Sie sind auf Seite 1von 7

The essenTial Guide To

NAHID JILOVEC APRIL 2007


I
1
The essenTial Guide To
NAHID JILOVEC APRIL 2007
nformation security is not only a business
requirement, but in many cases, it is also a legal mandate
with severe penalties for noncompliance. you must keep
information such as social security numbers, patient information,
individual credit information, and corporate financials safe and
secure from unauthorized access and use. you must tightly control
transaction integrity both within the walls of an organization
and between trading partners particularly with e-commerce
transactions.
because electronic data interchange (eDi) and other e-com-
merce tools are expected to improve efficiencies in business
processes, its important to tighten the accuracy of data to comply
with legislative and nonlegislative mandates, as well as to boost
consumer and investor confidence. the best-known government-
enforced legislation includes the Health insurance Portability
and accountability act (HiPaa), sarbanes-oxley (soX), and
Graham-leach-bliley. both the law and nonregulatory mandates
look at a number of areas in data security.
Authentication
authentication (i.e., electronic signature) validates the sender
and receiver of a message. you use authentication to
verify the identity of the sender to the intended recipient
verify message integrity by detecting changes, including
transmission errors introduced between the sender and receiver
protect a unique message identifier that detects attempts at
insertion, deletion, or duplication of messages
authentication can use a public key or private key approach.
Public key authentication means the code is made public to
all authorized trading partners (or their devices), who must open
messages using the valid key. in private key authentication, the
sender and receiver must have the same key, and its use is restricted
to those parties. the length of the private key determines its level
of security.
you can authenticate a message by using a valid user iD,
password, or Pin. you can also use unique personal features
(e.g., voice, fingerprint recognition) to verify identity. the most
common authentication technique is user iD and password, but
for added security, you can also use digital certificates (see
Digital certificates on page 3 for more information).
for eDi messaging, you can use ansi X9.9 standards to
compute a message authentication code (mac). the mac is a
cryptographically derived hash total used to verify the authorized
sender to the authorized receiver and protect the integrity of the
data. the mac protects all types of data, including numeric, text,
and even punctuation. once data is authenticated, it should not
be changed in any way.
Nonrepudiation
nonrepudiation is proof of participation in an electronic
transaction, and it requires an electronic or digital signature. a
digital signature serves as a traditional handwritten signature
for web transactions. it is an encoded message attached to
an e-business message or transaction that provides evidence
of participation and confirms the point of data origin and that
the contents have not been altered.
Digital signatures use public key cryptography, which uses an
algorithm with two related keys. one key creates a digital signature
(i.e., transforms data into a seemingly unintelligible form) and
I
Order errors impacting your bottom line?
Ten percent of inventory shortages, lost profit and
slower revenue realization is caused by incorrect orders.
Inovis can help. We standardize document formats and
synchronize product data for streamlined information
flow across the order-to-payment lifecycle.
Let Inovis start helping you today.
Download our white paper Achieving the Perfect Order
at www.inovis.com/perfectorder.
Get TrustedLink

System i today, the leader in System i data translation.


System i News Apex Award,
Editors Choice, 2002 and 2004
Midrange Systems Buyers
Choice Award, 5-time winner
Midrange Computing Technology
Excellence Award, 4-time winner
Let us show how we can help at booth #211 at COMMON, April 29May 1 in Anaheim, CA.
To jump-start the process, call us today at +1 877.4INOVIS (+ 1 877.446.6847) option 4, or visit us on the web at www.inovis.com/systemi.
Bring order to your orders.
You can with Inovis.
2
The essenTial Guide To edi seCuRiTY
3
one verifies a digital signature (i.e., returns the message to its
original form). the two complementary keys are the private key,
known only to the signer and used to create the digital signature,
and the public key, used by a receiving party to verify the digital
signature. if more than one party needs to verify the signers
digital signatures, you must distribute the public key to all of them.
although the keys of the pair are mathematically related, if the
system has been designed and implemented correctly, it is infeasible
to derive the private key from knowledge of the public key.
therefore, although many people might know the public key of
a given signer and use it to verify that signers signatures, they
cannot determine the signers private key and use it to forge
digital signatures.
Authorization
once a user is authenticated, you must perform authorization
checking. this process checks access rights and permissions for
each individual. some users have read-only rights, and others
can perform modifications to a message.
you must check authorization control not just for the user
but also for specific processes, systems, and programs. in the
internet space, the digital certificate is the most popular
authentication and encryption mechanism for business-to-
business transactions. the digital certificate uses the public key
encryption mechanism to encrypt the identity of the business.
the business partner who possesses the public key decrypts the
digital certificate to reveal the identity and then verifies the
authorization of this certificate. the same key pair can also
encrypt the data that is being exchanged, thus providing a more
complete solution for both authentication and encryption.
authorization includes access control for managing access
to resources which may be physical locations or data by
authorized users. you can control access to physical resources
(e.g., buildings, storage areas) with physical locks, badges, or
other electronic means such as fingerprinting. you can control
access to data with user- or role-based rules, or by applying rules
for file, database, or applications.
Encryption
encryption ensures that if hackers gain access to data, they find
it unintelligible. you can encrypt X12 messages with ansi X9.23.
However, encryption doesnt detect accidental or deliberate
alteration of messages between sender and receiver. if you use
encryption without authentication and a transmission error
occurs, it might go undetected and the decrypted message
might be unintelligible.
encryption of data is based on using a key value to translate
data to a form that does not reveal the contents of the original
data. you can use either symmetric or asymmetric keys.
symmetric keys both encrypt and decrypt the data, but asym-
metric keys provide a higher degree of protection and encryption.
With asymmetric keys, you cannot decrypt the data using the
same key that you used to encrypt it. the public key infra-
structure (PKi) uses asymmetric key combinations. PKi uses a
key pair one private key and one public key. the public key
is available to members of a user list who probably transmit the
data to the main party. the participants on the user list use the
public key to encrypt data for transmission to the main party.
the main party decrypts this data with a private key, thus pro-
viding confidential exchange of information.
many encryption algorithms are available. because the same
algorithm must be used on the sending and receiving sides, most
companies implement several of them to enable encryption with
all their trading partners.
Message Transportation
you can choose between two approaches for securing transactions
sent over the internet: enclose the message in security software
(external security) or embed the security within the message
(embedded security).
External security. Documents or messages are treated as
e-mail packets on the internet and are therefore unprotected
unless encrypted. many security software packages offer non-
repudiation a kind of self-contained acknowledgment that
lets you ascertain whether data was sent or received and certifies
DIGITAL CERTIFICATES
A digital certificate is a digitally signed certificate of identity issued by a certification authority. The certification authority is a neutral party
that provides independent confirmation of the attributes of the users digital signature. To associate a key pair with a prospective signer,
a certification authority issues a certificate and an electronic record that lists a public key of the certificate, and confirms that the pro-
spective signer identified in the certificate holds the corresponding private key. The prospective signer is referred to as the subscriber.
A certificates function is to bind a key pair with a specific subscriber. A recipient of a certificate can use the public key in the certificate
to verify that the digital signature was created with the corresponding private key. If so, you know that the subscriber named in the
certificate holds the corresponding private key and created the digital signature.
The International Telecommunications Union (ITU) defines digital X.509 certificates. A digital certificate contains company information
such as name, serial number, expiration date, public keys, and the issuing authoritys signature.
The information contained within a certificate might vary, but the key is the integrity of the issuing authoritys signature. You should
manage certificate information with AS1 or AS2 software to simplify the management of trading partner information.
Certificates eventually expire. As certificates expire, it is important to communicate and manage expirations and renewals with trading
partners to ensure that EDI transactions continue flowing without interruption of service. If at any point an integrity question or concern
arises with a particular certificate, the issuing authority has the ability to revoke it.
N. J.
Order errors impacting your bottom line?
Ten percent of inventory shortages, lost profit and
slower revenue realization is caused by incorrect orders.
Inovis can help. We standardize document formats and
synchronize product data for streamlined information
flow across the order-to-payment lifecycle.
Let Inovis start helping you today.
Download our white paper Achieving the Perfect Order
at www.inovis.com/perfectorder.
Get TrustedLink

System i today, the leader in System i data translation.


System i News Apex Award,
Editors Choice, 2002 and 2004
Midrange Systems Buyers
Choice Award, 5-time winner
Midrange Computing Technology
Excellence Award, 4-time winner
Let us show how we can help at booth #211 at COMMON, April 29May 1 in Anaheim, CA.
To jump-start the process, call us today at +1 877.4INOVIS (+ 1 877.446.6847) option 4, or visit us on the web at www.inovis.com/systemi.
Bring order to your orders.
You can with Inovis.
4
The essenTial Guide To edi seCuRiTY
5
that a message comes from an authentic sender. eDi transactions
that must travel the internet are good candidates for external
security applications.
Embedded security. some vendors offer security software that
embeds the security function within the message or transaction
itself. you can protect eDi transactions this way with the X12.58
standard. With embedded security, you can authenticate, encrypt,
or do both simultaneously. today, as1 and as2 standards offer
this level of security for both eDi- and Xml-based transactions.
Intrusion Detection
intrusion detection keeps unauthorized sources from accessing
a companys resources. as with access control, intrusion detection
can apply to physical access to facilities and resources, but it
often implies electronic access. for electronic access, imple-
menting one or multiple firewalls is the common method
for warding off intruders.
firewalls might allow open access to the
network internally, but externally, they
grant access based on a valid user iD,
password, iP address, or domain name.
firewall technology is sophisticated,
but it does not address other security
issues such as user authentication or
message integrity. firewalls simply
monitor network traffic.
the most popular type of firewall
screens iP packets. the router filters
information packets that travel through
the firewall and either grants or denies
access based on your screening rules.
you can filter the traffic based on the type
of protocol used, the intended destination of
the message, or whether or not the iP address is
known to the router.
you can also use a firewall as a basic traffic logging system.
this system logs all network traffic for later audit. it records date
and time information, the name of every accessed file, the users
domain name, and the size of transmissions. this function of the
firewall system also collects statistical information about a website.
some organizations use a basic computer or server that is dedi-
cated to act as a physical wall between the public internet and
internal networks. the computer monitors network traffic and
logs both successful and failed login attempts.
many organizations also set up proxy servers. a host computer
runs the software for proxy services, and when a user attempts
to connect to another user, he or she must do so through the proxy
server. Proxying offers the advantage of creating and tracking
audit information about the network traffic (e.g., date and time,
client iP addresses, file sizes).
Audit Logging
audit logging is necessary to retain both key user information
and an audit of every transaction that is generated, modified,
or deleted. audit logging is particularly important because an
auditor is obligated to make sure all business transactions
including eDi abide by nine basic principles of auditing,
which state that transactions must be
real and authorized
recorded
recorded timely
properly valued
posted to the proper accounts
summarized
classified correctly
complete
accurate
EDI Then and Now
security of physical premises and electronic resources is usually
top priority for companies. but add the internet to the mix, and
you have a more complex and risky business environment to
manage. eDi transactions were less subject to security risks
before the advent of the internet.
in its earlier years, eDi was a store-and-forward
tool for exchange of business documents in a
standard form. the major modes of trans-
portation for eDi transactions included
direct connection via private networks
and value-added networks (Vans).
Private networks were useful only for
trading transactions with a handful of
large hubs that could afford to build
and manage them. smaller trading
partners used Vans. Vans were not
only a secure mode of transportation,
but they provided value in many other
areas as well (e.g., transaction monitor-
ing, archiving).
However, transaction volumes rose as eDi
proliferated. Van invoices became intolerable for
many companies, forcing eDi users to seek less-
pricey alternatives. the answer, of course, was the free
internet, which offered the added desirable feature of immediacy
of receipt. but security, authentication, and nonrepudiation had
to be addressed to allow safe passage of the messages using the
public internet.
EDI-INT
Wise eDi users quickly realized that the internet didnt have the
same security and audit features as their Vans did, nor did it
offer many of the other value-added services, such as archiving
and mailbox management. regardless, organizations wanted to
find a way to use the internet for eDi exchange to save money
and to speed up transportation for time-sensitive documents.
along came eDi over the internet (eDi-int). eDi-int uses
three protocols: as1, as2, and as3.
AS1. the first eDi-int protocol, applicability statement 1 (as1),
lets you transport eDi documents using secure multipurpose
internet mail extensions (s/mime) encryption via simple mail
transfer Protocol (smtP). this protocol is basically an eDi
document wrapped in an e-mail and works asynchronously or
in batch mode. because newer, more secure protocols now exist,
use of as1 is no longer recommended.
AS2. as2 uses HttP synchronous protocol or peer-to-peer
in realtime to instruct the software at one company to send
The essenTial Guide To edi seCuRiTY
6
any type of document to software at another company. as2
provides encryption through digital certificates and a secure
connection over HttP or HttPs. to use as2, you must have
a computer connected to the internet 24 hours a day, seven
days a week, with the necessary firewall adjustments.
AS3. as3 is the protocol for eDi message transfer via ftP
using synchronous client/server. as3 uses encryption via
s/mime and a secure connection via ftP using a client/
server model. because ftP uses a dial-up connection to
initiate send and receive actions, you dont have to be
connected to the internet 24/7.
EDI Transaction Integrity
on any given day, every company is faced with the
task of ensuring that business transactions are
complete and uncorrupted and that data within
transactions is kept isolated and archived. to
ensure data confidentiality, you must both
prevent unauthorized access to and safe-
guard the content of messages (including
eDi transactions).
eDi systems can provide a greater
degree of accuracy than traditional paper equivalents can. controls
that offer data integrity are available at several layers within an
eDi solution, including application software, integration software,
translation software, and communications/Van software (figure 1).
Application Software
inevitably, anytime you integrate external data with internal
applications, those applications must change to fit a trading
partners unique needs. However, you should try to minimize
changes to internal applications to increase data integrity.
unique trading partner requirements are better handled in
cross-reference tables, in external program calls, or within the
integration software layer.
all changes to the software should be well documented to
help ensure that they will also be considered for the integration
software. for example, if your application software is modified
to include enhanced or different editing of purchase orders, the
corresponding integration software must be modified to perform
the same function. applying consistent rules helps to improve
data integrity within the application software layer.
Integration Software
integration software offers a perfect opportunity to capture key
control data. because integration software is often custom-
developed, it can accommodate special eDi requirements that
you can keep outside the application software area. Key control
data that you should log within this software layer includes the
document trace number (e.g., purchase order number), the record
count of the integration file, and the trading partner internal iD
number. again, the best practice within this layer is to minimize
trading-partnerspecific requirements.
Translation Software
one of the key areas for managing eDi transaction integrity is
within the translation software. some controls are built in or
mandated by the standards; others are optional. built-in controls
are at the envelope layers (isa/iea, Gs/Ge, st/se). counts and
hash totals are in the ctt, se, and Ge segments. Date and time-
stamping at the envelope layers track exact timing, and functional
acknowledgments provide evidence of transaction completeness.
the interchange control header and trailer (isa/iea segments)
include a sequential control number. your translation software
can track and report missing, duplicate, or out-of-sequence
control numbers. if the control numbers in the isa and iea
segments dont match, you need to check the completeness
or accuracy of the transaction set. the trailer segment
(iea) captures the total number of functional groups
in the transmission so you can verify that transactions
are complete and sent and received in full. each
transaction set is stamped with date and time
information.
the functional group header and trailer (Gs/
Ge segments) include another sequential control
number that must match. the trailer (Ge)
automatically calculates and captures the
total number of transaction sets in the
functional group, providing proof of
completeness. for example, if this number did not match, you
would know that one of the purchase orders sent in a batch of
orders was missing.
the transaction set header and trailer (st/se segments)
provide added evidence of completeness with another sequential
control number that must match. the trailer segment (se) of
the transaction maintains a count of the total number of segments
(including the st and se segments).
the transaction set can also calculate hash totals in the ctt
segment. the ctt allows the transmission of the total number
of line items and a hash total for a specific element in a trans-
action set. the first element is the total number of line items.
the second element is the hash total for a field of another element
(e.g., total purchase dollars) in the transaction set. this calculation
confirms the accuracy of the order.
Functional Acknowledgments
you use the functional acknowledgements (fa) to acknowledge
receipt and timing of eDi business documents. although they
do not acknowledge receipt of the contents of the documents,
fas are simple receipt acknowledgments that can help avoid
potentially paralyzing results. you can set up eDi translators
to automatically generate fas each time an eDi transaction is
received. However, to be effective at receipt acknowledgment,
the fa must be reconciled with the outgoing or incoming
transmission it verifies.
in addition to acknowledgment of receipt, the fa can provide
evidence of data inaccuracy by identifying names and locations
of erroneous segments or elements. fas can also identify
transaction sets that are accepted, accepted with errors, or rejected.
the level of detail used within fas is an organizational decision.
Communications Software
communications software is another area that can ensure eDi
transaction integrity. if you use a direct link or the internet, you
need to capture at least two key pieces of information: the date
and time of transmission, and whether the communications
Application
Software
Integration
Software
Translation
Software
VAN/Communications
Software
FIGURE 1. SOFTWARE LAYERS
The essenTial Guide To edi seCuRiTY
7
session concluded successfully.
if you use the internet, you do not get a detailed audit report
by default you must set up this capability. there is usually no
confirmation of receipt or date and time zone consistency. to ensure
these capabilities, encryption and authentication are a must.
Vans offer a variety of transaction integrity features and
reporting that can further strengthen your monitoring ability.
Vans usually provide a multitude of information about eDi
transmissions, including batch number, network (interchange)
control number, date and time the document is received by the
Van, date and time the document is placed in the receivers
mailbox, date and time the receiver picked up the document, and
date and time the eDi document was forwarded to another
Van or isP.
Van control reports offer a wide variety of useful tracking
information as well. this information includes
unretrieved documents a report listing documents you sent
that were never retrieved
monthly statistics
an entry for each communication session to help identify
transmission failures
the ability to verify that the number of records you sent is
the same as the number the network received
unacknowledged documents a report that shows a list of all
transactions that were sent or received but not acknowledged
document/trading partner summary a report that provides
a summary of
transactions sent and received
the number of characters sent and received in a given period
receiver status a report providing the status of documents
sent to you by trading partners, listing
unretrieved transactions in your mailbox
retrieved transactions
transactions in your mailbox that contain errors
sender status a report that reveals the status of documents
you sent to the network provider, listing transactions
received by the network but not processed
received by the network and placed in the trading
partners mailbox
picked up by your trading partners
rejected by the network
Vans have various data retention policies for data they keep
online and offline. its important to familiarize yourself with your
Vans data security and integrity policies. for example, Vans
might use their own resources for offline storage, or they might
outsource it. it is your obligation to ensure they protect your and
your trading partners data in the manner you are comfortable with.
remember that if you are using the internet, some of these
capabilities might be inherent as a part of your system. but in
reality, most of these features and functions are unique to Vans,
which are designed to transport eDi messages. if you use the
internet for transport, make sure you establish the necessary
systems and processes to provide similar audit capabilities on
your eDi and Xml activity, including receipt encryption,
authentication, and other forms of audit routines.
Decrease Your Exposure
as with any electronic transmission, eDi transactions hold the
possibility for unauthorized data use and access. companies that
continue to use Vans for eDi message transportation may pay
a higher price, but they have the added security Vans provide.
However, you can have confidence in the safety of eDi messages
transmitted via the internet if you use solutions for encryption
and authentication. What you must remember is that data security
and integrity goes far beyond the transportation. Data is at risk
while at rest in storage on magnetic media and within a live
database. simply adding as2 software to your arsenal of eDi
software is not enough. consider the other areas within your
it resource pool where data is at risk.
Nahid Jilovec is a System iNEWS technical editor.
Nahid Jilovec
is a System iNEWS technical editor.
About the Author