logoalt Hacker News

VladVladikoffyesterday at 12:47 AM1 replyview on HN

I am working on hotel software. And we are doing an automated kiosk check in with identity scanning. I’m seriously stressed about holding on to this kind of toxic waste. I am trying to limit it as much as possible. For example throwing away scans as fast as possible (within regulatory allowances). But I would love to hear any ideas anyone has in terms of further security. Obviously the documents are not just on a public bucket. But I’m considering maybe encrypting each document with a separate key, or something along those lines.


Replies

ashley95yesterday at 1:27 AM

Encrypt the data with an asymmetric key; and keep the decryption key somewhere offline. You can get a hardware token to store the key on (I think a yubikey can do this).