centers are used for European companies2.

 

Start now and try DESKERIO® for free.

No credit card required.
Register today and try DESKERIO 10 days free of charge and without obligation.
START FREE TRIAL
 

  1. The validity of the session PIN can be extended up to 10 minutes by administrators in the Customer Portal, if required. ↩︎ ↩︎

  2. The physical location of the user initiating the session always determines the region from which a relay server is selected. If an employee of a European company starts a new session while in the United States, a relay in the United States will be used for that session as well. ↩︎