DEP Documentation DEP Customer's Host Programmers Guidelines



Similar documents
DEP Documentation DEP/EM User Manual

DEP Documentation DEP ATOS Worldline Security Officer Guide

DEP RSA Key Loading Program User Manual

Application Note Gemalto.NET 2.0 Smart Card Certificate Enrollment using Microsoft Certificate Services on Windows 2008

SA Server 2.0. Application Note : Evidian SafeKit 7.0.4, Failover

Terms & Conditions. Introduction. The following terms and conditions govern your use of this website (VirginiaHomeRepair.com).

Terms and Conditions

CITRIX SYSTEMS, INC. SOFTWARE LICENSE AGREEMENT

Dell Spotlight on Active Directory Server Health Wizard Configuration Guide

Application Note Gemalto Access Client for windows smart card and EFS on Microsoft Windows Vista

If you do not wish to agree to these terms, please click DO NOT ACCEPT and obtain a refund of the purchase price as follows:

Rethinking Schools Limited Institutional Site License

APPLICATION NOTE. Secure Personalization with Transport Key Authentication. ATSHA204A, ATECC108A, and ATECC508A. Introduction.

Dell One Identity Cloud Access Manager How to Configure vworkspace Integration

Therm-App Software Development Kit License Agreement

All copyright, trade mark, design rights, patent and other intellectual property rights (registered or unregistered) in the Content belongs to us.

SUBSCRIPTION SERVICES.

ALPHA TEST LICENSE AGREEMENT

CKEditor for Drupal License Agreement

REPAIR SERVICES AND PROCESSING FEES.

TERMS and CONDITIONS OF USE - NextSTEPS TM

Provider secure web portal & Member Care Information portal Registration Form

You are authorised to view and download one copy to a local hard drive or disk, print and make copies of such printouts, provided that:

DEP Documentation DEP Glossary

TERMS AND CONDITIONS

WORKFLOW INTEGRATOR INSTALLATION GUIDE

Provider Web Portal Registration Form

BlackBerry Business Cloud Services. Version: Release Notes

DIGIPASS CertiID. Getting Started 3.1.0

Quartz Legal Terms and Conditions

Web site Terms and Conditions

Web Site Development Agreement

New Security Features

"Certification Authority" means an entity which issues Certificates and performs all of the functions associated with issuing such Certificates.

Copyright Sagicor Life Insurance Company. All rights reserved.

TERMS & CONDITIONS. Introduction

Terms & Conditions Template

Configuring a GB-OS Site-to-Site VPN to a Non-GTA Firewall

Application Note. Gemalto s SA Server and OpenLDAP

PLEASE READ THESE TERMS AND CONDITIONS OF USE CAREFULLY. THESE TERMS AND CONDITIONS MAY HAVE CHANGED SINCE USER S LAST VISIT TO THIS SITE.

Transglobal Secure Collaboration Program Secure v.1 Gateway Design Principles

Terms and Conditions

ZIMPERIUM, INC. END USER LICENSE TERMS

Dell Migration Manager for Enterprise Social What Can and Cannot Be Migrated

ELKHART COUNTY BOARD OF REALTORS AND MULTIPLE LISTING SERVICE OF ELKHART COUNTY INC. VIRTUAL OFFICE WEBSITE (VOW) LICENSE AGREEMENT

BlackBerry Enterprise Server. BlackBerry Administration Service Roles and Permissions Version: 5.0 Service Pack: 4.

TERMS OF USE & GENERAL PRIVACY POLICY

CENTRAL SAVINGS BANK BUSINESS INTERNET BANKING AGREEMENT

Total Disaster Recovery in Clustered Storage Servers

Privacy Policy and Terms of Use

Terms of Use Mercer BenefitsCentral SM

AccelPro SSL VPN v3.1.9 AccelPro SSL VPN. End User Installation Guide for Director General Of Hydro Carbon Users

E-Sign Disclosure & E-Statements Terms and Conditions

GlaxoSmithKline Single Sign On Portal for ClearView and Campaign Tracker - Terms of Use

Collaborative and Agile Project Management

WEBSITE TERMS & CONDITIONS. Last updated March 27, 2015

VIRTUAL OFFICE WEBSITE LICENSE AGREEMENT

4. Included Setup and Options i. Initial phone consultation on your setup and call flow as outlined below. 1. PBX Minutes 2. PBX Minutes

We suggest you retain a copy of these End User Terms of Use for your records.

How To Use Merrimack Web Site

AGREEMENT BETWEEN USER AND Global Clinical Research Management, Inc.

By placing an order with International Checkout Inc. and / or using its website, you agree and are bound to the Terms & Conditions below.

Website TERMS OF USE AND CONDITIONS

MRMLS LISTING INFORMATION LICENSE AGREEMENT

Affiliate means a legal entity that is owned by or under common ownership with Stratus Technologies Ireland Limited.

Organized, Hybridized Network Monitoring

CO-MARKETING AGREEMENT

SafeNet Authentication Service

Dell One Identity Cloud Access Manager How To Deploy Cloud Access Manager in a Virtual Private Cloud

SAMPLE RETURN POLICY

LETTER OF INTENT FOR BUSINESS TRANSACTION & GUIDELINES

END USER LICENSE AGREEMENT FOR SLICKEDIT(R) CORE SOFTWARE IMPORTANT

"Owner" "Designer" 1. Description of the Services. "Website" Schedule A "Services" 2. Design Team. "Design Team" 3. Term / Scheduling.

The name of the Contract Signer (as hereinafter defined) duly authorized by the Applicant to bind the Applicant to this Agreement is.

AGREEMENT BETWEEN USER AND International Network of Spinal Cord Injury Nurses

New Security Features

User Agreement. Quality. Value. Efficiency.

PLEASE READ THIS AGREEMENT CAREFULLY. BY INSTALLING, DOWNLOADING OR OTHERWISE USING THE SOFTWARE, YOU AGREE TO THE TERMS OF THIS AGREEMENT.

ADDENDUM ThomasNet Mirrored Site Program

The Credit Control, LLC Web Site is comprised of various Web pages operated by Credit Control, LLC.

TERMS & CONDITIONS: LIMITED LICENSE:

Terms of Service. 1. Acceptance Of Terms. 2. Use Of Customer Information And Privacy Policy. 3. Ownership Of Site Content

Boundary Encryption.cloud Deployment Process Overview

Jozii LLC WEBSITE TERMS OF SERVICE

GENOA, a QOL HEALTHCARE COMPANY WEBSITE TERMS OF USE

IP Tunnels September 2014

CA Nimsoft Monitor. Probe Guide for Internet Control Message Protocol Ping. icmp v1.1 series

Partners in Care Welch Allyn Connex Software Development Kit License Agreement

How To Use The Blog Safely And Responsibly

Web Security Firewall Setup. Administrator Guide

Service Agreement: January 2008

Revised 10/13 SUBSCRIBER AGREEMENT. Introduction

Statement of Work. for. Online Event Registration Product Deployment for Salesforce Implementation. for. Open Web Application Security Project (OWASP)

Application Note. Intelligent Application Gateway with SA server using AD password and OTP

Beyond the Hype: Advanced Persistent Threats

Dell InTrust Preparing for Auditing Cisco PIX Firewall

Remote Firewall Deployment

Managing for the Long Term: Keys to Securing, Troubleshooting and Monitoring a Private Cloud

IICLE ONLINE SUBSCRIPTIONS TERMS AND CONDITIONS

Transcription:

Haachtsesteenweg 1442 1130 Brussels Belgium DEP Documentation DEP Customer's Host Programmers Guidelines Version: 04.01

Atos Worldline - Technology & Products / Engineering / DEP Page: 2/10 Version Management Report Version Name(s) Date Comments 01.00 TheSteamFactory 17/10/2002 Document for CC certification 03.00 F. Demaertelaere 21/01/2003 Document in package 03.01 M. Haest, P.Stienon 09/03/2006 General comments 04.00 Anna Papayan 16/03/2011 Change the template into Atos Worldline. 04.01 Joris Delclef 31/05/2011 Load balancing and Failover guidelines.

Atos Worldline - Technology & Products / Engineering / DEP Page: 3/10 CONFIDENTIALITY The information in this document is confidential and shall not be disclosed to any third party in whole or in part without the prior written consent of Atos Worldline S.A./N.V. COPYRIGHT The information in this document is subject to change without notice and shall not be construed as a commitment by Atos Worldline S.A./N.V. The content of this document, including but not limited to trademarks, designs, logos, text, images, is the property of Atos Worldline S.A/N.V. and is protected by the Belgian Act of 30.06.1994 related to author s right and by the other applicable Acts. The contents of this document must not be reproduced in any form whatsoever, by or on behalf of third parties, without the prior written consent of Atos Worldline S.A./N.V. Except with respect to the limited license to download and print certain material from this document for non-commercial and personal use only, nothing contained in this document shall grant any license or right to use any of Atos Worldline S.A./N.V. s proprietary material. LEGAL DISCLAIMER While Atos Worldline S.A./N.V. has made every attempt to ensure that the information contained in this document is correct, Atos Worldline S.A./N.V. does not provide any legal or commercial warranty on the document that is described in this specification. The technology is thus provided as is without warranties of any kind, expressed or implied, included those of merchantability and fitness for a particular purpose. Atos Worldline S.A./N.V. does not warrant or assume any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, product or process disclosed. To the fullest extent permitted under applicable law, neither Atos Worldline S.A./N.V. nor its affiliates, directors, employees and agents shall be liable to any party for any damages that might result from the use of the technology as described in this document (including without limitation direct, indirect, incidental, special, consequential and punitive damages, lost profits). JURISDICTION AND APPLICABLE LAW These terms shall be governed by and construed in accordance with the laws of Belgium. You irrevocably consent to the jurisdiction of the courts located in Brussels for any action arising from or related to the use of this document. sa Atos Worldline nv Chaussée de Haecht 1442 Haachtsesteenweg B-1130 Bruxelles-Brussel - Belgium RPM-RPR Bruxelles-Brussel - TVA-BTW BE 0418.547.872

Atos Worldline - Technology & Products / Engineering / DEP Page: 4/10 TABLE OF CONTENTS TABLE OF CONTENTS... 4 1. SCOPE OF THE DOCUMENT... 5 1.1. REFERENCES... 5 1.2. CONTACTING ATOS WORLDLINE... 5 2. SET-UP GUIDELINES... 6 3. PROGRAMMING GUIDELINES... 7 4. OTHER SECURITY GUIDELINES... 8 5. LOAD BALANCING AND FAILOVER GUIDELINES... 9

Atos Worldline - Technology & Products / Engineering / DEP Page: 5/10 1. SCOPE OF THE DOCUMENT This document describes how a Customer s Host Programmer can access the security services delivered by the DEP, load balancing and failover mechanisms, and gives some hints on how to implement these mechanisms in their host. It describes the documents that have to be used by the Customer s Host Programmer, and lists security issues that have to be taken into account. 1.1. REFERENCES This document contains references to other documents about the DEP. This paragraph gives a list of all the documents referred to. DEP Host Interface Protocol DEP DS3 and DS4 Principles There are no references made to the following documents, but they could be useful to understand this document. DEP Introduction to DEP DEP General Architecture DEP Glossary 1.2. CONTACTING ATOS WORLDLINE You can visit Atos Worldline on the World Wide Web to find out about new products and about various other fields of interest. URL: www.atosworldline.com. For the documentation visit http://www.banksys.com web page. For support on issues related to DEP, customers, partners, resellers, and distributors can send an email to the DEP Hotline: mailto:dephotline-atosworldline@atosorigin.com.

Atos Worldline - Technology & Products / Engineering / DEP Page: 6/10 2. SET-UP GUIDELINES Logical access to the DEP Platform allows the execution of the security services provided. Atos Worldline suggests to limit the logical and physical accessibility to the DEP Platform, e.g. in a computer room with access control and with access to the DEP Platform only for the staff needing it. If the DEP Platform is connected to a host that needs access to the security services of the DEP Crypto Modules, Atos Worldline suggests using a point-to-point connection between the host and the DEP Platform. It is the task of the Customer s Host Programmer to ensure that only the applications that are authorized to use the available security services have access to the logical connection(s) with the DEP Platform containing the DEP Crypto Modules.

Atos Worldline - Technology & Products / Engineering / DEP Page: 7/10 3. PROGRAMMING GUIDELINES The communication protocol that is used to communicate with the DEP Platform is described in the document DEP Host Interface Protocol. The commands asking (cryptographic) functions to the DEP are sent in DS2, DS3 or DS4 format. The format DS2 is described in the document DEP Host Interface Protocol, and a full description of the DS3 and DS4 formats can be found in the document DEP DS3 and DS4 Principles. A list of the functions/interfaces that is available for specific Application Software, together with the details given in the manual of the dedicated Application Software. Either the list of interfaces is available in the Integration Manual of the dedicated Application Software and the details are specified in the complete Detailed Functional Specifications document of each library available in the Application Software, Or there is one document describing all the interfaces in detail available in the Application Software (Detailed Functional Specification document at Application Software level).

Atos Worldline - Technology & Products / Engineering / DEP Page: 8/10 4. OTHER SECURITY GUIDELINES The Customer s Host Programmer must interpret the interfaces available in the Application Software and use them securely. This strongly depends on the security services that are available. Because Atos Worldline also implements international standard algorithms, Atos Worldline cannot be responsible for the weakness of the algorithm (e.g. collisions in some standardized hashing algorithm). It is the task of the Customer s Host Programmer to: When data has to be encrypted by the DEP Crypto Module, the correct clear data has to be sent to the DEP Crypto Module. When data has to be decrypted by the DEP Crypto Module, the confidentiality of the clear data has to be guaranteed. When the DEP Crypto Module has to provide data integrity, send the correct data to the DEP Crypto Module. When data integrity has to be checked by the DEP Crypto Module, guarantee that the answer of the integrity check is not modified. When the DEP Crypto Module has to provide non-repudiation, send the correct data to the DEP Crypto Module. When non-repudiation has to be checked by the DEP Crypto Module, guarantee that the answer of the non-repudiation check is not modified. When cryptographic keys are sent to the DEP Crypto Module, guarantee that the cryptographic keys are strong.

Atos Worldline - Technology & Products / Engineering / DEP Page: 9/10 5. LOAD BALANCING AND FAILOVER GUIDELINES This chapter describes best practices for Distributing the host workload across multiple DEP platforms for guaranteeing optimal DEP response times; Detecting that a DEP platform is unavailable to inform operators that they must solve the problem thus guaranteeing fast recovery of the DEP platform; Detecting that a DEP platform is available again after having been unavailable. The best practices described below are for DEP Platforms that are connected to a host that implements that provides so called DEP router or DEP handler services to its applications. 1. Initialize the host application with configuration parameters such as o IP addresses of the DEP platforms that are available for the host, o The number of DEP/PCI cards that are present in each DEP platform, o Time out; this can be global to all DEP platforms. The time out that is set on the host should be bigger than the time out on the DEP Platform. 2. When the host application is initialized o For every IP address, initialize multiple connections on the DEP platform. A DEP platform accepts a maximum of 128 connections; however from a certain number of connections, there is no performance gain anymore. The threshold is different for every application and can only be known by testing. Typically, 2 to 4 connections on a DEP platform with 1 DEP/PCI card and 4 to 8 connections on a DEP platform with 2 DEP/PCI cards is a good guideline. o Distribute the host workload across the connections, for example by means of the round-robin algorithm, see http://en.wikipedia.org/wiki/round-robin. 3. Use the EDP protocol and address the pool by setting the device address to 0x00 (see DEP Host Interface protocol ). For DEP platforms that are equipped with 2 PCI cards, the DEP platform will itself distribute the host requests to the PCI card that is free. 4. When a DEP Platform returns an error code (see DEP Host Interface protocol to understand the different error types) or when it doesn t respond in the preconfigured time out, the host may decide to close the connections related to that DEP Platform. o From Venus 4.2.7, a DEP Platform that is equipped with 2 DEP/PCI cards returns only once an error to the host and then routes all new host requests to the DEP/PCI card that is still available, this means that the DEP Platform remains available for the host but it behaves as if only 1 DEP/PCI card is present. o For Venus versions below 4.2.7, the DEP Platform doesn t distinguish between DEP/PCI cards that are available or not and keeps on sending the host requests to both cards, this means that the host will continue to receive error messages. In the latter the host may decide to route the host requests to individual DEP/PCI cards by setting the device address

Atos Worldline - Technology & Products / Engineering / DEP Page: 10/10 to 0x01 or 0x02, depending on the DEP/PCI card that returned an error. 5. The host may keep track of all DEP Platforms that are unavailable and check regularly (the time interval could be set with a global parameter) whether the platform is available again. o When the host was unavailable because of DEP connectivity problems (e.g. time-out) the host may send for example an I_STD_ECHO command. When a valid response is received, the connections can be used again for applicative messages. o When the host was unavailable because of DEP applicative problems (e.g. a key that is not present in the key table) the host may send an applicative message but when still unavailable, the same message should be sent to another connection, otherwise too many transactions would fail.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information