OFTP Security

The Odette File Transfer Protocol version 2.0 provides a number of new security features including: authentication/authorization, session level encryption, file level encryption, and the signing of files and receipts to help protect the transfer of files.

When using Secure IP as your transport protocol in IBM® Sterling B2B Integrator, a new configuration page opens with following configuration parameters:
  • System Certificate
  • Cipher Strength (Weak, Strong, All)
  • CA Certificate

These new configuration parameters are used if an IP-Client (such as a remote partner) tries to establish an IP connection to IBM Sterling B2B Integrator (a local partner). Once an IP connection is established a handshake protocol is used to create a secure connection between the client and server for IBM Sterling B2B Integrator.

The Odette File Transfer protocol version 2.0 supports:
  • Secure and authenticated communication over the internet using Transport Layer Security (TLS/SSL)
  • File encryption, signing and compression using Cryptographic Message Syntax
  • Signed receipts for the acknowledgement of received files

Secure Authentication (Optional for OFTP 2.0 and higher)

After exchanging Start Session commands (SSID) the Initiator may optionally begin an authentication phase in which each trading partner proofs its identity to the other:
  1. Initiator sends Security Change Direction (SECD).
  2. Responder replies with a Authentication Challenge (AUCH) which contains a Random challenge unique to each session.
  3. The signed challenge is sent back to the responder in the Authentication Response (AURP).
  4. Responder first verifies authenticity of CMS signature. Then it checks the signing certificate. If successful the responder sends back a SECD.
  5. Complementary process of verifying Responder to Initiator.
Note: The Secure Authentication protocol can be enabled or disabled in the OFTP Partner Profile and Physical Partner Contract Secure Authentication box.