Ensure communication security through the introduction of next generation encryption systems and the highest strength encryption technology.
You can confirm that a website carries out encrypted communication by checking that:
the URL displays an image of a key
the URL displays "https://" rather than "http://"
You can clearly see the presence of an encrypted communication by clicking on the key symbol.
A firewall refers to the software and hardware used to protect networks and computers against attacks and unauthorized access from outside the network. The basic function of the firewall is to prevent unauthorized external access. When you use a firewall, you can limit the communication with the services running on the servers. For example, access to an organization's internal file sharing service can be limited to users inside the organization. By limiting access from the Internet, you can prevent unauthorized access to those services.
The log function records unauthorized HTTP communications detected through the inspection function and WAF activity. Generally, WAF logs are recorded in a file or database. There are two types of logs: The record of unauthorized HTTP communications and their handling, and the record of WAF activity and error information. From this record, it is possible to check the detection and number of handling events for unauthorized HTTP communications, and eliminate the effort involved in updating detection patterns.
Each user in iMove has a unique account with a verified email address, and protected with a password, which are validated against password policies and stored securely using a strong hashing algorithm with unique salt for every password.
Two-step authentication function can be set by e-mail address through Google Authenticator, an authentication application. For normal services, you can only login using an authenticated ID and password. However, when connected to the internet, this service can be accessed from anywhere. This is because such security may be breached when ID and password pairs are stolen, or a malicious third party obtains the ID and runs a brute force or dictionary attack to forcibly login. This is why, in addition to the original ID and password, another set of numbers known as an authentication code is entered. Thus, strengthening the security. Reason being, the authentication code changes over time, as well as whenever a login occurs. Even if a malicious third party steals the ID and password, obtaining access will be more difficult.
From the moment you enter your account and password, all your important information will be encrypted, including personal info, card info and so on. Even if your gateway is not secure, your account and transactions will be secure.
Our servers reside in secure cages under 24/7 surveillance by armed guards and video monitors. Physical access and code deployment are strictly controlled. Nothing ships without intensive review.
We have an expert team dedicated to testing our own systems via every imaginable attack vector. Additionally, we run a bug bounty program to leverage the expertise of the broader security research community.
iMove uses operating systems based and custom integrity check services in order to ensure the integrity of all critical files and system objects. A quick response to any potential unauthorized changes to the system helps assure that our customers are using authentic iMove application services.
An in-depth Application Security Life Cycle process is fully integrated into iMove’s Software Development Life Cycle (SDLC), including:
Defined in-house security requirements and policies, and well-known security best practices applied in every stage of the lifecycle.
Security review of architectures, design of features, and solutions.
Iterative manual and automated (using static code analyzers) source code review for security weaknesses, vulnerabilities, and code quality, and providing of sufficient advice and guidance to the development team.
Regular manual assessment and dynamic scanning of pre-production environment.
Security trainings conducted for IT teams according to their respective job roles.
Regular Updates and Patch Management to effectively circumvent the version with zero-day attack.
24 hours automatic detection and manual detection, to protect our website can run normally.
To protect our customers’ funds, 95% of all deposits are stored in offline, air-gapped, geographically distributed cold wallet which is protected by several physical locks as well as a robust 24-hour surveillance system. We keep full reserves so that you can always withdraw immediately on demand.
Multi-sig is the latest in Bitcoin security measures designed to ensure that your Bitcoin transactions are safe. Unlike a typical Bitcoin address, multi-sig Bitcoin addresses require two or more separate signatures to send Bitcoin. The number of signatures required is represented as a proportion of the total number of possible signatures - for example, 2 out of 3 means that 2 signatures are required out of 3 possible signatures before Bitcoin can be sent.
Multisig allows for extremely secure wallets, as even if a private key is leaked or hacked, unless all keys required have been compromised, no coins can be released from the wallet. It is extraordinarily difficult for an attacker to penetrate 2 or more highly secure platforms within a short period of time.
Storing one of the required addresses in a location that is not connected to the internet provides an even further level of protection and security.