7/29/2019 Essential Guide EDI Security PDF

1/7

The essenTial Guide To

NAHID JILOVEC APRIL 2007

I

The essenTial Guide To

NAHID JILOVEC APRIL 2007

nformation security is not only a business

q, , g d

wh v p p. y kp

h s s , p ,

dvd d , d p d

hzd d . y gh

g h wh h w gz

d w dg p p wh -

.

b d hg (eDi) d h --

xpd pv

p, p gh h d p

wh gv d gv d, w

d v d. th -kw gv-

d g d h Hh i P

d a a (HiPaa), s-ox (soX), d

Gh-lh-b. bh h w d g d

k d .

Authenticationah (.., g) vd h dd v g. y h

v h d h d h dd p

v g g dg hg, dg

dd w h d d v

p q g d h d p

, d, dp g

ah p k pv k pph.

P k h h d d p

hzd dg p ( h dv), wh p

g g h vd k. i pv k h, h

d d v hv h k, d d

h p. th gh h pv k d v

.

y h g g vd iD,

pwd, Pin. y q p

(.g., v, gp g) v d. th

h hq iD d pwd,

ddd , dg (

Dg c pg 3 ).

f eDi gg, ansi X9.9 dd

p g h d (mac). th mac

pgph dvd hh d v h hzd

d h hzd v d p h g h

d. th mac p p d, dg , x,

d v p. o d hd, hd

hgd w.

Nonrepudiationnpd p pp , d q dg g. a

dg g v d hdw g

w . i dd g hd

- g h pvd vd

pp d h p d g d h

h hv d.

Dg g public key cryptography, whh

gh wh w d k. o k dg g

(.., d g g ) d

I

7/29/2019 Essential Guide EDI Security PDF

2/7

Order errors impacting your bottom line?

Ten percent of inventory shortages, lost profit and

slower revenue realization is caused by incorrect orders.

Inovis can help. We standardize document formats and

synchronize product data for streamlined informationflow across the order-to-payment lifecycle.

Let Inovis start helping you today.

Download our white paper Achieving the Perfect Order

at www.inovis.com/perfectorder.

Get TrustedLink System i today, the leader in System i data translation.

System i NewsApex Award,

Editors Choice, 2002 and 2004

Midrange SystemsBuyers

Choice Award, 5-time winner

Midrange ComputingTechnology

Excellence Award, 4-time winner

Let us show how we can help at booth #211 at COMMON, April 29May 1 in Anaheim, CA.

To jump-start the process, call us today at +1 877.4INOVIS (+ 1 877.446.6847) option 4, or visit us on the web at www.inovis.com/systemi.

Bring order to your orders.

You can with Inovis.

7/29/2019 Essential Guide EDI Security PDF

3/7

The essenTial Guide To edi seCuRiTY

v dg g (.., h g

g ). th w p k h pv k,

kw h g d d h dg g,

d h p k, d vg p v h dg

g. i h p d v h g

dg g, d h p k h.

ahgh h k h p h d, h

h dgd d pd ,

dv h pv k kwdg h p k.th, hgh pp gh kw h p k

gv g d v h g g, h

d h g pv k d g

dg g.

Authorizationo hd, p hz

hkg. th p hk gh d p

h dvd. s hv d- gh, d h

p d g.

y hk hz j h

p p, , d pg. i h

i p, h dg h pph d p h --

. th dg h p k

p h p h d h .

th p wh p h p k dp h

dg v h d d h v h

hz h . th k p

p h d h g xhgd, h pvdg

p h h d p.

ahz d gg

whh ph d

hzd . y ph

(.g., dg, g ) wh ph k, dg,

h h gpg. y

d wh - -d , ppg

, d, pp.

Encryptionep h hk g d, h d

g. y p X12 g wh ansi X9.23.

Hwv, p d d d d

g w d d v. i

p wh h d

, gh g dd d h dpd g

gh g.

ep d d g k v d h d v h h g

d. y h k.

s k h p d dp h d, -

k pvd hgh dg p d p.

Wh k, dp h d g h

k h d p . th p k -

(PKi) k . PKi

k p pv k d p k. th p k

v wh p h

d h p. th pp h h

p k p d h p.

th p dp h d wh pv k, h p-

vdg d xhg .

m p gh v. b h

gh d h dg d vg d,

p p v h p wh

h dg p.

Message Transportationy h w w pph g

v h i: e h g w

(x ) d h wh h g

(ddd ).

External security.D g d

- pk h i d h pd

pd. m w pkg -

pd kd -d kwdg h

whh d w vd d

DIGITAL CERTIFICATESA digital certificate is a digitally signed certificate of identity issued by a certification authority. The certification authority is a neutral party

that provides independent confirmation of the attributes of the users digital signature. To associate a key pair with a prospective signer,

a certification authority issues a certificate and an electronic record that lists a public key of the certificate, and confirms that the pro-

spective signer identified in the certificate holds the corresponding private key. The prospective signer is referred to as the subscriber.

A certificates function is to bind a key pair with a specific subscriber. A recipient of a certificate can use the public key in the certificate

to verify that the digital signature was created with the corresponding private key. If so, you know that the subscriber named in thecertificate holds the corresponding private key and created the digital signature.

The International Telecommunications Union (ITU) defines digital X.509 certificates. A digital certificate contains company information

such as name, serial number, expiration date, public keys, and the issuing authoritys signature.

The information contained within a certificate might vary, but the key is the integrity of the issuing authoritys signature. You should

manage certificate information with AS1 or AS2 software to simplify the management of trading partner information.

Certificates eventually expire. As certificates expire, it is important to communicate and manage expirations and renewals with trading

partners to ensure that EDI transactions continue flowing without interruption of service. If at any point an integrity question or concern

arises with a particular certificate, the issuing authority has the ability to revoke it.

N.J.

7/29/2019 Essential Guide EDI Security PDF

4/7

Order errors impacting your bottom line?

Ten percent of inventory shortages, lost profit and

slower revenue realization is caused by incorrect orders.

Inovis can help. We standardize document formats and

synchronize product data for streamlined informationflow across the order-to-payment lifecycle.

Let Inovis start helping you today.

Download our white paper Achieving the Perfect Order

at www.inovis.com/perfectorder.

Get TrustedLink System i today, the leader in System i data translation.

System i NewsApex Award,

Editors Choice, 2002 and 2004

Midrange SystemsBuyers

Choice Award, 5-time winner

Midrange ComputingTechnology

Excellence Award, 4-time winner

Let us show how we can help at booth #211 at COMMON, April 29May 1 in Anaheim, CA.

To jump-start the process, call us today at +1 877.4INOVIS (+ 1 877.446.6847) option 4, or visit us on the web at www.inovis.com/systemi.

Bring order to your orders.

You can with Inovis.

7/29/2019 Essential Guide EDI Security PDF

5/7

The essenTial Guide To edi seCuRiTY

h g h d. eDi

h v h i gd dd x

pp.

Embedded security. s vd w h

d h wh h g

. y p eDi h w wh h X12.58

dd. Wh ddd , h, p,

d h . td, as1 d as2 dd

h v h eDi- d Xml-d .

Intrusion Detectioni d kp hzd g

p . a wh , d

pp ph d ,

p . f , p-

g p w h hd

wdg d.

fw gh w p h

wk , x, h

g d vd iD,

pwd, iP dd, d .

fw hg phd, d dd h

h h

g g. fw p

wk .

th pp p w

iP pk. th

pk h v hgh

h w d h g d

d g .

y h d h p

p d, h dd d

h g, whh h iP dd

kw h .y w ggg .

th g wk d. i d d

d , h v d , h

d , d h z . th h

w w.

s gz p v h dd-

d ph w w h p i d

wk. th p wk d

g h d d g p.

m gz p px v. a h p

h w px v, d wh p

h , h h d hgh h px

v. Pxg h dvg g d kg

d h wk (.g., d d ,

iP dd, z).

Audit Loggingad ggg h k

d d v h gd, dd,

dd. ad ggg p p

d gd k

dg eDi d pp dg,

whh h

d hzd

dd

dd

pp vd

pd h pp

zd

d

p

EDI Then and Nows ph p d

p p p. b dd h i h x, d

hv px d k v

g. eDi w j k

h dv h i.

i , eDi w -d-wd

xhg d

dd . th j d -

p eDi dd

d v pv wk

d v-ddd wk (Van).Pv wk w

dg wh hd

g h h d d d

d g h. s dg

p d Van. Van w

d p,

h pvdd v h

w (.g., -

g, hvg).

Hwv, v eDi

pd. Van v

p, g eDi k -

p v. th w, , w h i, whh d h ddd d d

p. b , h, d pd hd

ddd w pg h g g h

p i.

EDI-INTW eDi qk zd h h i dd hv h

d d h Van dd, dd

h h v-ddd v, h hvg

d x g. rgd, gz wd

d w h i eDi xhg v

d pd p p -v d.

ag eDi v h i (eDi-int). eDi-int

h p: as1, as2, d as3.

AS1.th eDi-int p, app s 1 (as1),

p eDi d g s mpp

i m ex (s/mime) p v sp m

t P (smtP). th p eDi

d wppd - d wk h

h d. b w, p w x,

as1 g dd.

AS2. as2 HttP h p p--p

h w p d

7/29/2019 Essential Guide EDI Security PDF

6/7

The essenTial Guide To edi seCuRiTY

p d w h p. as2

pvd p hgh dg d

v HttP HttPs. t as2, hv

p d h i 24 h d, v

d wk, wh h w dj.

AS3. as3 h p eDi g v ftP

g h /v. as3 p v

s/mime d v ftP g /

v d. b ftP d-p d d v , d hv

d h i 24/7.

EDI Transaction Integrityo gv d, v p d wh h

k g h

p d pd d h d wh

kp d d hvd. t

d d, h

pv hzd d -

gd h g (dg

eDi ).

eDi pvd gdg h d pp qv . c

h d g v v wh

eDi , dg pp w, g w,

w, d /Van w (fg 1).

Application Softwareiv, g x d wh

pp, h pp hg dg

p q d. Hwv, hd z

hg pp d g.

uq dg p q hdd

- , x pg , wh h

g w .a hg h w hd w dd

hp h h w dd h g

w. f xp, pp w dd

d hd d dg ph d, h

pdg g w dd p

h . appg hp pv

d g wh h pp w .

Integration Softwareig w p pp p k

d. b g w -

dvpd, d p eDi q h

kp d h pp w . K d h hd g wh h w d h

d (.g., ph d ), h d

h g , d h dg p iD

. ag, h p wh h z

dg-pp q.

Translation Softwareo h k gg eDi g

wh h w. s

dd h dd; h p. b-

h vp (isa/iea, Gs/Ge, st/se). c d

hh h ctt, se, d Ge g. D d -

pg h vp k x g, d

kwdg pvd vd p.

th hg hd d (isa/iea g)

d q . y w

k d p g, dp, --q

. i h h isa d iea

g d h, d hk h p h . th g

(iea) p h gp

h v h

p d d vd . eh

pd wh d d

.

th gp hd d (Gs/

Ge g) d h q

h h. th (Ge)

d p h

h

gp, pvdg p

p. f xp, h dd h, wd kw h h ph d h

d w g.

th hd d (st/se g)

pvd ddd vd p wh h q

h h. th g (se)

h h g

(dg h st d se g).

th hh h ctt

g. th ctt w h h

d hh p -

. th h .

th d h hh d h

(.g., ph d) h . th h h d.

Functional Acknowledgmentsy h kwdg (fa) kwdg

p d g eDi d. ahgh h

d kwdg p h h d,

fa p p kwdg h hp vd

p pzg . y p eDi

g fa h eDi

vd. Hwv, v p kwdg,

h fa d wh h gg g

v.

i dd kwdg p, h fa pvd

vd d dg d

g . fa d

h pd, pd wh , jd.

th v d d wh fa gz d.

Communications Softwarec w h h eDi

g. i d k h i,

d p w k p : h d

d , d whh h

ApplicationSoftware

IntegrationSoftware

TranslationSoftware

VAN/CommunicationsSoftware

FIGURE 1. SOFTWARE LAYERS

7/29/2019 Essential Guide EDI Security PDF

7/7

The essenTial Guide To edi seCuRiTY

dd .

i h i, d g dd d p

d p h p. th

p d d z . t

h p, p d h .

Van v g d

pg h h gh g .

Van pvd d eDi

, dg h , wk (hg) , d d h d vd h

Van, d d h d pd h v

x, d d h v pkd p h d, d

d d h eDi d w wdd h

Van isP.

Van p wd v kg

w. th d

vd d p g d

h w v vd

h

h hp d

h v h h d

h h h wk vd

kwdgd d p h hw

h w vd kwdgd

d/dg p p h pvd

d vd

h h d vd gv pd

v p pvdg h d

dg p, g

vd x

vd x h

d p h v h d

h wk pvd, g

vd h wk pd

vd h wk d pd h dg

p x

pkd p dg p

jd h wk

Van hv v d p d h kp

d . i p z wh

Van d d g p. f xp, Van

gh h w g, h gh

. i g h p d

dg p d h wh.

r h g h i, h

p gh h p . b

, h d q Van,

whh dgd p eDi g. i h

i p, k h h

d p pvd d p

eDi d Xml v, dg p p,

h, d h d .

Decrease Your Exposurea wh , eDi hd h

p hzd d d . cp h

Van eDi g p p

hgh p, h hv h ddd Van pvd.

Hwv, hv d h eDi g

d v h i p

d h. Wh h d

d g g d h p. D kwh g g d d wh v

d. sp ddg as2 w eDi

w gh. cd h h wh

it p wh d k.

Nahid Jilovecis a System iNEWS technical editor.

Nahid Jilovecis a System iNEWS technical editor.

AbouttheAuthor