Secure web transactions system

Size: px
Start display at page:

Download "Secure web transactions system"

Transcription

1 Secure web transactions system TRUSTED WEB SECURITY MODEL Recently, as the generally accepted model in Internet application development, three-tier or multi-tier applications are used. Moreover, new trends show that most of these applications are web-based applications. In this sense, a typical three-tier web Internet application, see Fig. 1, consists of clients, web server and database server. In this model, client is always an Internet browser program and web server could be web server only or a combination of the web and application server. Client 1... Internet WEB server Application server Database server Client n WEB/Application server Figure 1: A simplified block diagram of the typical web Internet three-tier application architecture Security mechanisms in this architecture consist of two segments: Security segment for communication security between client and web server, Security segment for communication and access protection between web/application server and database server. Security part between client and server is realized by implementing security mechanisms on application and transport layers in the Secure Web Transaction (SWT) environment. Security solution for communication security between web/application server and database server is realized by using Cryptographic Proxy Gateways (CPG) as proprietary application level security gateway firewall with two Ethernet interfaces. CPG should be used as the last defense in front of data sensitive financial database server. If the system uses both WEB and application servers, CPG should be placed between the application and database server. Modern security trends request the application of the proprietary firewalls that offer greater level of security, instead of standard commercial ones, for this purpose.

2 2 SECURE WEB TRANSACTION SYSTEM Secure WEB transaction system (SWT) is designed to cryptographically enhance any WEB server to browser communication by implementing originally developed cryptographic functions. SWT is a NetSeT s proprietary system which is, in the transport level part, similar to the standardized and widely used SSL protocol. However, SWT system has four main advantages compared to SSL protocol: SWT system includes data protection on the application level based on asymmetric (e.g. RSA with 1024 bits key length) and symmetric cryptographic algorithms, SWT includes a proprietary server-browser authentication procedure, stronger than the one applied in SSL, for establishing cryptographic tunneling, SWT includes originally developed symmetric cryptographic algorithms for data protection on transport level with encryption key length ( 256 bits) larger than the keys used in SSL protocol (40 or 128 bits key length). SWT system also offers three possible options for symmetric cryptographic algorithms: public algorithms (DES, 3DES, RC2, RC4, IDEA, AES), proprietary SCA-13 NetSeT s algorithm with very long non-linear pseudorandom noise sequence (>> ), and user s defined symmetric algorithm, SWT system is fully verifiable on the source code level. Additionally, SWT system is associated with smart card readers both on the client s and server s side and has also implemented the originally developed user strong authentication procedure. Client parts of SWT system are designed both for Windows and Linux-based operating systems. In the SWT system, a combination of the cryptographic tunnel on the transport level and application level protection based on symmetrical and asymmetrical cryptographic algorithms is used, see Fig. 2. In this sense, SWT system consists of the transport SWT module and application SWT module. NetSeT 's SWT system for secure WEB communication is scalable and could consist of the following solution categories: A system based on the SWT smart card based application level protection and open (unsecured) transport level communication, A system based on the SWT smart card based application level protection and SSL security protocol on transport level based on digital certificates generated by NetSeT s Certification Authority system, A system based on the SWT application and transport level protection on the basis of smart cards completely provided by NetSeT the complete SWT system.

3 3 Application Application SWT module Network Transport SWT module TCP/IP Figure 2: SWT system s stack TRANSPORT SWT MODULE This module is based on proprietary cryptographic proxy components for both on the client and server side. By applying these components, a protected communication channel cryptographic tunnel based on symmetrical cryptographic algorithm is established. This tunnel is established only if the proprietary bilateral strong authentication procedure between client and server is successfully realized. This challenge-response authentication procedure is cryptographically stronger than the one used in SSL protocol and it is based on symmetrical and asymmetrical cryptographic algorithms, two session keys and X.509 digital certificates for both client and server. HTTP AUTHENTICATION SERVER Transport SWT module is a basis of the HTTP authentication server with the following main features: Transport SWT module could be used for protection of the WEB/application server used for specific business application, HTTP authentication server used proprietary protocol for communication with clients on the top of the HTTP protocol, Direct access to the WEB server is forbidden for outside world and only HTTP authentication server has a connection to the WEB business server, Accordingly, access to the WEB server is forbidden for all users except the ones that have special gateway HTTP proxy client, HTTP proxy client and HTTP authentication server are based on smart cards and strong authentication procedures between client and server,

4 4 HTTP authentication server, for the purpose of the user certificate validation, uses the CRL published on the LDAP server or Active Directory server. APPLICATION SWT MODULE This module is used for realization of two main functions: User strong authentication based on PKI bilateral challenge-response procedure, End-to-end security on the application level based on digital signature and digital envelope technologies using asymmetrical and symmetrical cryptographic algorithms. This module realizes functions for digital signature of the application data (providing authenticity, integrity protection and non-repudiation) and encryption (providing confidentiality protection). Namely, NetSeT s cryptographic application programming interface (API) is a set of the asymmetric and symmetric cryptographic functions which could be implemented in any of the user s applications, designed for Windows 98/NT/2000/XP and Linux platforms. This set consists of the following main functions: Digital signature (RSA algorithm with a key 1024 bits), Verification of the digital signature, Encryption (use of standard, NetSeT s proprietary or user s defined symmetric algorithms), Decryption, Communication with smart card reader with implemented authentication functionality, User s authentication. These API functions are fully compatible with existing de facto standards PKCS (Public Key Cryptographic Standards), such as: PKCS#1, PKCS#7 and PKCS#11. Besides the user strong authentication functions mostly implemented in the WEB server environment or in front of the WEB server (HTTP authentication server), application level security mechanisms enable end-to-end security between the client and application server that is mostly located in a domain behind the web server (it is located on application server or even directly on the database server). On the other side, SSL protocol provides security only between the client and web server, and all the data running over the internal network (behind the WEB server) is in clear. The SWT application level security module is realized as an ActiveX component or JAVA applet both for the client and server side. In fact, client modules are mostly ActiveX components (since Windows clients are prevalent) while servers sides are ActiveX for Windows or JAVA servlet for JAVA environments. These components are installed on the client side; they are integrated into the html pages and activated through client s Internet browser program.

5 5 Two working modes are possible, regarding the type of the application. Namely, it is possible to protect data in the interactive communication between client and server (on-line) or protection of data or files could be provided in advance (prepared signed and encrypted files) through some off-line cryptographic procedure. Both on-line and off-line procedure use the same ActiveX (or JAVA applet), but in the different environment (on-line is used through Internet browser program and off-line is used through some specialized off-line cryptographic application). The components of the SWT system are based on a modular structure and both of them have an application and transport SWT module. The main difference between the two SWT components is in the server and client s local application interface (SWAL Secure Web Application Link) that has a purpose of integrating these components into the WEB application. SWAL module enables WEB applications the use of the set of cryptographic API functions, necessary for the application level protection. In order to additionally improve the functionality and overall security of the server side of the SWT system, a PCI card-based crypotgraphic coprocessor solution, called NST2000, is to be implemented. The hardware security modules, realized as coprocessors, represent strong points of the modern security solutions for the computer networks. The existence of hardware security modules is ultimate for design of the computer network system with high performance and high level of the security. In that case, the encryption algorithms and the other security related functions (e.g. access control functions) are securely executed on the hardware element and sensitive data are never loaded on the user s computer memory. Without these modules, it would not be possible to achieve the trusted aplication concept with a full control of the system access and resistant to the Trojan Horse attacks. It is proven that PC operating systems and other system software components have some security drawbacks, and this is especially critical for the software-only cryptographic tools. CPG AS THE APPLICATION LEVEL FIREWALL IN THE TRUSTED WEB SECURITY MODEL In the trusted WEB security model, CPG is used for protection of the back-office second model segment namely, for communication protection between the WEB/application server and database server. In this configuration, a simplified blockdiagram is given on Fig. 3, it is necessary to implement a special cryptographic component on the WEB/application server, named CPG gateway, which is used for establishing secure communication (strong user authentication and cryptographic tunnel) between WEB/application server and database server. In this way, all communication between WEB/application server and database server is encrypted and only servers with CPG gateway could have access to the database server.

6 6 DeMilitarized Zone (DMZ) WEB or application СЕРВЕР server БОНИТЕТ ПККС CPG Internal network Database СЕРВЕР server БАЗЕ БОНИТЕТ CPG Crypto Gateway API Figure 3: Security protection between WEB/application server and database server

Security Policy Revision Date: 23 April 2009

Security Policy Revision Date: 23 April 2009 Security Policy Revision Date: 23 April 2009 Remote Desktop Support Version 3.2.1 or later for Windows Version 3.1.2 or later for Linux and Mac 4 ISL Light Security Policy This section describes the procedure

More information

Tel: 905.940.9000 Toll-Free: 800.668.5769 Fax: 905.940.9009 Oct 2005 Email: info@cail.com Website: www.cail.com. CAIL Security Facility

Tel: 905.940.9000 Toll-Free: 800.668.5769 Fax: 905.940.9009 Oct 2005 Email: info@cail.com Website: www.cail.com. CAIL Security Facility Tel: 905.940.9000 Toll-Free: 800.668.5769 Fax: 905.940.9009 Oct 2005 Email: info@cail.com Website: www.cail.com CAIL Security Facility Table of Contents A. Overview B. CAIL Security Solutions C. Summary

More information

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Using etoken for SSL Web Authentication. SSL V3.0 Overview Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents

More information

SSL VPN vs. IPSec VPN

SSL VPN vs. IPSec VPN SSL VPN vs. IPSec VPN White Paper 254 E. Hacienda Avenue Campbell, CA 95008 www.arraynetworks.net (408) 378-6800 1 SSL VPN vs. IPSec VPN Copyright 2002 Array Networks, Inc. SSL VPN vs. IPSec VPN White

More information

Cornerstones of Security

Cornerstones of Security Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to

More information

PrivyLink Internet Application Security Environment *

PrivyLink Internet Application Security Environment * WHITE PAPER PrivyLink Internet Application Security Environment * The End-to-end Security Solution for Internet Applications September 2003 The potential business advantages of the Internet are immense.

More information

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise

More information

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES Table of contents 1.0 SOFTWARE 1 2.0 HARDWARE 2 3.0 TECHNICAL COMPONENTS 2 3.1 KEY MANAGEMENT

More information

Citrix MetaFrame XP Security Standards and Deployment Scenarios

Citrix MetaFrame XP Security Standards and Deployment Scenarios Citrix MetaFrame XP Security Standards and Deployment Scenarios Including Common Criteria Information MetaFrame XP Server for Windows with Feature Release 3 Citrix Systems, Inc. Information in this document

More information

ISM/ISC Middleware Module

ISM/ISC Middleware Module ISM/ISC Middleware Module Lecture 13: Security for Middleware Applications Dr Geoff Sharman Visiting Professor in Computer Science Birkbeck College Geoff Sharman Sept 07 Lecture 13 Aims to: 2 Show why

More information

Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2

Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2 BlackBerry Enterprise Service 10 BlackBerry Device Service Solution Version: 10.2 Security Technical Overview Published: 2014-09-10 SWD-20140908123239883 Contents 1 About BlackBerry Device Service solution

More information

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0 EUCIP - IT Administrator Module 5 IT Security Version 2.0 Module 5 Goals Module 5 Module 5, IT Security, requires the candidate to be familiar with the various ways of protecting data both in a single

More information

Steelcape Product Overview and Functional Description

Steelcape Product Overview and Functional Description Steelcape Product Overview and Functional Description TABLE OF CONTENTS 1. General Overview 2. Applications/Uses 3. Key Features 4. Steelcape Components 5. Operations Overview: Typical Communications Session

More information

ERserver. iseries. Secure Sockets Layer (SSL)

ERserver. iseries. Secure Sockets Layer (SSL) ERserver iseries Secure Sockets Layer (SSL) ERserver iseries Secure Sockets Layer (SSL) Copyright International Business Machines Corporation 2000, 2002. All rights reserved. US Government Users Restricted

More information

Introduction. Haroula Zouridaki Mohammed Bin Abdullah Waheed Qureshi

Introduction. Haroula Zouridaki Mohammed Bin Abdullah Waheed Qureshi Introduction Haroula Zouridaki Mohammed Bin Abdullah Waheed Qureshi Introduction Comparing Secure Hypertext protocol (S-HTTP) to Secure Socket Layer (SSL) Agenda Waheed opens the presentation introduces

More information

PrivyLink Cryptographic Key Server *

PrivyLink Cryptographic Key Server * WHITE PAPER PrivyLink Cryptographic Key * Tamper Resistant Protection of Key Information Assets for Preserving and Delivering End-to-End Trust and Values in e-businesses September 2003 E-commerce technology

More information

Chapter 8. Network Security

Chapter 8. Network Security Chapter 8 Network Security Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security Some people who

More information

Overview. SSL Cryptography Overview CHAPTER 1

Overview. SSL Cryptography Overview CHAPTER 1 CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure

More information

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY) E-Commerce Security An e-commerce security system has four fronts: LECTURE 7 (SECURITY) Web Client Security Data Transport Security Web Server Security Operating System Security A safe e-commerce system

More information

Case Study for Layer 3 Authentication and Encryption

Case Study for Layer 3 Authentication and Encryption CHAPTER 2 Case Study for Layer 3 Authentication and Encryption This chapter explains the basic tasks for configuring a multi-service, extranet Virtual Private Network (VPN) between a Cisco Secure VPN Client

More information

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public

More information

Top 10 Questions to Ask when Choosing a Secure File Transfer Solution

Top 10 Questions to Ask when Choosing a Secure File Transfer Solution Top 10 Questions to Ask when Choosing a Secure File Transfer Solution Top 10 Questions to Ask when Choosing a Secure File Transfer Solution Companies that have made an investment in a Secure File Transfer

More information

Secure Network Communications FIPS 140 2 Non Proprietary Security Policy

Secure Network Communications FIPS 140 2 Non Proprietary Security Policy Secure Network Communications FIPS 140 2 Non Proprietary Security Policy 21 June 2010 Table of Contents Introduction Module Specification Ports and Interfaces Approved Algorithms Test Environment Roles

More information

Table of Contents. 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2

Table of Contents. 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2 Table of Contents 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2 2 Features and Benefits 2-1 Key Features 2-1 Support for the Browser/Server Resource Access Model 2-1 Support for Client/Server

More information

Chapter 10. Network Security

Chapter 10. Network Security Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce

More information

Chapter 2 TOPOLOGY SELECTION. SYS-ED/ Computer Education Techniques, Inc.

Chapter 2 TOPOLOGY SELECTION. SYS-ED/ Computer Education Techniques, Inc. Chapter 2 TOPOLOGY SELECTION SYS-ED/ Computer Education Techniques, Inc. Objectives You will learn: Topology selection criteria. Perform a comparison of topology selection criteria. WebSphere component

More information

Ciphire Mail. Abstract

Ciphire Mail. Abstract Ciphire Mail Technical Introduction Abstract Ciphire Mail is cryptographic software providing email encryption and digital signatures. The Ciphire Mail client resides on the user's computer between the

More information

Snow Agent System Pilot Deployment version

Snow Agent System Pilot Deployment version Pilot Deployment version Security policy Revision: 1.0 Authors: Per Atle Bakkevoll, Johan Gustav Bellika, Lars, Taridzo Chomutare Page 1 of 8 Date of issue 03.07.2009 Revision history: Issue Details Who

More information

SECTION 1: INTRODUCTION

SECTION 1: INTRODUCTION 3117 NETWORK ARCHITECTURE STANDARD OWNER: Security Management Branch ISSUE DATE: 10/25/2011 DISTRIBUTION: All Employees REVISED DATE: 7/1/2013 SECTION 1: INTRODUCTION The California Department of Technology

More information

Global Client Access Managed Communications Solutions. JPMorgan - Global Client Access. Managed Internet Solutions (EC Gateway)

Global Client Access Managed Communications Solutions. JPMorgan - Global Client Access. Managed Internet Solutions (EC Gateway) Managed Communications JPMorgan - Global Client Access Managed Internet (EC Gateway) Managed Communications Overview JPMorgan offers a variety of electronic communications services that are reliable and

More information

Authorize.net modules for oscommerce Online Merchant.

Authorize.net modules for oscommerce Online Merchant. Authorize.net Authorize.net modules for oscommerce Online Merchant. Chapters oscommerce Online Merchant v2.3 Copyright Copyright (c) 2014 oscommerce. All rights reserved. Content may be reproduced for

More information

<Insert Picture Here> Oracle Security Developer Tools (OSDT) August 2008

<Insert Picture Here> Oracle Security Developer Tools (OSDT) August 2008 Oracle Security Developer Tools (OSDT) August 2008 Items Introduction OSDT 10g Architecture Business Benefits Oracle Products Currently Using OSDT 10g OSDT 10g APIs Description OSDT

More information

Introducing etoken. What is etoken?

Introducing etoken. What is etoken? Introducing etoken Nirit Bear September 2002 What is etoken? Small & portable reader-less Smartcard Standard USB connectivity Logical and physical protection Tamper evident (vs. tamper proof) Water resistant

More information

MetaFrame Presentation Server Security Standards and Deployment Scenarios Including Common Criteria Information

MetaFrame Presentation Server Security Standards and Deployment Scenarios Including Common Criteria Information MetaFrame Presentation Server Security Standards and Deployment Scenarios Including Common Criteria Information Citrix MetaFrame Presentation Server 4.0 for Windows Information in this document is subject

More information

How To Secure Your Data Center From Hackers

How To Secure Your Data Center From Hackers Xerox DocuShare Private Cloud Service Security White Paper Table of Contents Overview 3 Adherence to Proven Security Practices 3 Highly Secure Data Centers 4 Three-Tier Architecture 4 Security Layers Safeguard

More information

Security Goals Services

Security Goals Services 1 2 Lecture #8 2008 Freedom from danger, risk, etc.; safety. Something that secures or makes safe; protection; defense. Precautions taken to guard against crime, attack, sabotage, espionage, etc. An assurance;

More information

How To Understand And Understand The Security Of A Key Infrastructure

How To Understand And Understand The Security Of A Key Infrastructure Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used

More information

Technical Description. DigitalSign 3.1. State of the art legally valid electronic signature. The best, most secure and complete software for

Technical Description. DigitalSign 3.1. State of the art legally valid electronic signature. The best, most secure and complete software for Technical Description DigitalSign 3.1 State of the art legally valid electronic signature The best, most secure and complete software for Adding digital signatures to any document, in conformance with

More information

Chapter 17. Transport-Level Security

Chapter 17. Transport-Level Security Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics

More information

Web Application Entity Session Management using the eid Card Frank Cornelis 03/03/2010. Fedict 2010. All rights reserved

Web Application Entity Session Management using the eid Card Frank Cornelis 03/03/2010. Fedict 2010. All rights reserved Web Application Entity Session Management using the eid Card Frank Cornelis 03/03/2010 Fedict 2010. All rights reserved What is Entity Authentication? Entity authentication is the process whereby one party

More information

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security? 7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk

More information

RELEASE NOTES. Table of Contents. Scope of the Document. [Latest Official] ADYTON Release 2.12.9 - corrections. ADYTON Release 2.12.

RELEASE NOTES. Table of Contents. Scope of the Document. [Latest Official] ADYTON Release 2.12.9 - corrections. ADYTON Release 2.12. Table of Contents Scope of the Document... 1 [Latest Official] ADYTON Release 2.12.9... 1 ADYTON Release 2.12.4... 1 ADYTON Release 2.9.3... 3 ADYTON Release 2.7.7... 3 ADYTON Release 2.6.2... 4 ADYTON

More information

How To Understand The Architecture Of An Ulteo Virtual Desktop Server Farm

How To Understand The Architecture Of An Ulteo Virtual Desktop Server Farm ULTEO OPEN VIRTUAL DESKTOP V4.0.2 ARCHITECTURE OVERVIEW Contents 1 Introduction 2 2 Servers Roles 3 2.1 Session Manager................................. 3 2.2 Application Server................................

More information

Release Notes. NCP Secure Entry Mac Client. Major Release 2.01 Build 47 May 2011. 1. New Features and Enhancements. Tip of the Day

Release Notes. NCP Secure Entry Mac Client. Major Release 2.01 Build 47 May 2011. 1. New Features and Enhancements. Tip of the Day NCP Secure Entry Mac Client Major Release 2.01 Build 47 May 2011 1. New Features and Enhancements Tip of the Day A Tip of the Day field for configuration tips and application examples is incorporated in

More information

PkBox Technical Overview. Ver. 1.0.7

PkBox Technical Overview. Ver. 1.0.7 PkBox Technical Overview Ver. 1.0.7 14 September 2015 All the information in this document is and can t be used entirely or in part without a written permission from Intesi Group S.p.A. Le informazioni

More information

CRYPTOGRAPHY AS A SERVICE

CRYPTOGRAPHY AS A SERVICE CRYPTOGRAPHY AS A SERVICE Peter Robinson RSA, The Security Division of EMC Session ID: ADS R01 Session Classification: Advanced Introduction Deploying cryptographic keys to end points such as smart phones,

More information

Securing access to Citrix applications using Citrix Secure Gateway and SafeWord. PremierAccess. App Note. December 2001

Securing access to Citrix applications using Citrix Secure Gateway and SafeWord. PremierAccess. App Note. December 2001 Securing access to Citrix applications using Citrix Secure Gateway and SafeWord PremierAccess App Note December 2001 DISCLAIMER: This White Paper contains Secure Computing Corporation product performance

More information

ERserver. iseries. Securing applications with SSL

ERserver. iseries. Securing applications with SSL ERserver iseries Securing applications with SSL ERserver iseries Securing applications with SSL Copyright International Business Machines Corporation 2000, 2001. All rights reserved. US Government Users

More information

Lecture VII : Public Key Infrastructure (PKI)

Lecture VII : Public Key Infrastructure (PKI) Lecture VII : Public Key Infrastructure (PKI) Internet Security: Principles & Practices John K. Zao, PhD (Harvard) SMIEEE Computer Science Department, National Chiao Tung University 2 Problems with Public

More information

eid Security Frank Cornelis Architect eid fedict 2008. All rights reserved

eid Security Frank Cornelis Architect eid fedict 2008. All rights reserved eid Security Frank Cornelis Architect eid The eid Project > Provides Belgian Citizens with an electronic identity card. > Gives Belgian Citizens a device to claim their identity in the new digital age.

More information

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Overview of CSS SSL. SSL Cryptography Overview CHAPTER CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers

More information

GENERIC SECURITY FRAMEWORK FOR CLOUD COMPUTING USING CRYPTONET

GENERIC SECURITY FRAMEWORK FOR CLOUD COMPUTING USING CRYPTONET http:// GENERIC SECURITY FRAMEWORK FOR CLOUD COMPUTING USING CRYPTONET Manisha Dawra 1, Ramdev Singh 2 1 Al-Falah School of Engg. & Tech., Vill-Dhauj, Ballabgarh-Sohna Road, Faridabad, Haryana (INDIA)-121004

More information

The Security Framework 4.1 Programming and Design

The Security Framework 4.1 Programming and Design Tel: (301) 587-3000 Fax: (301) 587-7877 E-mail: info@setecs.com Web: www.setecs.com Security Architecture for Development and Run Time Support of Secure Network Applications Sead Muftic, President/CEO

More information

2014 IBM Corporation

2014 IBM Corporation 2014 IBM Corporation This is the 27 th Q&A event prepared by the IBM License Metric Tool Central Team (ICT) Currently we focus on version 9.x of IBM License Metric Tool (ILMT) The content of today s session

More information

SECURELY CONNECTING INSTANT MESSAGING SYSTEMS FOR AD HOC NETWORKS TO SERVER BASED SYSTEMS

SECURELY CONNECTING INSTANT MESSAGING SYSTEMS FOR AD HOC NETWORKS TO SERVER BASED SYSTEMS SECURELY CONNECTING INSTANT MESSAGING SYSTEMS FOR AD HOC NETWORKS TO SERVER BASED SYSTEMS Philipp Steinmetz Introduction Motivation for Tactical Instant Messaging Bandwidth-efficient Silent information

More information

Enhancing your security management

Enhancing your security management Technical WhitePaper Enhancing your security management Compumatica secure networks 2014 Compumatica secure networks www.compumatica.com OVERVIEW NETWORK SECURITY plays an important role for any company

More information

Network Access Security. Lesson 10

Network Access Security. Lesson 10 Network Access Security Lesson 10 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Firewalls Given a scenario, install and configure routers and switches.

More information

PKI Uncovered. Cisco Press. Andre Karamanian Srinivas Tenneti Francois Dessart. 800 East 96th Street. Indianapolis, IN 46240

PKI Uncovered. Cisco Press. Andre Karamanian Srinivas Tenneti Francois Dessart. 800 East 96th Street. Indianapolis, IN 46240 PKI Uncovered Andre Karamanian Srinivas Tenneti Francois Dessart Cisco Press 800 East 96th Street Indianapolis, IN 46240 Contents Introduction XIII Part I Core Concepts Chapter 1 Crypto Refresh 1 Confidentiality,

More information

Securing Ship-to-Shore Data Flow

Securing Ship-to-Shore Data Flow Securing Ship-to-Shore Data Flow Background on Common File Transfer Methods Today corporations, government entities, and other organizations rely on Electronic File Transfers as an important part of their

More information

SECURING SAP NETWEAVER DEPLOYMENTS WITH SAFE-T RSACCESS

SECURING SAP NETWEAVER DEPLOYMENTS WITH SAFE-T RSACCESS SECURING NETWEAVER DEPLOYMENTS A RSACCESS WHITE PAPER SECURING NETWEAVER DEPLOYMENTS 1 Introduction 2 NetWeaver Deployments 3 Safe-T RSAccess Overview 4 Securing NetWeaver Deployments with Safe-T RSAccess

More information

Release Notes. NCP Secure Client Juniper Edition. 1. New Features and Enhancements. 2. Problems Resolved

Release Notes. NCP Secure Client Juniper Edition. 1. New Features and Enhancements. 2. Problems Resolved NCP Secure Client Juniper Edition Service Release: 9.30 Build 102 Date: February 2012 1. New Features and Enhancements The following describe the new features introduced in this release: Visual Feedback

More information

The Seven Habits of State-of-the-Art Mobile App Security

The Seven Habits of State-of-the-Art Mobile App Security #mstrworld The Seven Habits of State-of-the-Art Mobile App Security Mobile Security 8 July 2014 Anand Dwivedi, Product Manager, MicroStrategy strworld Agenda - Seven Habits of State of the Art Mobile App

More information

Understanding digital certificates

Understanding digital certificates Understanding digital certificates Mick O Brien and George R S Weir Department of Computer and Information Sciences, University of Strathclyde Glasgow G1 1XH mickobrien137@hotmail.co.uk, george.weir@cis.strath.ac.uk

More information

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate

More information

Key & Data Storage on Mobile Devices

Key & Data Storage on Mobile Devices Key & Data Storage on Mobile Devices Advanced Computer Networks 2015/2016 Johannes Feichtner johannes.feichtner@iaik.tugraz.at Outline Why is this topic so delicate? Keys & Key Management High-Level Cryptography

More information

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules Dr. Frederic Stumpf, ESCRYPT GmbH Embedded Security, Stuttgart, Germany 1 Introduction Electronic Control Units (ECU) are embedded

More information

INUVIKA OPEN VIRTUAL DESKTOP FOUNDATION SERVER

INUVIKA OPEN VIRTUAL DESKTOP FOUNDATION SERVER INUVIKA OPEN VIRTUAL DESKTOP FOUNDATION SERVER ARCHITECTURE OVERVIEW AND SYSTEM REQUIREMENTS Mathieu SCHIRES Version: 1.0.0 Published March 5, 2015 http://www.inuvika.com Contents 1 Introduction 3 2 Architecture

More information

Security Considerations for DirectAccess Deployments. Whitepaper

Security Considerations for DirectAccess Deployments. Whitepaper Security Considerations for DirectAccess Deployments Whitepaper February 2015 This white paper discusses security planning for DirectAccess deployment. Introduction DirectAccess represents a paradigm shift

More information

: Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT

: Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT Subject Code Department Semester : Network Security : XCS593 : MSc SE : Nineth Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT Part A (2 marks) 1. What are the various layers of an OSI reference

More information

Enterprise Security Management CheckPoint SecuRemote VPN v4.0 for pcanywhere

Enterprise Security Management CheckPoint SecuRemote VPN v4.0 for pcanywhere Enterprise Security Management CheckPoint SecuRemote VPN v4.0 for pcanywhere White Paper 7KH#&KDOOHQJH Virtual Private Networks (VPNs) provides a powerful means of protecting the privacy and integrity

More information

Savitribai Phule Pune University

Savitribai Phule Pune University Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter

More information

CMSC 421, Operating Systems. Fall 2008. Security. URL: http://www.csee.umbc.edu/~kalpakis/courses/421. Dr. Kalpakis

CMSC 421, Operating Systems. Fall 2008. Security. URL: http://www.csee.umbc.edu/~kalpakis/courses/421. Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 Security Dr. Kalpakis URL: http://www.csee.umbc.edu/~kalpakis/courses/421 Outline The Security Problem Authentication Program Threats System Threats Securing Systems

More information

Web Security. Mahalingam Ramkumar

Web Security. Mahalingam Ramkumar Web Security Mahalingam Ramkumar Issues Phishing Spreading misinformation Cookies! Authentication Domain name DNS Security Transport layer security Dynamic HTML Java applets, ActiveX, JavaScript Exploiting

More information

PRIVACY, SECURITY AND THE VOLLY SERVICE

PRIVACY, SECURITY AND THE VOLLY SERVICE PRIVACY, SECURITY AND THE VOLLY SERVICE Delight Delivered by EXECUTIVE SUMMARY The Volly secure digital delivery service from Pitney Bowes is a closed, secure, end-to-end system that consolidates and delivers

More information

Xerox DocuShare Security Features. Security White Paper

Xerox DocuShare Security Features. Security White Paper Xerox DocuShare Security Features Security White Paper Xerox DocuShare Security Features Businesses are increasingly concerned with protecting the security of their networks. Any application added to a

More information

The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions

The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions May 3, 2004 TABLE OF CONTENTS GENERAL PKI QUESTIONS... 1 1. What is PKI?...1 2. What functionality is provided by a

More information

Version Highlights. CertainT 100 SSL Accelerator. Version 2.11. International. New hardware and software version. North America

Version Highlights. CertainT 100 SSL Accelerator. Version 2.11. International. New hardware and software version. North America Version Highlights SSL Accelerator Version 2.11 New hardware and software version North America Radware Inc. 575 Corporate Dr. Suite 205 Mahwah, NJ 07430 Tel 888 234 5763 International Radware Ltd. 22

More information

FileCloud Security FAQ

FileCloud Security FAQ is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file

More information

Fundamental Points of the ABScard Technology

Fundamental Points of the ABScard Technology Fundamental Points of the ABScard Technology Architettura ABSCARD Pagina 1 di 13 General Index 1.Architecture...3 1.1 Introduction...3 1.1.1 Security...4 1.1.2 Management...5 1.1.3 ABScard enterprise version

More information

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP) Security Protocols Security Protocols Necessary to communicate securely across untrusted network Provide integrity, confidentiality, authenticity of communications Based on previously discussed cryptographic

More information

Firewalls. Outlines: By: Arash Habibi Lashkari July 2010. Network Security 06

Firewalls. Outlines: By: Arash Habibi Lashkari July 2010. Network Security 06 Firewalls Outlines: What is a firewall Why an organization ation needs a firewall Types of firewalls and technologies Deploying a firewall What is a VPN By: Arash Habibi Lashkari July 2010 1 Introduction

More information

[SMO-SFO-ICO-PE-046-GU-

[SMO-SFO-ICO-PE-046-GU- Presentation This module contains all the SSL definitions. See also the SSL Security Guidance Introduction The package SSL is a static library which implements an API to use the dynamic SSL library. It

More information

LBSEC. http://www.liveboxcloud.com

LBSEC. http://www.liveboxcloud.com 2014 LBSEC http://www.liveboxcloud.com LiveBox Srl does not release declarations or guarantee regarding this documentation and its use and declines any expressed or implied commercial or suitability guarantee

More information

Implementing Cisco IOS Network Security

Implementing Cisco IOS Network Security Implementing Cisco IOS Network Security IINS v3.0; 5 Days, Instructor-led Course Description Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles

More information

TLS/SSL in distributed systems. Eugen Babinciuc

TLS/SSL in distributed systems. Eugen Babinciuc TLS/SSL in distributed systems Eugen Babinciuc Contents 1. Introduction to TLS/SSL 2. A quick review of cryptography 3. TLS/SSL in distributed systems 4. Conclusions Introduction to TLS/SSL TLS/SSL History

More information

Digital Signatures and Interoperability

Digital Signatures and Interoperability Setting Processes for Electronic Signature Dr. Joachim Schiff On behalf of the SPES Consortium Workgroup City of Saarbruecken IKS Nell-Breuning-Allee 1 D-66115 Saarbruecken Germany Tel. 0049 681 905 5000

More information

Why a Reverse Proxy with My Instant Communicator for mobiles??

Why a Reverse Proxy with My Instant Communicator for mobiles?? Why a Reverse Proxy with My Instant Communicator for mobiles?? INTEGRATED COMMUNICATION SYSTEMS 8AL020043359DRARA, February 2010 What is OmniTouch 8600 My Instant Communicator? Is an aggregator of all

More information

Software Tool for Implementing RSA Algorithm

Software Tool for Implementing RSA Algorithm Software Tool for Implementing RSA Algorithm Adriana Borodzhieva, Plamen Manoilov Rousse University Angel Kanchev, Rousse, Bulgaria Abstract: RSA is one of the most-common used algorithms for public-key

More information

Security Protocols/Standards

Security Protocols/Standards Security Protocols/Standards Security Protocols/Standards Security Protocols/Standards How do we actually communicate securely across a hostile network? Provide integrity, confidentiality, authenticity

More information

Remote Connectivity for mysap.com Solutions over the Internet Technical Specification

Remote Connectivity for mysap.com Solutions over the Internet Technical Specification Remote Connectivity for mysap.com Solutions over the Technical Specification June 2009 Remote Connectivity for mysap.com Solutions over the page 2 1 Introduction SAP has embarked on a project to enable

More information

INF3510 Information Security University of Oslo Spring 2011. Lecture 9 Communication Security. Audun Jøsang

INF3510 Information Security University of Oslo Spring 2011. Lecture 9 Communication Security. Audun Jøsang INF3510 Information Security University of Oslo Spring 2011 Lecture 9 Communication Security Audun Jøsang Outline Network security concepts Communication security Perimeter security Protocol architecture

More information

Using BroadSAFE TM Technology 07/18/05

Using BroadSAFE TM Technology 07/18/05 Using BroadSAFE TM Technology 07/18/05 Layers of a Security System Security System Data Encryption Key Negotiation Authentication Identity Root Key Once root is compromised, all subsequent layers of security

More information

Security Technical. Overview. BlackBerry Enterprise Server for Microsoft Exchange. Version: 5.0 Service Pack: 4

Security Technical. Overview. BlackBerry Enterprise Server for Microsoft Exchange. Version: 5.0 Service Pack: 4 BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 4 Security Technical Overview Published: 2014-01-17 SWD-20140117135425071 Contents 1 New in this release...10 2 Overview...

More information

TrustKey Tool User Manual

TrustKey Tool User Manual TrustKey Tool User Manual 1 Table of Contents 1 Introduction... 5 2 TrustKey Product...6 2.1 TrustKey Tool... 6 2.2 TrustKey function modules...7 2.3 TrustKey using environment...7 3 TrustKey Tool Installation...

More information

IT Networks & Security CERT Luncheon Series: Cryptography

IT Networks & Security CERT Luncheon Series: Cryptography IT Networks & Security CERT Luncheon Series: Cryptography Presented by Addam Schroll, IT Security & Privacy Analyst 1 Outline History Terms & Definitions Symmetric and Asymmetric Algorithms Hashing PKI

More information

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1 Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions

More information

VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui

VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui School of Engineering and Computer Science Te Kura Mātai Pūkaha, Pūrorohiko PO Box 600 Wellington New Zealand Tel: +64 4 463

More information

2012 LABVANTAGE Solutions, Inc. All Rights Reserved.

2012 LABVANTAGE Solutions, Inc. All Rights Reserved. LABVANTAGE Architecture 2012 LABVANTAGE Solutions, Inc. All Rights Reserved. DOCUMENT PURPOSE AND SCOPE This document provides an overview of the LABVANTAGE hardware and software architecture. It is written

More information

BlackBerry Enterprise Server 5.0 SP3 and BlackBerry 7.1

BlackBerry Enterprise Server 5.0 SP3 and BlackBerry 7.1 BlackBerry Enterprise Server 5.0 SP3 and BlackBerry 7.1 Version: 5.0 Service Pack: 3 Security Technical Overview Published: 2012-01-17 SWD-1936256-0117012253-001 Contents 1 Document revision history...

More information

DJIGZO EMAIL ENCRYPTION. Djigzo white paper

DJIGZO EMAIL ENCRYPTION. Djigzo white paper DJIGZO EMAIL ENCRYPTION Djigzo white paper Copyright 2009-2011, djigzo.com. Introduction Most email is sent as plain text. This means that anyone who can intercept email messages, either in transit or

More information