In Electronic Data Interchange (EDI), digital certificates can be used to secure data transfers between systems. Certificates can encrypt the data transfer in multiple ways. First, the data itself could be encrypted, making it unreadable by any receiving system unless it has the proper decryption key. Second, the communication channel that the data is being sent through could be encrypted. Third, encryption could apply to both the data and communications channel. It is common for certificates to secure AS2 communication (data encryption) or SSL connections (communication channel encryption). Continue reading
Successful AS2 communications require a balancing act between two conflicting demands: your infrastructure has to be open enough to talk with your trading partners, but secure enough to keep out intruders and repel attacks. The familiar firewall is the tool of choice to resolve this, but it still requires that you tell your trading partner which ports are open. This could expose your network to security lapses on their end. Fortunately, there are several options available to minimize or eliminate this risk.
An obvious solution is to restrict incoming traffic only to the known IP addresses of your trading partners. While this is a good start, some other problems present themselves. Continue reading
In my last blog post, “SSL: What is “two-way” authentication?” I gave an overview of the types of authentication involved in an SSL communication. Now I’d like to talk about a recent customer implementation that required SSL two-way authentication, an authentication issue that we encountered along the way and the troubleshooting that went into getting this issue resolved.
In this implementation project, our customer was going to be setting up EXTOL’s EBI application to communicate with a third-party electronic invoicing vendor. One of the requirements was that the communication with the vendor would be done over SSL using two-way authentication. Because EXTOL was doing the initial communications/connectivity implementation and setup on behalf of our customer, the vendor sent an electronic form for us to fill out. One of the main pieces of information that the vendor required was the IP address from which we would be communicating. This was important because the vendor specifically only allowed incoming communications through their firewall from approved/authorized IP addresses. Once that was set up, the vendor supplied us with a certificate that identified their server. EBI was then configured to trust their server certificate, and that part of the setup was completed.
I was recently working on a project for a customer that involved setting up communications between EXTOL’s EBI product and a third-party electronic invoicing provider. At the outset of this project, looking over the communications requirements, most seemed very typical and straightforward. However, one of the requirements took things a step further: the SSL communication will include two-way authentication. Using two-way authentication in SSL is just becoming more prevalent as security issues are becoming a higher priority and security requirements are becoming increasingly more stringent.
Let’s start with an explanation of two-way authentication, which involves three things — SSL, server authentication and client authentication. Continue reading