This article explains the unique technology behind the “Tally on Browser” feature in that ensures a complete end-to-end security and privacy of your data.
Understanding HTTPS Communication:
It is important to understand how a HTTPS communication happens to understand the technology of Tally that allows the Tally on Browser feature.
When we look at HTTPS communication, which is typically between a browser and a ‘web server’, goes through different stages
Brower and web server agree on the TLS versions, cipher suits supported and so on, including the web server sending its SSL certificate to the browser.
The browser validates the certificate for its authenticity that it is talking to the right web server as intended. With this browser, knows that I am talking to whom I am supposed to! Tally’s Technology to Get Secure Browser Access of Your Data
A session is established using a pre-master key and later agreeing on the session keys to encrypt the communications. With this, a secure symmetric encryption is achieved between the browser and the web server
Application Layer communications
With the established session and security, application layer communication starts. i.e. asking for certain data to server and server responding with the data and so on. Tally’s Technology to Get Secure Browser Access of Your Data
(Steps to get a secure Browser Access of your data)
You connect Tally.ERP9 company to make it available for browser access
The Tally.ERP9 running on the desktop acts as a ‘HTTPS client’ and connect to the ‘Browser Proxy Service’ on the cloud. It is done using the above HTTPS based communication. The Tally establishes a dual channel communication (one for client’s requesting things to server, and other for the Server to respond back to client on events) Tally’s Technology to Get Secure Browser Access of Your Data
You open tallysolutions.com HTTPS Web server via any browser on any device and complete Tally.NET authentication
Here, Browser acting as a HTTPS client, talks to our systems to do authentication of Tally.NET Identity and post that, listing the companies that are accessible to the logged in user. Tally’s Technology to Get Secure Browser Access of Your Data
You ‘Select’ a company that is available online for access via browser
Browser acts as a HTTPS client. The browser establishes connection with the Browser Proxy Service. Tally’s Technology to Get Secure Browser Access of Your Data
This is where the interesting things happen. The browser does the initial handshake, authentication (as in the HTTPS stages above), with the ‘Browser Proxy Service’. Here, the browser being HTTPS client, and our Browser Proxy Service on cloud acting as a HTTPS web server.
With successful handshake and authentication and after validating the ‘user / company’ being accessed, the browser proxy service, short-circuit the connection with the browser and Tally.ERP9 (right instance which had the company data and the browser), itself acting as ‘Proxy’ as the name suggests.
With this, the further steps of session establishment and application layer communication happens between the browser and Tally.ERP9. Yes, here while browser continuous to acts as the ‘HTTPS client’, the Tally.ERP9 on the desktop, acts as the HTTS web server.
Making session establishment and providing REST protocol-based application communication to access various reports.
Why is your data ‘Secure’?
- Our Browser Proxy Service on Cloud only passes the encrypted request – response across browser and Tally.ERP9. It does not have access to unencrypted data. Giving you Tally Promise of your data security, that, even the creators of the software, which is us, do not have access to your data! Tally’s Technology to Get Secure Browser Access of Your Data
- While Tally.NET authentication (occasionally as per the session rules), happens with our backend systems, the Authorisation / access control of the reports / data access to any given Tally.NET user is in your hands at Tally.ERP9 client. Every request is validated against this and hence, at any moment, it is possible to stop giving access to a given Tally.NET user.
- You have complete control over things. i.e. when you want your data to be available over internet, when you want to disconnect it from being available online, who all can access at what point of time and so on.
Zero data is stored on the device from where browser access is done.