Cryptography is the science of keeping messages private. A cryptographic system uses encryption keys between two trusted communication partners. These keys encrypt and decrypt information so that the information is known only to those who have the keys.
There are two kinds of cryptographic systems: symmetric-key and asymmetric-key. Symmetric-key (or secret-key) systems use the same secret key to encrypt and decrypt a message. Asymmetric-key (or public-key) systems use one key (public) to encrypt a message and a different key (private) to decrypt it. Symmetric-key systems are simpler and faster, but two parties must somehow exchange the key in a secure way because if the secret key is discovered by outside parties, security is compromised. Asymmetric-key systems, commonly known as public-key systems, avoid this problem because the public key may be freely exchanged, but the private key is never transmitted.
- Authentication verifies that the entity on the other end of a communications link is the intended recipient of a transmission.
- Non-repudiation provides undeniable proof of origin of transmitted data.
- Data integrity ensures that information is not altered during transmission.
- Data confidentiality ensures that data remains private during transmission.
Connect:Direct® Secure Plus enables you to select the security protocol to use to secure data during electronic transmission: Transport Layer Security (TLS). Depending on the security needs of your environment, you can also validate certificates using the IBM® External Authentication Server application.
Connect:Direct Secure Plus provides alternative cryptographic solutions depending upon the protocol enabled. The following table identifies the protocols available in Connect:Direct Secure Plus and the encryption algorithms available for each protocol:
|Connect:Direct Secure Plus V4.7 or later||
The SSL3.0, TLS 1.0 and TLS 1.1 protocols are deprecated and should not be used. It is recommended that trading partners using deprecated protocols migrate to TLS 1.3 or TLS 1.2.