Home • LIQUIDpedia • Security
Maximum data security for your measured values
Main features of LIQUIDTOOL data security
- Integrated TPM chip (Trusted Platform Module) for establishing a public key infrastructure (PKI) with private and public keys for asymmetrical encryption of all data
- Protection from spoofing, in other words attackers who initially appear to be trustworthy, by excluding external devices from the platform
- Option for tracking the origin, authenticity and integrity of all data
- Keycloak-based authentication server only allows access to measurement data for authenticated persons and systems within the customer account
- Symmetrical encryption of all data using the common HTTPS protocol (HTTP over TCP/IP with TLS) for protection against sniffing attacks and man-in-the-middle attacks
- Consecutive numbering of all measured values so that data cannot be deleted unnoticed
Maximum security for your data
The LIQUIDTOOL Manager makes it possible to access your measurement data from anywhere at any time. The protection of your measured data is of key importance for us. That is why the Liquidtool Manager and Sensor have various technical elements that guarantee maximum encryption and protection against unauthorized access:
- TPM chip in the sensor for establishing a public key infrastructure for asymmetrical encryption
- Processing of all login requests via an authentication server with keycloak
- HTTPS encryption of all incoming and outgoing data
- Consecutive numbering of all measured values recorded by the Liquidtool Sensor
- Secure data storage in Western Europe (Microsoft Azure)
TPM chip in every device
Data security is of key importance for us. That is why all Liquidtool devices have a TPM (Trusted Platform Module) chip. This chip makes it possible to set up a public key infrastructure (PKI) and thus guarantee a high standard of security.
The TPM chip generates its own key pair for each device, consisting of a public key and a private key for asymmetrical encryption. Data encrypted with the public key stored in the Liquidtool Manager can only be decrypted with the private key stored directly in the Sensor.
Even if the Sensor sends data to the Manager, this is signed in such a way that it can only be decrypted with the public key stored in the Manager. This enables us to guarantee that your data cannot be manipulated and that the origin and authenticity of your data can be traced at any time.
The PKI also protects you from spoofing attacks, i.e., from attackers pretending to be trustworthy users: Your Liquidtool Manager will only accept data that is linked to the public key stored in the Manager.
Keycloak-based authentication server for checking all accesses
The Liquidtool Manager is the centerpiece of the Liquidtool environment. After all, your measured values are not the only thing automatically saved on the platform.
The ticketing system that allows you to enter error messages, for example, also runs on the platform. This ticketing system is used to efficiently manage the receipt, confirmation, classification and processing of customer inquiries by creating a so-called ticket for each of your issues, which is forwarded directly to our experts.
All these tickets go through our authentication server equipped with Keycloak, which then checks that users and systems have the appropriate authorizations to access the Manager.
Keycloak creates secure identities for all users, stores them securely and enables identified users to access the platform using a single authentication process (single sign-on). All stored measured values are therefore only visible to the users and Liquidtool linked to the customer account. They cannot be accessed by third parties.
Encryption of all incoming data
Regardless of whether it entails user data, API calls from external systems or measurement data that your Sensor automatically collects – all data received by the Manager is encrypted using the common HTTPS protocol (http via TCP/IP with TLS). This enables us to protect your data from sniffing attacks and man-in-the-middle attacks, for example.
In sniffing attacks, attackers eavesdrop on the data traffic in a network. In man-in-the-middle attacks, the attacker switches between the computers communicating with each other and can intercept, view or manipulate data at will.
Symmetrical encryption of the exchanged data provides protection against these and similar attacks. This means that the server on which the data is received first checks the certificate of the server from which the data is sent and only accepts it if it complies with the defined validity and trustworthiness standards.
Consecutive numbering guarantees the traceability of all measured values
All measured values collected by the Liquidtool Sensor and sent to the Manager are assigned a consecutive number and a timestamp and saved in the Manager. This is how we ensure that no data is accidentally deleted or lost.