Welcome to WorldWideOCR.com - Online Copyright Registration made simple!




Banner



 

Login

Date: Monday, February 27, 2017
Time: 11:07:10 AM G.M.T.  
Start today! Join Today





Translate this page...

Chinese? Japanese? Traduzca esta página al español? Traduisez cette page au Français? Traduca questa pagina ad italiano? Übersetzen Sie diese Seite zum Deutschen? Russian?




Print this Page
Main Menu

Home
Membership Options
How it Works
Why Join?
FAQ's
Testimonials
Copyright FAQ's
Links
Contact Us
Tell-a-Friend

We accept...
Click here to join now!













WorldWideOCR Security Policy




Protect your Copyrights Online in Minutes! Click Here To Register .



More questions? Contact us    Toll free North America 1-877-706-2766
view privacy policyview termsback

WorldWideOCR's data and system security
At WorldWideOCR, providing fast, reliable and secure transaction and payment processing services is our number one priority. The protection and privacy of data residing on our systems is of utmost importance in meeting this commitment. To assist in understanding how WorldWideOCR safeguards its systems and data, we have outlined our security practices in the sections that follow. These security practices are based, in part, on the ANSI Information Security for Financial Organizations Guidelines, X9/TG-5 (1992) and the ISO/TR 13569 Banking and Financial Services Information Security Guidelines, Second Edition. Security practices are segmented into three primary disciplines, each of which provides a critical component in the overall security of WorldWideOCR networks, systems and services.

Systems security protects software and processing applications by allowing access only to authenticated users. Network security guards against unauthorized access to network components and provides secure transmissions across the network. Physical security restricts physical access to network and systems hardware, processing applications and transaction data.

Browser and Communication Security
WorldWideOCR uses enterprise web server software that is among the very best and most secure Internet software available. Using any browser or communications technology with Secure Socket Layer (SSL) encryption, all information (including credit card numbers, names, addresses and telephone numbers) sent to the WorldWideOCR servers is encrypted so that private information cannot be read by anyone except WorldWideOCR. The SSL protocol ensures user confidentiality, provides client and server authentication mechanisms and protects against the possibility of data being modified in-transit by a third-party.

Member Authentication
All communication between the member and the WorldWideOCR servers is done via secure connections using high grade SSL security. This security verifies that if the transaction data is intercepted, it cannot be read by anyone other than the member and WorldWideOCR. The identity of each member is automatically authenticated so that unauthorized third-parties cannot assume the member’s identity and process transactions. Each transaction request is logged and the source of each transaction is verified before the request is processed.

Encryption
WorldWideOCR utilizes industry standard encryption technologies to protect data traveling across WorldWideOCR’s networks and stores all sensitive transaction data in an encrypted format.

All service requests sent to WorldWideOCR systems must use the Secure Socket Layer (SSL) encryption format. SSL is the universally accepted protocol for authenticated and encrypted communication between World Wide Web (WWW) client and servers, and for back end server-to-server communications. Any buyer or seller using a web browser that supports SSL encryption (Netscape V1.2 or later, Internet Explorer v1.0 or later, or AOL v3.0 or later) can be assured that any information sent to WorldWideOCR will remain securely encrypted and confidential while in transit to WorldWideOCR.

All sensitive transaction data, such as credit card numbers and bank account numbers, are securely encrypted on WorldWideOCR’s systems using multiple stage, 128-bit private key encryption. Passwords and access control data are encrypted using 128-bit private key encryption. Any log files containing sensitive data and all data sent between applications is encrypted using proprietary cryptography techniques.

All of these encryption techniques, when used together, assist in securing the confidential transaction information as it travels through and resides on WorldWideOCR systems.

Firewalls and Access Control Lists (ACLs)
The secure firewall environment is provided by redundant Cisco 7200 series routers and PIX firewalls located within the Digital Island data centers. Additionally, the data centers maintain router based Access Control Lists (ACLs) for all equipment. ACLs permit or deny the passage of data packets through a router by examining the source Internet Protocol (IP) address, the source transport layer port, the destination IP address and the destination transport layer port. Transport layer ports identify services on a system and are synonymous with well-known ports and sockets.

The ACLs also ensure that only WorldWideOCR members have access to the WorldWideOCR services by blocking data packets sent from other unknown sources. Member transactions must originate from a pre-specified, authorized IP address in order to gain access to the system. This packet level protection of services also protects WorldWideOCR systems from Denial of Service (DoS) attacks and is the first line of defense against unauthorized system users.

Digital Product Delivery Security
WorldWideOCR offers a service for real-time delivery of digital content once a payment transaction has been approved for a member. All members' works are transferred onto WorldWideOCR systems using a password restricted Secure Hypertext Transfer Protocol (HTTPS) upload utility with Secure Socket Layer (SSL) encryption. Members' archived SEAL™ Files reside on securely protected systems without remote accessibility to Internet users with web browsers or File Transfer Protocol (FTP) applications.

user access control
Members are only able to access the WorldWideOCR Members' system only through a secure SSL browser connection. A secure digital certificate is in place to verify the identity of the WorldWideOCR server.

Access by WorldWideOCR member support employees is restricted to a “need to know” basis only. Administrative security measures are used to control accessibility, monitor systems and detect suspicious activities.

Access Logs
The WorldWideOCR system automatically tracks and logs changes made by system users through a uniquely assigned User ID and through the IP address of the connection made by the member. The following system logging procedures are employed by WorldWideOCR:

Every request to the WorldWideOCR system is logged and in the event an error occurs, the entire request is securely archived for operator review.

Every transaction sent to a third-party payment processor is uniquely identified and logged.

Communication with the third-party payment processor is logged by the payment application.

All transaction information is archived and can only be retrieved by authorized WorldWideOCR personnel or by members through a secure administration system that logs every action taken by a system user.

The time, date, and IP address of every request is archived along with the transaction information.

All access to transaction data is logged by user ID, date, time, and the type of information viewed.

System generated errors are logged and reviewed by WorldWideOCR personnel. Severe errors may trigger an alert to on-call WorldWideOCR technicians and system operators.

WorldWideOCR system logs are stored on a secure network inside the WorldWideOCR system.

Data Integrity
WorldWideOCR strives to protect data at every step in the transaction process, ensuring that errors do not result in corrupted or lost data. Database applications are mirrored and checked for accuracy and integrity on a regular basis. Any database problems generate exceptions that are monitored and checked by WorldWideOCR system operators.

WorldWideOCR networks and systems are designed specifically to protect against unauthorized changes in configuration or data. For all applications, revision control is used to ensure a change history that can be logged and reviewed. All system development is performed on off-site servers only, and is transferred to a production environment only after passing quality assurance testing procedures.

All traffic passing through the WorldWideOCR systems is logged and recorded in GMT time. Data center management applications have the capability of seeing down to the network transaction level to review the source/destination and IP/port pairs and report for non-repudiation and possible intrusion. Non-repudiation protects against a person denying later that a communication or transaction took place as recorded.

Network Security
The data centers network security systems ensure accurate and reliable transactions by guarding against unauthorized access to networks and network related components. Digital Island network engineers implement only best practices approaches to network authentication, authorization, administration and control.

Access control lists (ACLs) are used to permit or deny the passage of data packets through the routers by examining the source Internet Protocol (IP) address, the source transport layer port, the destination IP address, the destination transport layer port, or any combination of these items. Both routers and front-end servers are configured to accept data packets using only the Hypertext Transport Protocol with Secure Socket Layer (SSL) security (HTTPS). Any ACL violations are logged to a centrally administered server and may trigger an alert for operations personnel to investigate and resolve. The ACL logging helps identify security issues and assists in the analysis of a security event.

Additionally, WorldWideOCR controls administrative access to systems and software for only authenticated users with proper identification. Remote access authentication is accomplished through a select group of trusted authentication applications, including Secure Shell (SSH), pcAnywhere with RSA encryption, and Kerbertized telnet. SSH authenticates users with public key authentication, pcAnywhere uses symmetric key encryption, and Kerberos is a private key authentication system. Programs using cleartext logging and passwords do not provide strong authentication and are disabled on all systems as a standard practice.

A variety of network features and watchdog programs also protect the network and system servers against intrusive attacks and denial of service (DoS) attacks. A DoS attack is an attempt by an outside party connecting to a system in rapid succession with the intent of exhausting system resources until it can no longer provide service.

WorldWideOCR strives to keep all systems up-to-date by installing the latest security patches and updates. Anti-virus software is used to scan applications on all production servers. Digital Island routinely conducts a series of remote attacks and intrusive maneuvers designed to evaluate the security of systems within the networking environment. These attacks focus on improperly configured applications, networks and operating system weaknesses.

Physical Security
Physical security refers to the control of physical access to facilities, networks and systems and is an essential part of WorldWideOCR’s overall security infrastructure. Security in place at AssureBuy’s leased data center includes the monitoring of all physical access to the facility, including the use of video surveillance, motion detectors, controlled access via a card-key entry system and on-site security personnel present 24 hours a day, 7 days a week.

All visitors to the data center are required to pre-register and must present appropriate credentials and a photo ID to gain access into the facility. Once inside the facility, access to actual systems is controlled by locked network cabinets and caged areas, locked patch panels, restricted access with card-key entry, and secure console port access.

Physical access records are kept to account for access to all systems by both data center personnel and visitors. These records can account for the movement of personnel during the event of a security incident. Additionally, maintenance records are kept on all data center systems, including power supplies, backup generators, cooling systems and fire suppression systems.

Back to top

 
home press privacy security terms contact us faq's
©2003-2017 World Wide Online Creator's Registry Inc. all rights reserved.