Notes on HCAI Security
From SmartWiki
1. Requests can only originate from SmartSimple Server and can only be triggered by user.
2. The form data is not posted to external environment directly, instead a ticket with minimal information is sent (for performance consideration as well as security considerations).
3. The form data is encrypted by a private key and transmission is encrypted by SSL.
4. NO privacy data is stored in SmartSimple HCAI gateway server, this server only stores ticket information and responses from HCAI.
5. A snap–shot of data sent to HCAI is always stored locally in the specific instance of SmartSimple for audit purposes.