End-to-end encryption

Every document and message is protected by multi-layered encryption and zero knowledge is maintained in every interaction, surpassing every competitor.

Verified integrity

All documents and messages are signed using private keys to guarantee the identity of the sender and authenticity of the content.

No user error

Dekko's encryption mechanisms are completely transparent to end-users, removing the risks of manual key/certificate management.

Secure web app

DekkoGov and DekkoPro are available as fully-featured web apps that don't require any special installs or manual updates - just a modern web browser.

Private notifications

Dekko does not expose any sensitive information in its notifications to users, and does not rely on email systems for sharing.

Strong permissions

Configurable to an individualised level, access and permissions for content sharing are powerful and intuitive, even for large groups.

Powerful authentication

Enforceable TOTP 2FA and support for Azure Active Directory authentication to leverage your Conditional Access controls.

Certified hosting

DekkoGov and DekkoPro are hosted on highly compliant Microsoft Azure cloud infrastructure with Australian data residency.

Security enabled by DekkoHubs:

Misaddressing prevention

Documents and messages sent in DekkoHubs can be restricted to members-only, meaning it is impossible to send content to the wrong person.

Visibility control

Every member of DekkoHubs have a visibility which means they can - or can't - see other users, protecting identity, even when files are shared.

Process mapping

DekkoHubs are a perfect proxy for business processes; separate teams, projects, engagements and workflows can be easily facilitated.

Military-grade security across every medium:

  • File sharing

  • eSignatures

  • Messaging

  • Meetings

File content and file names are protected by a multi-layered approach; documents are encrypted using the uploader's private key and an additional key that is unique to the file. As well as this, the file is signed using the uploader's private key when it is shared. Elliptic curve cryptography is used for asymmetric key management and AES256 is used for symmetric key management.

Transparent key management eliminates the need for manual encryption exchanges, fingerprint checks or file-level passwords.

Built on top of Dekko's file sharing capability, the document approval feature lets users request approval from one or many users without the file itself being processed in an unencrypted form by Dekko’s infrastructure. Approvers can add a signature, text, images and notes to documents, all of which are cryptographically secured and verified on-client. Approved documents can be checked externally using Dekko's document validator, which is done by a hash-check which does not expose any content from the Document to the Dekko system.

Transparent key management eliminates the need for manual encryption exchanges, fingerprint checks or file-level passwords.

Similarly to file sharing, mail and chat messages are protected by a multi-layered approach. Message subject, contents and attachments are encrypted using the sender's private key and an additional key that is unique to the message. As well as this, the message is signed using the uploader's private key. Elliptic curve cryptography is used for asymmetric key management and AES256 is used for symmetric key management.

Transparent key management eliminates the need for manual encryption exchanges, fingerprint checks or message passwords.

Dekko's meetings feature uses symmetric key encryption, based on a unique key that is generated when a user schedules a video conference. This key is passed to invitees via public key infrastructure, and is persistent until the meeting ends, or, rotated if an invitee is removed. This means that it is impossible for anyone who is not invited to join a meeting. Dekko Meetings is proudly the only video conferencing tool to feature both end-to-end encryption and with recording capability. Recording is performed on the host's device and saved in their file management for later review or sharing.

Transparent key management eliminates the need for manual encryption exchanges, fingerprint checks or meeting passwords.

Start collaborating with military-grade encryption

A secure file sharing journey on Dekko:

Below is a look in to how the Dekko platform secures a file sharing interaction on the DekkoGov and DekkoPro.

All Dekko communication mediums are secured using end-to-end encryption which is completely transparent to end-users.

Rego

Registration

When a Dekko user creates their account, an encryption key pair (public and private key) is generated on the client (the web app). The public key and a secured version of private key (encrypted using the user's password) are stored on Dekko's sovereign cloud.

2fa

Authentication

Dekko users are identified uniquely by their registered email address. Successful authentication requires a matching email, the correct password and (optionally) two-factor authentication. A correct password will retrieve and decrypt the user's private key which is kept in the user's browser storage until they log out. Support for Single Sign-On is also available.

upload-1

File upload

Files uploaded to Dekko are signed and encrypted using the uploader's private key. An additional encryption layer is also added using a unique key that is generated at the time of upload. TLS1.3 secures all traffic on top of file encryption.

encryption

File storage

Files are stored with zero knowledge, meaning there is no way Dekko Secure can access the user's files. This is made possible be the fact that we do not have access to the private key(s) which are used to encrypt them. Even if we walked in to our cloud data centre and took a hard drive out, we still couldn't read a user's files!

sharing

File sharing

Files shared with existing Dekko users are secured using end-to-end encryption by way of an asymmetric key exchange. File sharing with existing users is enforced on DekkoGov and optional on DekkoPro. If files are shared with an unregistered address, the file key is stored securely and then passed to the user when they complete registration - after this point, all future interactions are end-to-end encrypted.

download-2

File receipt

File sharing recipients are notified via email and must log in to their Dekko account to view or download anything that is shared with them. The recipient's private key is used to access file and the sender's public key is used to verify the file's integrity.

deletion

File deletion

When data (or accounts) are deleted, the keys for all data subject to deletion are erased. Following this, the encrypted data is overwritten with garbage data which is then deleted again.

When data security is critical, DekkoSecure is trusted by governments, enterprises and security experts across the globe:

Dekko has a very strong encryption focus, a user friendly gateway and we can send large files securely without breaching IT security rules. It replaced a very manual and time consuming process using PTP encryption and keys.

There are many solutions enabling quick data transfers, but they lack transparency and auditability. And they don’t have a security-first design. For us, auditability is the key feature with Dekko eSignatures, that others don’t allow for.

Dekko file sharing is a great asset for us - a must-have. Providing my clients with end to end security and audit trails is a key identifier. Within our organisation, we do have workarounds, but Dekko file sharing is push button easy to deploy & use.

Dekko has taken a global lead by perfecting their products through a comprehensive, independent testing program demonstrates clear confidence and commitment to delivering the best practice security products to the market.