DS-Client to DS System authentication

To prevent unauthorized access to the DS System, several protection layers are implemented on the DS System computer to ensure that only authorized computers are able to gain access to DS System storage. Those protection layers can be divided into following categories.

Network access layer

1. Outside connections can only be initiated on a separate network interface with the TCP/IP protocol.
2. The only TCP and UDP ports enabled are those used by the DS System and DS Client services.
3. The incoming DS Client connection's IP address (or range) is validated against the DS Client profile (optional).

Configuration layer

1. The DS Client must pass valid customer account and DS Client account numbers to the DS System.

Registration layer

1. The DS Client performs an automated, one time registration with the DS System (if "Requires Registration" is selected).
   • The registration is performed automatically on the first DS Client connection to the DS System.
   • If re-registration is required, a registration request must be explicitly enabled by the DS System operator at the request of the DS Client user.
2. The registration process passes information constructed from the DS Client computer's hardware and system on every connection request.
   • Once a DS Client is registered, the DS System can optionally validate DS Client registration information for every subsequent connection attempt. Registration validation provides a high level of confidence that the DS Client computer attempting to connect is the same computer that performed the registration.
3. The DS Client registration validation will fail in the following circumstances:
   • If you reinstall the operating system of the DS Client computer.
   • If you install the DS Client on a different computer.
   • If you boot a different operating system on the DS Client computer (if you have a dual boot machine).
   • If you change hardware components like the system hard drive or network card.

Encryption authentication layer

1. The registration process also saves encryption key cookies (meaningless data encrypted with DS Client keys that are passed on every connection request) that the DS System validates on each connection attempt. This prevents a DS Client from connecting to the DS System with changed or corrupted encryption keys.

Additional conditions for connection request failure

1. Customer Account or DS Client does not have 'active' status.
2. DS System shutdown is in progress.
3. DS System activities are disabled.
4. DS Client Service period violation (service period expired).
5. Account Key required and not configured for customers with multiple DS Clients.