RemoteSpark's Security Infrastructure | Kognitiv Spark

Security and Augmented Reality

While Augmented Reality tools present enterprise organizations with unique opportunities, they also present new challenges. The hardware needed to run MR and AR apps requires either cameras, spatial computing sensors, or both.

For industries that operate in security sensitive environments, ensuring MR and AR tools have robust and complete security infrastructure is critical.

worker using RemoteSpark with HoloLens

RemoteSpark’s Security Architecture

RemoteSpark, the industrial AR tool for repair and maintenance, was designed for use in data-conscious industries like defence and energy production. The platform’s security architecture can be divided into two categories.




RemoteSpark Client Layers of Security

It’s recommended that the Windows 10 PC/HoloLens hosting the RemoteSpark Client has BitLocker enabled to enforce full-disk encryption.

It’s recommended that the device requires authentication by Azure Active Directory (AAD) or Active Directory (AD) account. Two-factor authentication can be enforced, as well as organizational password polices. To authenticate into the RemoteSpark application, an AAD or RemoteSpark account is also required. Windows Hello support will be offered for HoloLens 2 devices.

The RemoteSpark Client Application is verified by Microsoft for security and quality issues before being available in the Microsoft Store.

Kognitiv Spark has taken further measures to harden the binary executable against unauthorized modifications and will not execute if changes to the binary are detected. Unauthorized activity will create a notification to the current user and Kognitiv Spark.

All network activity between the client, server, and peer to peer (video calls) are always encrypted.

RemoteSpark Server Security Architecture

The RemoteSpark Server system runs either in the Microsoft Azure Cloud or a sub-set of the system can be run on the customer’s premise using Azure Stack or Windows Server. Azure has over 70 security certifications.

The system is protected by the layers of Azure Firewalls and other network protection systems. Activity is logged for security and performance monitoring. When defined thresholds are reached, Kognitiv Spark is alerted of the anomaly and action initiated. When running on Azure Stack, the logging and alerts will need to be designed and monitored by the customer’s on-premise staff.

The RemoteSpark Server Services is a collection of application tiers developed by Kognitiv Spark to support the RemoteSpark Client. Developers do not have access to production systems.

All content stored and generated by RemoteSpark is stored on Azure Storage and is encrypted at rest and transmitted via TLS. The files are encrypted with 256-bit AES and the service is FIPS 140 – 2 compliant.

The data storage used by RemoteSpark is encrypted at rest. Only the RemoteSpark Server can access the data on behalf of the client and it has no access to the public Internet.

These servers facilitate the audio/video call. They help determine if the video call can be directly connected between two peers or needs to be relayed through the TURN server. 90% of all video calls are connected directly and the video and audio do not go through any Microsoft or Kognitiv Spark servers. When a call requires a TURN server, the video signal is not stored at any time and the encryption/decryption keys are not accessible by the TURN server, so the TURN server is only a relay of encrypted data.

RemoteSpark Server Security Architecture

The RemoteSpark Server system runs either in the Microsoft Azure Cloud or a sub-set of the system can be run on the customer’s premise using Azure Stack or Windows Server. Azure has over 70 security certifications.

The system is protected by the layers of Azure Firewalls and other network protection systems. Activity is logged for security and performance monitoring. When defined thresholds are reached, Kognitiv Spark is alerted of the anomaly and action initiated. When running on Azure Stack, the logging and alerts will need to be designed and monitored by the customer’s on-premise staff.

The RemoteSpark Server Services is a collection of application tiers developed by Kognitiv Spark to support the RemoteSpark Client. Developers do not have access to production systems.

All content stored and generated by RemoteSpark is stored on Azure Storage and is encrypted at rest and transmitted via TLS. The files are encrypted with 256-bit AES and the service is FIPS 140 – 2 compliant.

The data storage used by RemoteSpark is encrypted at rest. Only the RemoteSpark Server can access the data on behalf of the client and it has no access to the public Internet.

These servers facilitate the audio/video call. They help determine if the video call can be directly connected between two peers or needs to be relayed through the TURN server. 90% of all video calls are connected directly and the video and audio do not go through any Microsoft or Kognitiv Spark servers. When a call requires a TURN server, the video signal is not stored at any time and the encryption/decryption keys are not accessible by the TURN server, so the TURN server is only a relay of encrypted data.

KeyVault is a service that stores our application secrets. Microsoft does not have access to our secrets. KeyVault uses nCipher nShield which is a leading global provider of data encryption and cyber security solutions to the financial services, government, and technology sectors. With a 40-year track record of protecting corporate and government information, nCipher Security cryptographic solutions are used by four of the five largest energy and aerospace companies. Their solutions are also used by 22 NATO countries/regions, and secure more than 80 per cent of worldwide payment transactions. The HSM units are FIPS 140-2 Level 2 validated.

We take your data seriously

We’re the most secure and reliable augmented reality tool for remote worker support on the market. Download the above details as a pdf for future vetting.

Let’s talk

Do you need a remote support solution that prioritizes the protection of your sensitive data? Contact our team today to get started with RemoteSpark.

Get in touch