As we introduce our technology and present it to people, especially to the visitors at the Rise conference in Hong Kong, we usually get these kinds of challenge questions:
- “How does your solution can protect user data from remote IT support person?”
- “That sounds amazing but are you sure?”
Well, we thought about those questions for years – from the time we developed the product concept until now. We have gone through a lot of technical discussions, arguments, and the like, so we are quite sure. In this article, I would like to explain more how our technology could do that.
When you get IT support – either online or offline, your personal data is at risk. The support person can copy your data in a different way. However, there are only two paths they could do that in generally:
- First path: they copy user data to external storage such as USB drive, DVD-RW disk and take the storage away.
- Second path: they copy user data to the external network. It could copy to a shared drive on the network, email it out or just upload to the internet.
Fig 1. The copied paths
For online support, the first path is out because the person could not physically to be at user computer to carry the external storage. The main concern is the second path. So what if we switch off the network of user computer (either using firewall software, physically disconnecting the network cable or turning off the WIFI)?
The assumption sounds funny, isn’t it? If we physically switch off the network, of course, there is no way to copy the data out, but how do we remote access the computer? Then it comes to the interesting part of ELINKGATE technology. In contrary of traditional remote access method where the remote agent will capture the screen changes and send to remote console through the network (see Fig 2).
Fig 2. The traditional remote access method
ELINKGATE technology uses an alternatives way (see Fig 3). The remote agent will talk to eLinkMe (a USB Dongle) through USB interface then the eLinkMe will communicate with Remote Console to update what changes on User computer screen. It does not use the network of user computer…so the network could be switched off during the remote access session. This explains the question rose above.
Fig 3. The eLinkMe remote access method
The protocol between the Remote Agent and eLinkMe is our own protocol, which is encrypted dynamically to make sure no one can hack and use this protocol to send the data out. Therefore, we can say user data is safe during the remote access session.
However, the problem still can happen after the remote access is done when the user switches on the network again. If a spyware or virus is already installed during the session…they can secretly copy the data and sending out. At ELINKGATE, we will implement an extra process to prevent this happen. Every external application that will be run or installed on the User computer need to pack into an application image, and that will be validated by eLinkMe before the IT support person can run it (see Fig 4). The validating process required the Application Image need to be registered before use. If the application is from a big vendor such as Microsoft, Google (this is the most popular case) or the like, the registration process will take a very short since server just needs to verify with original application or check the signature that issues by Windows or Android framework. If an unknown vendor develops the application, the process will take longer, and it requires more information from the vendor.
Fig 4. The Application Image and Validating Server
Now we already prevented the spyware and virus from being installed. Is the user safe yet? There is still a way that creating the system script and makes it runs at boot…however, this can be eliminated by scanning the change of registry or startup script after the remote session is over. This is not a complicated thing so I will not elaborate more about this.
Finally, user privacy is important for all of us. ELINKAGE is proud to work on something meaningful. However, things keep changing and what we thought of today may not work tomorrow. That requires a constantly improving process. We would love to hear the feedback and challenging. Please send us your ideas and comments.