Protecting your private information 24/7
MedeFile's security architecture ensures that its services are provided with the highest degree of privacy and integrity using well established, proven security methodologies. The architecture provides multiple lines of defense with each line employing a distinct mechanism. MedeFile's security architecture addresses the following key areas:
Network Communications Security
All Internet connections between MedeFile and its users employ the SSL protocol using a 256-bit key. Originally developed by the Netscape Communications Corporation, the SSL protocol provides security and privacy over the Internet and supports both client and server authentication. MedeFile purchases its certificates from Geotrust, a leader in the security field in order to limit the possibility of fraud.
The SSL protocol authenticates our server to your computer -- so you know it is MedeFile you are working with -- before sensitive data is exchanged by higher-level applications. The SSL protocol uses message and authentication codes to maintain the integrity of the connection. Data exchanged during an SSL session is encrypted in both directions and each MedeFile client application uses SSL to communicate to the MedeFile Server.
MedeFile members authenticate to the system using a user name and password. Members may change their password at any time during their membership. MedeFile web servers authenticate themselves to the browsers in a SSL session using Secure Server, Class 3 Digital ids issued by Geotrust.
The MedeFile application security starts with web servers that process Internet HTTP transactions from clients that communicate over the Internet via authenticated and encrypted SSL sessions. Each valid MedeFile user has a user ID on the system. MedeFile applications provide privacy to sensitive data by encrypting the data. The Security System database fields that contain especially sensitive information are stored in encrypted form and decrypted only when made available to authorized and authenticated requesters. All data accesses are logged in permanent, archived records and all access requests without proper credentials or application authentication tokens are reported to the real-time security alert system.
The MedeFile site physical security system consists of comprehensive set of proprietary physical and logical controls and a multi- layered internal network. In addition, MedeFile has implemented strict facility and development protocols that ensure the safety of physical access and site-wide restrictions on resource availability and authentication control for all MedeFile users, staff and support personnel.