What is IMBox Defense?
IMBox Defense is the secure communications solution used by law enforcement and other government agencies in Europe. Protect your organisation's communications with military security.
- High availability
- Safety
- Compliance
High availability
On premise System
Deploy IMBox in your own data centre. IMBox can be deployed On premise creating an independent system fully under your control.
We take care of everything (hardware acquisition and configuration, installation, pre-production testing, launch and communication planning, training, etc.) so that you don't have to worry about anything.
Once the infrastructure has been installed in your data centre, IMBox will prepare communication with users, create official chat groups together with you, send reminders to unregistered users, etc. All to ensure the appropriate level of tool adoption.
Redundant
For customers with strict security and availability requirements, we can deploy IMBox at two geographically dispersed data centres. This ensures that IMBox can continue to operate even if one of the data centres suffers an attack or natural disaster.
IMBox deploys up to 8 servers per data centre (depending on the services purchased). In a 6-machine system, for the system to stop working, all machines at one data centre would have to go down and up to three machines at the second data centre would have to simultaneously go down for IMBox to cease providing a service. This is a very rare occurrence that never happened to any customer.
99.99% uptime
The nature of IMBox Defense client activities coupled with a systemic degree of implementation make IMBox Defense a critical system with no downtime.
As we have already explained, we can guarantee uptime thanks to our deployment at two geographically dispersed data centres.
Our current customers have experienced 100% uptime, thereby guaranteeing 99.99% uptime over the life of the project.
SLAs
IMBox Defense offers you adjusted response and resolution levels for any hardware or software failure that may occur. Response and resolution times are defined according to the level of severity of an incident and its SLA. Response/resolution times never exceed 4h/3NBD, with critical or urgent cases being less than 1h/1NBD.
Maintenance and repair
IMBox includes software and hardware maintenance and repair services during the contract period. This maintenance corresponds to actions or assistance in the event of software or hardware faults.
Should an incident occur, the client informs IMBox and requests maintenance procedure initiation. IMBox will be able to proactively detect incidents and launch the actions it deems necessary to repair the system.
Security
Communications encryption
The random authentication key is obtained via the asymmetric HTTPS exchange of data with the server with TLS. A temporary random authentication key is established during the exchange, which in turn is encrypted by a key derived from the password and username using PBDKF2 with 10k iterations.
The attainment of the temporary authentication key leads to the second phase, in which an AES256-GCM symmetric encryption tunnel is established for subsequent communication. The encryption key used in this second phase is a new random AES256 key for each TCP connection, which is exchanged with the server encrypted with the temporary authentication key.
Breach control
IMBox has developed technology based on document watermarks and signatures so that, in the event of a data breach, the company can establish which user was the source of the breach.
Whether the breach involves a document, file, screenshot or photograph of a chat session, our breach monitoring technology will enable you to establish the source of the breach, thus preventing them from happening.
Encryption during standby
IMBox Defense encrypts the local Core Data database using SQLCipher with AES-256. The encryption key is random and is generated the first time the application is accessed. This key is stored securely encrypted in the iOS KeyChain.
On Android, IMBox Defense stores the local information in an SQLite database located in the application’s private directory. Android ensures that other applications cannot access this directory (as long as the device is not rooted). The database itself is additionally protected by SQLCipher with AES-256, and any additional files, mainly the file cache and multimedia (if enabled) are also encrypted using AES. The key is randomly generated when the database is first created and stored using the Android KeyStore service. Additionally, the user can enable full encryption where permitted by the device and Android version.
Access control
Unlike other solutions where users can create an account simply with a telephone number or access to a corporate email address, no user can access IMBox without first having received an invitation from the administrator.
To do so, the administrator must access the web control panel with their username and password, from where they can invite the users they want via email or SMS. Users need only download the application from the Google Play or App Store and log in using the credentials provided to start communicating with other users on the network.
Remote database deletion
Should a user lose a device with confidential information, or have it stolen, the administrator can remotely wipe the IMBox database from the administration web panel.
IMBox recommends establishing an internal protocol to inform users of the steps to be followed in the event of loss or theft. The main thing would be to notify the administrator, who would then access the web panel, search for the user, select the lost device and click on delete. The backend would then launch the deletion command and the device's database would be destroyed as soon as the mobile phone is reconnected.
Regulatory Compliance
Certified as "ENS Alto"
Certified as "ENS Alto" Sistema de información de SPOTBROS TECHNOLOGIES S.L., which supports the provision of the IMBox Defense CERTIFIED instant messaging service, including its design, development, implementation, maintenance and technical support, installed at the customer's premises in local mode (On premise), per the requirements of Spanish Royal Decree 3/2010 and the declaration of applicability in force.
Common Criteria
IMBox is undergoing Common Criteria certification, an internationally recognised standard for assessing the security features and confidence level of an IT product (ISO 15408).
Common Criteria Certification is recognised by the 27 signatory countries of the Common Criteria Recognition Agreement (CCRA). Additionally, 10 European countries have signed the SOGIS mutual recognition agreement for Common Criteria certifications at higher levels in two technical domains "Smart Cards and similar devices" and "Hardware devices with security boxes".