|
1
|
|
|
2
|
- Multiple Websites
- San Diego, CA
- Hackensack, NJ
- Raleigh, NC
- Albany NY
- Multiple Communication Links
- Telephone Company
- Cable
- Wireless
|
|
3
|
|
|
4
|
|
|
5
|
- Industry Standard
- Encryption
- Authentication & Authorization
- Digital certificates
- Application Specific
- Client document/data segregation
- Permissions
- Document level encryption
- Timeouts
- VPN Tunneling
|
|
6
|
- INDUSTRY STANDARD
- OFF THE SHELF
- E-COMMERCE LEVEL PROTECTIONS
|
|
7
|
- Securing content during Internet transmission
- SSL = Secured Socket Layer
- 128 bit encryption
- How do you detect?
- https://
|
|
8
|
- The Login Process
- Authentication
- Authorization
- Password
- Am I authorized?
- Determines content permissions
|
|
9
|
- Digital certificates – Authorized site
- Secure your Web site and display the VeriSign Secure Site Seal to
assure your customers that your Web site is authentic and that all
transactions are secured by SSL encryption.
- International customers are served by the VeriSign Trust Network of
International affiliates.
|
|
10
|
- APPLICATION SPECIFIC
- CUSTOM TAILORED
- MORE IMPORTANT THAN E-COMMERCE STANDARDS
|
|
11
|
- Insuring Separation
- Index data & document images
- Stored on separate servers
- Database server
- Document image server
- Stored in separate paths
- Client dedicated servers
- As requested by client
- Client pays for cost of hardware & associated software
- Access IP’s & Domains
- Unique addressing
- By client and/or by client application
- URL https://nnn.nnn.nnn.nnn
- Domain https://www.abtserver.com/appname
|
|
12
|
- What do you have permission to access?
- Document level
- Specific documents & document groups or sections
- Common to AR, AP, Healthcare, HR, Loans, Contracts
- Report level
- Reports or report groups generally by department
- Used in broadcasted report distribution
- Content level
- Index determined
- Account #, Dept #, Name, Date, Document Type, etc.
- Document content – data documents only
- Inclusive or Exclusive based on document data content
|
|
13
|
|
|
14
|
|
|
15
|
- Also know as “token”
authentication
- Must know token value to open document
- Documents encrypted with unique token password
- Generated when document is retrieved & sent
- Token value can be refreshed at any frequency
- Static or dynamic generation
- Existing token or new token per document event
- Dynamic requires email notification/authorization
- Most secure form of authenticating “right to view”
- Only way to guarantee authenticity of viewing entity
- A winner with Legal and IT departments
- The only truly defensible Reg compliant methodology
|
|
16
|
- Managing session & content exposure?
- Forced timeouts
- Fixed session timeframe
- Re-authentication required every “n” minutes
- Inactivity timeouts
- Re-authenticate within span of last activity
- Based on absence of user activity within “n” minutes
- Viewing timeouts
- Blank out view of image within “n” minutes
- Removes the image from the workstation screen
|
|
17
|
- Backend Document Warehousing Approach
- Extranet/Intranet/VPN Client Access Point
- Session authentication/authorization is Client controlled
- XML exchanges between Client’s servers & ABT servers
- Application features remain intact
- Application defined permissions
- Document “token value” security
- Secure document image Internet transmission
- Document image “code key” access control
- Requesting server/workstation authentication
|
|
18
|
|
|
19
|
|
Notes