TouchIT Notes operates using a selection of networked services developed in-house by our team. These include:
- An HTTP-based REST API.
- Several general-purpose services via WebSockets (when connecting using cloud functionality).
When running TouchIT Notes, the host device will act as the server. All virtual servers providing services are controlled by TouchIT Notes. All client connections to the host are made using encrypted connections – HTTPS (HTTP over SSL/TLS) for HTTP (and WebSocket) protocol.
When connecting to a session using cloud services, no content is stored on our servers; they are used solely for tunneling information between host and participant.
The host will enforce encryption by only allowing TLS connections. No unencrypted connections are accepted by any server or service.
Connections are encrypted point-to-point: from client (mobile phone, tablet, PC) direct to host.
Session tokens are required to access services not using explicit user-entered login credentials. These session tokens are only exchanged through encrypted channels from client-to-server and server-to-server and are encrypted in both directions.
The certificate used in the servers uses a SHA-256 with RSA Encryption algorithm. Key size is 2048 bits.