Solutions for Business Integrators
Securely transfer files and other data
So you you need to send or receive the important data and security of the information is a must. If you need to upload or download files or secure the files before transfer over unsecured channels, send secure e-mail or even access remote file systems we have solutions for these tasks. Let us check what we have for you:
Upload and download of files using standard Internet protocols, such as Secure FTP (SFTP or FTPS)
Secure upload and download of files using standard secure Internet protocols such as SFTP and FTPS is the most common data transfer task and should be implemented in minutes. We offer simple yet powerful client-side components that let you transfer files using one of secure file transfer protocols.
SFTP or FTPS. These two protocols are often confused. SFTP stands for SSH File Transfer Protocol and FTPS is FTP over SSL. If you do not know for sure which one to use or just want to know more about the difference between SFTP and FTPS, please read the article in our knowledgebase.
The main advantage of the offered components is that they let you control all aspects of the connection and data transfer procedure. Be it the method of authentication, used cryptographic algorithm or any other security aspect of the connection, you get all what the protocol can offer.
FTPS client component works in both secure and regular non-secure modes. SFTP protocol was designed as a secure protocol and is not usually used in insecure mode.
The components are part of Transports package of BizCrypto product.
Secure transfer over unsecured channels
If you must use only unsecured protocol for data transfer, your task is to encrypt the data before transferring them to the remote site. Two encryption mechanisms are currently used in the industry. Both of them are available with SecureBlackbox.
These mechanisms are OpenPGP and PKI (Public Key Infrastructure). Both these schemes are based on industry standards and are free from proprietary restrictions. Data encrypted using one of these schemes can be read and decrypted using variety of software products.
The main difference between these two mechanisms is the way encryption keys are created and managed.
PKI encrypts data using X.509 certificates. You can create such certificates yourself, but proper use of PKI includes third-party organizations that issue certificates for users. OpenPGP lets you use either conventional passphrases or open PGP keys to encrypt data. Users generate OpenPGP keys themselves. OpenPGP is quite good for ad hoc security, when you need to send data to a limited number of people. PKI is used when your application becomes part of larger infrastructure in which people use certificates widely.
You can add PKI or OpenPGP encryption and signing features to your application using Data Security package of BizCrypto product.
Protect documents and data when sending them to other parties
Data security operations include two operations. They are technologically similar, but very different in purpose: encryption of data and digital signing of data. Encryption is used to prevent unauthorized individuals or hardware systems from accessing the data. Digital signing of data is used to authenticate and identify the author or sender. While these operations serve different purposes, they almost always come in pair so we will describe them together as "securing data".
The industry has created a number of approaches for securing data of different kind. OpenPGP and PKI technologies are used to secure any type of data. They are described above. PDF security is specific to documents in PDF format. XML Security was designed for use primarily with XML-formatted data but can be used to secure any type of data.
PDF security is based on PKI (certificates) for encryption and signing. You can also encrypt documents using symmetric keys such as passwords and passphrases. XML security can use certificates, OpenPGP keys and symmetric keys for encryption, and certificates or OpenPGP keys for digital signing of data.
All mentioned security components are available in Data Security package of BizCrypto product.
Send and receive secure e-mail messages
Secure e-mail is often overlooked as a secure date channel, and the reasons are unclear. E-mail is probably the most widespread way of communication between people over Internet, and it is equally well suited for communicating between automated systems.
E-mail operations include: on the sender side -- composing a message, securing it, sending it. On the client side operations include receiving e-mail and parsing (decomposition) of the received email, possibly with decryption and verification of e-mail signatures.
The widely used S/MIME security technology lets you sign and encrypt e-mail being delivered. BizCrypto offers mail composition and decomposition operations within its MIME and S/MIME Processor.
Besides creation of MIME e-mail, it is necessary to send it. For mail delivery BizCrypto offers SMTP client, which can send e-mail using regular SMTP protocol and also via SMTP-over-SSL. SMTP client component is available in SMTP Transport and requires Professional package of BizCrypto.
Access and manipulate files and directories on remote servers
Remote access to file repositories or just remote file systems remains an important part of many IT related activities. Historically, FTP (File Transfer Protocol) was used to transfer files. Recently SFTP (SSH File Transfer Protocol) gained popularity as the way to not only upload and download files, but perform full scope of file manipulations or the remote system. This includes directory creation and deletion, file renaming and deletion. BizCrypto in its SFTP Transport support for the listed operations.
If your file manipulation needs to include execution of custom commands on a server, you will benefit from having access to the remote shell (console) over SSH protocol. SSH components let you quickly execute one or several commands, or start a shell for you for more sophisticated tasks.
SSH is offered in SSH Transport.
Secure documents for storage and transfer
Digital security of data is often needed in several cases:
- to prove authorship and integrity of document or data using digital signature in order to conform to governmental, industry or corporate requirements,
- to protect a document or data from unauthorized access by encrypting them for data transfer or for further storage
Let us review these tasks in detail:
Proving data authorship and integrity using digital signing and timestamping
Digital signing is used to identify creator or author of a document or data, as well as a person who authorized their distribution. It also protects data against modification during delivery to recipient or readers.
Digital signing requires use of public key technology such as PKI certificates or OpenPGP. Both are supported by BizCrypto. If you have binary data or a document in some custom format, PKI or OpenPGP can be used directly. If your document is in PDF or XML format -- IT industry offers specialized standards for signing them. BizCrypto has components for signing XML and PDF documents as well. PDF signing is based on digital certificates while XML lets you use certificates or OpenPGP keys.
Signing would not be enough without timestamping the signature. BizCrypto is the only digital signature component for Business Servers to include timestamping - a vital part of signing.
Protection of documents or data by encryption
Encryption ensures that data can be encrypted only by those who have the decryption key. This can be either a symmetric key used for encryption, or a private key of a keypair (in public key encryption). BizCrypto offers both symmetric encryption and public key encryption, but focuses on public key encryption, which, for certain reasons, became more popular and more widely used industry standard.
As with digital signing, BizCrypto offers PKI and OpenPGP encryption of any data, and also supports encryption schemas defined in the standards for PDF and XML documents.
PKI offers public key encryption only, while OpenPGP also supports encryption using symmetric keys (passwords or paraphrases). PDF lets you encrypt a document with certificate or with a password. XML encryption can use certificate, OpenPGP key or symmetric key (password or passphrase).
You can add PKI encryption, signing, timestamping and certificate generation features to your application using PKI Processor of BizCrypto product.
For OpenPGP functions (encryption, signing, compression) you need OpenPGP Processor.
BizCrypto supports PDF security operations in its PDF Processor. You can use any PDF generator tool or component to create and manage your PDF documents and PDF Processor will encrypt or sign these documents.
For XML security operations BizCrypto offers XML Processor. These components let you apply security operations, such as encryption, digital signing, decryption and validation of the digital signature.