Connect:Direct Secure Plus
For a more complete, full-security solution, the Connect:Direct® Secure Plus is available. This option of IBM® Connect:Direct enables you to select the security protocol to use to secure data during electronic transmission: Transport Layer Security (TLS) or Secure Sockets Layer protocol (SSL). These protocols provide three levels of security:
- The first level of security is server authentication. It is activated when a trading partner connects to a IBM Connect:Direct server. After the initial handshake, the IBM Connect:Direct server sends its digital certificate to the trading partner. The trading partner checks that it has not expired and that it has been issued by a certificate authority the trading partner trusts.
- The second level of security, called client authentication, requires that the trading partner send its own certificate. If enabled, the IBM Connect:Direct server requests certificate information from the trading partner, after it returns its certificate information. If the client certificate is signed by a trusted source, the connection is established.
- The third level of security requires that a certificate common name be verified. The Connect:Direct Secure Plus server searches the certificate file it receives from the trading partner and looks for a matching certificate common name. If the server cannot find the certificate common name, communication fails.
Connect:Direct Secure Plus includes the following encryption algorithms:
- Symmetric—AES, DES, 3DES, RC4
- FIPS—Leverages Crypto-C, which is IBM's
FIPS 140-2 validated security module on the UNIX, Microsoft Windows, and z/OS® platforms and leverages the IBM eServer™ cryptographic coprocessor
on the mainframe. The following FIPS-validated algorithm implementations
are supported in Connect:Direct Secure Plus:
- DES, FIPS 46-3, NIST Certificate #160
- 3DES, FIPS 46-3, NIST Certificate #100
- SHA-1, FIPS 180-1, NIST Certificate #89
- AES, FIPS 197, NIST Certificate #5
- DSA, FIPS 186-2, NIST Certificate #70
FIPS compliance can be achieved with IBM Connect:Direct only by installing Connect:Direct Secure Plus and enabling FIPS mode on the supported platforms.