Ultra-secure encrypted chat, communications and file sharing for mission teams in forward operating locations

Special operations and mission oriented support teams are at the frontlines, dealing with rapidly changing situations on the ground. Ensuring secure and reliable digital text based communications with team members, allies and command structure is critical to executing most operations. Many mission teams resort to low-grade technology like SMS or consumer messaging apps because it’s quick and easy to use - not to mention available on low-end mobile devices and in low-bandwidth environments. However, reliance on SMS or consumer grade messaging applications not only opens up cyber risk, but puts the safety of personnel on the line by exposing operational intelligence.

Talk to a Specialist

Hyper-secure chat “team” that operates like popular consumer messaging apps

HighSide gives mission teams the ability to instantly launch a hyper-secure chat “team” that operates like popular consumer messaging apps but delivers centralized control & security. Users can easily message any member of the team, share pictures or files to individuals or groups or do real-time voice & video calls. HighSide secures everything through a revolutionary distributed E2E encryption protocol where each app install generates cryptographically unique encryption keys and manages all encryption & decryption activity.

Learn more about HighSide’s Encryption & Authentication Protocol

Cryptographically unique encryption keys & low-bandwidth encryption support

Unlike other popular consumer encrypted messaging platforms, keys are not exposed via SMS or shared across unsecure communications channels. HighSide’s distributed private root of trust model ensures no one can intercept or spoof a user's keys, eliminating “eavesdropping” risks. Designed on a bit-torrent style data transfer framework, HighSide supports extremely poor connectivity environments and ensures all messages, pictures, files, and communications are securely and reliably delivered.

Decentralized Cryptography, Centralized Control

Unlike other popular messaging apps, the mission team can control who is allowed into the environment, and has complete authority to revoke encryption keys, suspend access, define acceptable geographical boundaries for usage, and more. Lastly, all event and message data can be archived for compliance and e-discovery requirements - but also, message and data retention periods are flexible down to minutes or up to centuries and can be easily set to meet with the mission requirements.

Designed for Mission Specs

High Availability in Low Bandwidth

No matter the mission, HighSide’s cloud delivers high availability E2E encrypted communications in low-bandwidth environments. Whether working on a compromised wi-fi network or an unreliable 3G network, HighSide offers a seamless user experience allowing teams to share and communicate securely.

Android & iOS Apps for Easy Use

With native mobile apps that feel like the consumer-grade experiences users are familiar with, HighSide ensures that everyone can engage no matter their experience.

On-App «Evasive» Cryptography

HighSide’s FIPS 140-2 validated on-app encryption packages data and sends ciphertext over unencrypted channels, evading detection in operating locations where traditional PKI based encrypted traffic is blocked.

Complete Visibility & Control

Not only is HighSide easy to use, but mission teams have full control over the environment down to granular access controls, geographic lock-outs and time based restrictions. Complete event & message history is available through the built-in compliance manager.

Secure text, voice, video, and file transfer communications with individuals, organizational groups, functional groups, and individually created groups, across all device types and operational in all network environments.

Powered by the HighSide distributed Encryption & Authentication Protocol, HEAP, the HighSide app provides an integrated user experience for collaboration, file sharing, voice & video calling as well as meetings & screen share. HighSide’s true e-2-e encrypted collaboration platform supports engagement between individuals, teams, suppliers and third party users across all device types (Windows, Mac, Ubuntu, Android, iOS). With no reliance on public key infrastructure or certification authorities, HighSide’s E2E encrypted system can operate across any network (with ciphertext masquerading as “in-the-clear” traffic) delivering chat, files, or voice & video calls to authorized user devices anywhere in the world.

Designed on a bit-torrent style data transfer framework, HighSide supports extremely poor connectivity environments and ensures all messages, pictures, files, and communications are securely and reliably delivered.

Centralized provisioning and admin controls, as well as authorized user self-provisioning.

Unlike other popular messaging apps, the admin team can control who is allowed into the environment (provisioning), and has complete authority to revoke encryption keys (de-provisioning), suspend access, define acceptable geographical boundaries for usage, control device (by type or specific device) authorizations and more. mission requirements.

HighSide’s user management system allows for managed provisioning (admin invited), automated provisioning (integration driven invite), and user invitation (if the user is a member of a security group that is authorized to invite new users).

HighSide sync’s with Microsoft’s Active Directory and Azure AD services to support automated provisioning & de-provisioning of users. Accounting for the possibility of an AD compromise, HighSide’s servers will automatically “sign” users that have been provisioned with the AD integration if the server is unreachable, compromised, or the connection was manually severed.

Secure E2E encrypted, peer-to-peer and group audio, video, and screenshare conferencing.

Encrypted voice and video calls allow E2E encrypted one-on-one conversations and team discussions to take place in a secure environment. HighSide’s app connects users within the team, and the extended “join-in-browser” functionality allows for external users to participate in scheduled voice, video and screen sharing meetings from a desktop or mobile browser.

Additionally, users can set up “never-ending” video calls within channels that users can join and leave whenever they need (or want) to connect with their colleagues – think about this as a virtual water cooler.

True End-to-end encryption (E2EE)

All features & functionality of HighSide are E2E encrypted.

HighSide’s distributed Encryption & Authentication Protocol (HEAP) is a cross-app protocol which allows for users to enjoy the benefits of confidentiality and integrity in all aspects of HighSide’s collaboration application. HEAP’s strength lies in the way that it distributes encryption keys and manages identity away from centralized stores, many of which rely on traditional Public Key Infrastructure (PKI). With HighSide, every user is their own root of trust, whose encryption keys are then associated with teams of users by invitation. This ensures users’ private keys never traverse an untrusted network and that only public keys are shared out when needed.

With HighSide’s decentralized Encryption & Authentication Protocol (HEAP), a user’s private keys are used to create per-session authentication integrity as well as per-message ephemeral encryption keys. This dual-use of encryption keys makes it very difficult for even the most-sophisticated adversaries to insert themselves into communications channels and nearly impossible to gain access to messages, files and authentication tokens sent through the HighSide system.

Optionally segregated communications between “Internal” and “External” user communities.

Within a HighSide “team” (or tenant) can be used, HighSide offers native support for external “guest” users, with integrated flagging and visual elements across channels and direct messages / chats to indicate an external user is present. Closed and private channels enable internal teams to collaborate on sensitive projects while also allowing for external users to participate in discussions pertinent to their roles (through invitation or access settings that allow for the joining of open channels). Users have access to various channels depending on their security group settings – but only users in the HighSide app have access to channels regardless of settings.

Additionally, new “teams” (tenants) can be established to support completely segmented communication groups. Each “team” (tenant) is fully independent of each other, with every user generating unique keys for each team they are a member of. The HighSide app supports hundreds of concurrent “teams” and users can easily switch between them, receive notifications from an “inactive” team and more – but NO cross-communication is possible between teams as each user’s keys are independently associated with a team / tenant.

Optional location sharing with individuals and groups.

HighSide allows users to securely share their coordinates via the app. Just as with all activities within the HighSide application, location messages / sharing (either in direct messages or in channels / group messages) is E2E encrypted.

Additionally, the compliance suite (if enabled) can capture the location of all users when they interact with the system for audit & compliance purposes.

HIPAA and PII compliant enables Casualty Evacuation (CASEVAC) messages, and real-time information exchanges with medical providers in a crisis.

HighSide is a HIPAA compliant application. HighSide is currently used by numerous medical organizations to send PII, PHI and other protected information to providers, practitioners, and other relevant parties.

Ensure interoperability with basic intelligence file and text chat systems by using interface standards such as IRC, XMPP, Cursor on Target (CoT), and WebRTC.

HighSide has a native integration capability for interoperability with other platforms – all data ingested into HighSide via an integration is E2E encrypted.

Quantum Resistance Capability

HighSide’s encryption system far exceeds the acceptable standards of AES-256 as quantum resistant.

Each message is encrypted then HMAC’d with a randomly generated unique 256 bit key using AES-CTR, hereafter the AESEphemKey”. Then, for every participant who must receive the message, the AESEphemKey is encrypted with the participant’s 512 bit secp256k1 elliptic curve public key and that encrypted AESEphemKey is added to the top of the ciphertext as a header. The whole thing is signed using ECDSA-SHA256, and then the information is sent to the server and relayed to the receiving clients. Each receiving client checks the signature, finds their header, decrypts the AESEphemKey using their private key, and then decrypts the main ciphertext using this AESEphemKey. Sending files works similarly except that files are split, compressed, encrypted, and sent in pieces to speed things up. Key authentication is taken care of by an admin in your team; if users trust the admin then they do not need to all verify each other’s keys. As soon as an admin removes a user from the team, they no longer have access to any data, user communications, or files previously shared - additionally, any authentication brokered via HighSide MFA is immediately terminated.

Support for on-premises deployments and FedRAMP cloud hosting

On-Prem, Public SaaS (w/ regional data residency options), and FedRAMP SaaS are available deployment options.

Mission team identity protection through alias accounts and push-button purging of data associated upon completion of travel/event.

The concept of an alias account is central to how HighSide’s user control system works. All user accounts are tied to a device and not to a specific user name or user ID. Active Directory integration or the HighSide user management portal adds name / alias information to the private key record. HighSide admins can quickly provide alias accounts to users with specific mission requirements via manual provisioning. Users generate keys on the initial device and can then add more devices to the same “alias” account. Since HighSide accounts are tied to device and not a user, alias accounts are controlled by the admin(s) and can have their keys suspended or deactivated (which effectively remote wipes all HighSide and customer data from the device).

Additionally, an admin can archive a channel / room / drive when the mission is over ensuring the data is unavailable ever again.

Approved for limited Controlled Unclassified Information (CUI) Category of CTI (Controlled Technical Information) based on FEDRAMP PA at IL2-IL4 with other compensatory controls

HighSide’s FedRAMP and DoD isolated computing environment is hosted by SAP NS2 and is in process to be certified at FedRAMP Moderate and DoD IL-4 with the ability to add additional compensatory controls to achieve FedRAMP High and DoD IL-5.

Multi-factor Authentication (MFA) support

HighSide offers native support for multiple MFA tools including but not limited to: device biometrics, pin codes, authenticator apps (i.e. google authenticator) and / or SMS code verification.

Transform your business, enhance data security, and meet compliance requirements

Book a Demo