|
Data Secure for SPAZIO OPEN edition (short DSSPOPEN) is an add-on to PRIMEUR’s flagship SPAZIO MFT/S product that will enable the secure transmission of files within the SPAZIO framework. DSSPOPEN is an additional module to the SPAZIO MFT/S product line, expanding on the current security options towards open security protocols.
Companies increasingly rely on electronic FT to exchange data and integrate applications in their distributed environments. SPAZIO MFT/S has gained wide market acceptance and many companies use it on a daily basis as a HUB for managed and secure File Transfer. It is therefore essential that SPAZIO supports secure exchange protocols that are widely accepted and have become de facto standards for Business Data Interchange.
Security features must to be transparent to the application, so that no changes need to be applied to the source code.
Data Secure for SPAZIO OPEN edition is currently available and will add these key functionalities to SPAZIO.
The following security features are offered:
- Standard SSL3/TLS support
- Standard Open PGP support
SSL can functionally provide:
- Peer Entity Authentication
- No tampering
- Encryption
PGP can functionally provide:
- No tampering (proof that the file has not been tampered with during the transport or while in the SPAZIO mailbox)
- File Authentication via PGP Digital Signature
- Encryption
- Non repudiation
|
|
DSSPOPEN is based on the proven and robust DSTK technology to provide its security features. DSSP can therefore be technically defined as the combination of a DSTK engine and the appropriate SPAZIO Connectors. This is the technical architecture, although users may remain unaware of the underlying DSTK engine since they only need to configure the provided Connectors correctly in order to obtain the required security functionality.
SSL Main Features:
- Provides a functional implementation of SSL3/TLS
- Binary compatible with SSL3 / TLS (will interoperate with any standard FTPS client)
- Adds value to SSL because of the infrastructural elements of DSTK:
- Tokens. The keys and certificates needed to perform the secure exchange are kept in a Token. This is the secure and modern way to manage keys. Old and insecure methods such as hiding the keys in system files could potentially compromise the entire security structure.
- Hardware Tokens provide support for Hardware based acceleration and safe storage of the keys, according to the device of choice (HSM, Smart Cards, USB Tokens)
- Tokens can alternatively be implemented in Software (encrypted, emulated versions of Hardware Tokens) for additional flexibility and ease of use.
- CDB. The Certificate Database provides a location for the centralized management of partners' certificates. When required, it also enables CRL checking, a crucial security feature not normally available in other Open SSL implementations.
- Password Database. This provides a central mechanism for application authentication. The passphrase to open the Tokens are kept here in an encrypted format. The application programmer need not be aware of the Token credentials.
- Auditing. All security operations are logged in an appropriate Audit file for later review and control
- Runs transparently as a SPAZIO transport
PGP Main Features:
- Provides a functional implementation of Open PGP specifications
- Binary compatible with any PGP envelope produced by standard PGP clients
- Runs transparently as a SPAZIO End-to-End security mechanism
DSSPOPEN SSL is a link level solution, providing security to the FTP transport channel.
DSSPOPEN PGP is an END-to-END solution, which also provides security for the files in the SPAZIO mailbox. Files residing in the mailbox are secured fashion.
Architecturally the main difference between End-to-End and Link security is that in the former case data will be secured while in the mailbox, whereas in the latter only while in transit.
It is also worth noting that PEA can be performed at the link level, obviously, while proper file authentication and possibly non repudiation, via a digital signature type of service, can only be obtained by the E2E feature.
In the “open” domain, SSL and PGP represent the de facto standards for providing link level or E2E security services.
|
- Symmetric: Des, T-DES, AES
- Asymmetric: RSA up to 4096 bits
- Hashing: MD4, MD5, SHA1, SHA2
- Standards: SSL3, TLS, Open PGP
|
