Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved


Chapter 8 Security : Overview

Overview
This chapter gives you a brief overview of the security methods used in TIBCO BusinessConnect. Use it only as an introduction and make sure that you understand how to protect your business data and communications by consulting other resources.
Secure Data
Confidentiality of the business data is protected using encryption, while the data integrity is protected by digest algorithms. These algorithms are utilized by digital signature algorithms to provide authentication services.
Encryption
Encryption means that plain text is converted into ciphertext to prevent any but the intended recipient from reading the data.
Encryption also achieves privacy, or concealing of information from unauthorized parties. It is based on the use of private and public keys, combined with secret key algorithms).
Public key encryption is based on the premise that anyone is permitted to encrypt a message intended for a recipient, while only the recipient can decrypt such message. The person who created the ciphertext message cannot decrypt their own message since they do not have the private key it was encrypted for: only the holder of the matching private key can decrypt the message encrypted with a specific public key.
For more details, see Encryption.
See also Digest Algorithms and Cipher Suites.
Secure Communication
Secure communication is achieved using HTTPS over SSL or SSH, where the whole communication pipe is encrypted.
Authentication
Authentication is used to assure the identity of the partner with whom you are communicating. In a communication system, authentication verifies that messages do originate from their stated source, like the signature on a paper document. Authentication is based on X.509 certificates (for more information, see Digital Certificates).
Authorization
Authorization is secured through trading partner management, where permissions are set through binding to operations.
After the sender of a message has been authenticated, TIBCO BusinessConnect determines which operations the sender is currently allowed (authorized) to perform by checking trading partner information in the repository.
TIBCO BusinessConnect uses repository information to determine how it responds to a message from the partner. In some cases, the partner may not be authorized to perform certain interactions.
To conceal information from unauthorized parties and to assure privacy of business data, TIBCO BusinessConnect uses data encryption.
Non-repudiation
This is a property achieved through cryptographic methods that prevents an individual or entity from denying having performed a particular action related to data (such as mechanisms for non-rejection or authority, that is, origin; for proof of obligation, intent, or commitment; or for proof of ownership).
For more information, see Non-Repudiation.
Non-repudiation depends on the use of digital signatures (for more information, see Digital Signatures).

Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved