High5.ID Knowledge Base
< All Topics
Print

What encryption is used to protect student credentials?

High5.ID stores sensitive information: student numbers, phone numbers, emails, date of birth, etc.
We are bound by regulations and common sense to provide the best possible protection to ensure that this data remains confidential.
To do this, High5.ID provides industry-standard protection against unauthorized collection of data.

The places where data needs protection are:

  1. “At rest”: data stored on the server
  2. “Transfer”:  the time of transfer from our server to a client device.

 

At rest:

We use Google Firebase and Firestore to store student data.
Firebase encrypts the data at rest using the 256-bit Advanced Encryption Standard (AES).
Additionally, each encryption key is itself encrypted with a regularly rotated set of master keys.

Reference link: https://cloud.google.com/firestore/docs/server-side-encryption

 

At the time of transfer:

Communications with Firebase are secured using an https secure connection; data is secured while transfer using Transport Layer Security (TLS).
This prevents “man in the middle” attacks, so we know that only authenticated users are able to pull information from our database.

Table of Contents