What are the hardware components of the Dividat Senso?
The Dividat Senso consists of a input device (plate), computer and a screen
What are the specifications of the computer that is used with the Dividat Senso?
The computer that is to be used with Dividat Senso will be made available by Dividat. The computer has the following hardware specifications:
- TERRA MiniPC V3 Black (Barebone)
- CPU Intel Core i3-7100 / LGA1151 / Tray
- RAM SO-DIMM DDR4 4GB / PC2400 /UB/ Samsung
- SSD Flare 2.5" 60GB Patriot S11 SATA 3
- Operating System: Linux (NixOS-based)
- 24 hours on premise service for 24 months
Dividat Play is a web application: Which sites are visited on Chromium?
The web address is called: https://play.dividat.com. Here, the game application is run as a HTML5/JS application.
Which web addresses are visited by the application in the background?
The Play application (i.e. the interface where the games run) visit the following addresses in the internet:
- api.dividat.com per HTTPS (TCP-Port 443)
- play.dividat.com per HTTPS (TCP-Port 443)
Additionally to the Play application, a small driver application runs as a Proxy between Play and hardware. Play accesses the driver through a HTTPS connection (Port 8380 and 8382) on the loopback address (127.0.0.1).
The driver application additionally accesses the following sites:
- dist.dividat.com per HTTPS (TCP-Port 443): automatic updates.
- log.dividat.com per AMQPS (TCP-Port 5671): automatic notification of errors.
Which addresses should be unlocked?
Dividat is continuously developing new services which might be transferred to other addresses in future. Please unlock access the following connections, that include the above mentioned services:
- All HTTPS connections (TCP-Port 443) to sites with domain name: *.dividat.com
- Encrypted AMQP connection (TCP-Port 5671) to domain log.dividat.com
How is remote maintenance handled?
To take care of manual configurations/updates or to manually fix errors, we installed a management system that bases on ZeroTier (https://www.zerotier.com/). Because of the Peer-to-Peer nature of ZeroTier we cannot define which sites may be unlocked. The system can be deactivated/blocked without any influence on the game play. In the next months (when we have more confidence in sound functioning of all the systems) we will deactivate the system by default.
Security Cloud Software
Why is the Dividat software a cloud product?
Our web-based applications are easily accessible on both touch and desktop devices, requiring only an Internet connection and modern browser. In this way, staff can access and work with training data from their desks. Other than the dedicated computer used alongside the Senso hardware, no special hardware or software setup is needed. By delivering the applications through the Internet, we can continuously work on extending, improving and securing them in an economical manner, reducing both cost and maintenance effort for our customers. We believe this is crucial for enabling a large portion of our customers to securely operate the software.
What kind of customer data is processed and what does Dividat do with it?
The core of the personal data processed by our software is a history of each individual's training progress, comprising of exercise time and results. Beyond this, personal information (such as name, sex and date of birth) can but don't need to be stored in the system. Our software also offers aids for performing various assessments, the results of which are then stored for correlation with exercise results. All of this personal data is stored and processed exclusively to serve the customer's needs and is not passed on to third parties or used to mine information. During the operation of the client and server software, logs are collected for monitoring the health of the instances and ensuring proper functioning. Logs relate to events in the servers, software and data bases, and do not contain information about individuals. After a period of 60 days, all logs are deleted from our servers. Aggregate, non-personal information about organizations may be accessed by Dividat to support in the use of the software. Upon customer request, Dividat employee may also access individual data to analyse or resolve customer issues.
How is the data stored?
The personal data at the heart of the software is stored in Swiss datacenters operated by Nine Internet Solutions AG, where various physical measures against data theft and loss are in place. Additional server infrastructure is operated in Switzerland and Germany, but does not handle any data that is directly relatable to any person. The passwords of customers are stored in hashed and salted form. Access to our core backend servers is limited to selected Dividat employees and requires hardware tokens for authentication. The configuration of the servers is subject to version control and repeatable ("infrastructure as code"), patches are applied on an ongoing basis. Recovery backups are created nightly and removed after a period of 7 days.
How is the data secured in transit?
Both our clients and backends require HTTPS, using TLS 1.0 to 1.2. Where TLS 1.0 is still being offered, additional MitM mitigation mechanisms are in place. Authentication endpoints are subject to rate limiting to prevent brute force attacks.
How is the Dividat software developed and deployed?
The software Dividat develops undergoes peer review and is subject to version control. Continuous integration (CI) is in place to automatically run tests each time the software is changed. We use multiple channels for publishing the software, such that new releases can be tested first internally, then with select partner organizations, and only then be made generally available.