The security is becoming increasingly important. Due to well-publicized pirate threats and attacks, almost everyone, from programmers to decision or policy makers understand why good security is particularly important in Internet deployed applications. Unfortunately, though interest in security has grown, a weak understanding persists on how to achieve strong security among programmers and system administrators. If it is necessary to gain familiarity with a growing body of literature, research, technology, and terminology before grasping the main concepts, it is even more difficult to apply practically these complex technologies. Realizing proficiency in all security aspects bears an enormous cost. Not with SOClass platform.
SOClass developers have made it easier than ever, with integrated, ready-to-use tools to build secure solutions. For example object ownership and electronic signature functionality are available in the integrated Government Class Framework (GCF). It is enough to declare an operation as signable, and end-users can e-sign their work with a click of the mouse whilst the system will automatically display which document versions were signed, when and by whom.
The foundation of computer strong security, including e-signature, is a type of cryptography known as public-key cryptography or asymmetric cryptography. Public-key cryptography differs from traditional symmetric, or shared-key cryptography, in its use of two related but slightly different keys. The owner of the key-pair must keep the private key secret whilst the other key, known as the public key, may be distributed far and wide. The keys in the key pair are complementary. Only the private key can decrypt information encrypted with the public key, and the opposite. Only the public key can verify information signed with the private key, and the opposite.
There are several popular public-key algorithms. SOClass includes a proprietary implementation of RSA (Rivest-Shamir-Adleman), supports DSA (Digital Signature Algorithm) and in the future will also support the ECC (Elliptic Curve Cryptography) algorithm.
Another crucial aspect of computer security in distributed environment deals with the confidentiality and authenticity of data exchanged through the network, sometimes via public telecom lines. Hackers can easily interrupt these communications, if not properly enciphered. The standard SOClass package relies on the popular Secure Socket Layer (SSL) algorithm to ensure privacy. The SSL protocol uses a combination of public-key and symmetric key encryption.
SOClass respects the four major aspects of system security:
- System resources access. GCF security mechanisms restrict document access as well as scope of users’ operations, and guarantee that document operations remain within a predefined operation domain. SOClass complies with secure domains, permissions and security policies.
- Authentication. The Application Provider and users are properly authenticated through the use of X.509 certificates. Smart cards are also supported.
- Privacy. This encompasses client-server communication and various mechanisms ensuring information privacy at different stages. For example the user’s password or pass-phrase is stored nowhere, thus secure. What is stored in the administration database is the result of a hash of the password.
- Integrity. SOClass preserves data integrity during distributed processing and database transactions.
Due to the fact that Internet allows information to pass through intermediate computers, pirates can easily interfere with communications between client and server computers. SOClass features built-in mechanisms that prevent security breaches in Internet transactions, and in particular:
- Eavesdropping. Information remains intact, but its privacy is compromised. For example, someone could get your credit card number, record a sensitive conversation, or intercept classified information.
- Tampering. Information in transit is changed or replaced and then sent on to the recipient. For example, someone could alter an order for goods or change a person’s resume.
- Impersonation. Information passes to a person who poses as the intended recipient. Impersonation can take two forms:
- Spoofing. A person can pretend to be someone else. For example, a person can pretend to have the email address firstname.lastname@example.org, or a computer can identify itself as a site called www.soclass.com when it is not. This type of impersonation is known as spoofing.
- Misrepresentation. A person or organization can misrepresent itself. For example, suppose that the site www.pirate.com pretends to be a furniture store when it is really just a site that takes credit-card payments but never sends any goods.
SOClass also supports Security Enhancement Login (SE Login). It extends the standard SOClass Login that allows adding a security code. After login the user receives a security code via some transport layer (SMS, Mail, etc.) or in another way (for example OTP (One-Time Password)).
SOClass provides increased security in user authentication by supporting biometric user identification. Biometrics identification can be fingerprint, face, eye iris or voice recognition. The platform offers fingerprint and is open for custom development of other biometrics authentication implementations like eye iris and voice recognition.