Hi list, I have a project to secure data transfers between sites. These transfers are made using the Internet (email,HTTP,FTP), WAN links (leased lines, radio, frame-relay, etc.). I am evaluating some solutions and I ended up with two:
1- Syntrex BDE (Business Data Exchange) from Syntrex - Italy. Below is a short description of the product: ==> Syntrex BDE system is a multi-tier application for enterprise-level business data exchange on the Internet and IP networks. Unlike IP tunneling technology (such as VPN or SSL), BDE operates at the document or application level using standard protocols so that security, authentication and audit trails can be maintained. BDE employs sophisticated digital certificates, encryption, authentication and digital signature technologies. High-end cryptographic techniques are used to ensure document: Authenticity Integrity Confidentiality Sender and receiver identification and authenticity When a transfer is initiated, documents may be sourced from the local file system, a shared file system, or an FTP server. Each document is individually digitally signed, compressed and encrypted before leaving the client platform. All operations are carried on transparently to the sending user or system. On the server side all activities and the users� digital signatures are logged in a standard database. When a document is sent, it is transported to the central server where it is stored encrypted until retrieved by the recipient's BDE client. BDE's cryptography and user authentication is based on a public-key infrastructure (PKI) approach. The system has its own internal PKI or can be interfaced with major third-party PKIs. BDE is able to positively identify the parties involved in n exchange. BDE meets this requirement by using digital certificates as defined by the ISO X509v3 standard. The CA issues digital certificates that allow the use of a BDE Client after using commercially acceptable means to verify the identity of the person or company requesting the digital certificate. A digital certificate is used for every BDE user as a means of identification, and the certificate is verified within the CA system before any document is received. The digital certificate is, as a default, stored encrypted on the user's file system in standard PKI file formats. Alternately, the certificate can be carried on a card or a diskette. -------------------------------------------------------------------------- 2- RSA tokens using TripleDES running at the IBM mainframe integrated with ICFS. So far I don't have further information about this solution. -------------------------------------------------------------------------- I have to justify the 1st choice, so I need some information on how and why the Syntrex solution is a better one or if the X.509v3 certificates are better than TripleDES encryption or whatever info you can send me regarding this issue. Thanks in advance. Mario Behring __________________________________________________ Do You Yahoo!? Sign up for SBC Yahoo! Dial - First Month Free http://sbc.yahoo.com
