Connect:Direct Secure Plus

For a more complete, full-security solution, the Connect:Direct® Secure Plus is available. This option of IBM® Connect:Direct enables you to select the security protocol to use to secure data during electronic transmission: Transport Layer Security (TLS) or Secure Sockets Layer protocol (SSL). These protocols provide three levels of security:

  • The first level of security is server authentication. It is activated when a trading partner connects to a IBM Connect:Direct server. After the initial handshake, the IBM Connect:Direct server sends its digital certificate to the trading partner. The trading partner checks that it has not expired and that it has been issued by a certificate authority the trading partner trusts.
  • The second level of security, called client authentication, requires that the trading partner send its own certificate. If enabled, the IBM Connect:Direct server requests certificate information from the trading partner, after it returns its certificate information. If the client certificate is signed by a trusted source, the connection is established.
  • The third level of security requires that a certificate common name be verified. The Connect:Direct Secure Plus server searches the certificate file it receives from the trading partner and looks for a matching certificate common name. If the server cannot find the certificate common name, communication fails.

Connect:Direct Secure Plus includes the following encryption algorithms:

  • Symmetric—AES, DES, 3DES, RC4
  • Asymmetric—RSA
  • FIPS—Leverages Crypto-C, which is IBM's FIPS 140-2 validated security module on the UNIX, Microsoft Windows, and z/OS® platforms and leverages the IBM eServer™ cryptographic coprocessor on the mainframe. The following FIPS-validated algorithm implementations are supported in Connect:Direct Secure Plus:
    • DES, FIPS 46-3, NIST Certificate #160
    • 3DES, FIPS 46-3, NIST Certificate #100
    • SHA-1, FIPS 180-1, NIST Certificate #89
    • AES, FIPS 197, NIST Certificate #5
    • DSA, FIPS 186-2, NIST Certificate #70

    FIPS compliance can be achieved with IBM Connect:Direct only by installing Connect:Direct Secure Plus and enabling FIPS mode on the supported platforms.