| |
Frequently Asked QuestionsKey2IT - the Transaction Security Company! |
| Q1: What
encryption is used in Key2IT solutions? Q2: What key strength is used? Q3: If Key2IT is algorithm and keylength independent, then what is Key2IT? Q4: Are SIM and Smartcards supported? Q5: Isn't SSL sufficient? Q6: How about PKI? Q1: What encryption is used in Key2IT solutions?Currently, 3DES. Key2IT's Technology supports any symmetric key algorithm regardless of whether it is a block or stream cipher. Key2IT products are also able to operate transparently with Public Key Encryption thus facilitating the adoption of PKI digital certificates should the required PKI processes and certificate issuing systems be fully implemented. Q2: What key strength is used?Due to the preference for 3DES in the financial services sector, two-key Triple-DES is used in current products. AES, RC4, RC5, RC6, IDEA, Twofish and Blowfish are also available on demand.Q3: If Key2IT is algorithm and keylength independent, then what is Key2IT?Key2IT is a technology to identify messages or transactions and binds that identification to the message content through one or more keys that are unique to that message. Audit, Confidentiality, Data Integrity and Authentication of the Source and Recipient are the typical security services which are achieved.Q4: Are SIM and Smartcards supported?Yes. Key2IT solutions have a small footprint compared to many other products, both in terms of application size and the bandwidth, storage and processing overheads associated with PKI certificates and security keys. Around 2k-4k bytes is the expected total application size for typical SIM or Smartcard solutions using Key2IT.Q5: Isn't SSL sufficient?In many cases SSL is not sufficient as Internet services migrate into higher value and more complex business products and functions. Although WTLS (Wireless Transport Layer Security) and WEP (Wired Equivalent Privacy) are wireless equivalents of SSL, the protocols have been shown to have significant flaws that are trivial to exploit.This is one reason Key2IT products were developed - to enable new, more valuable business to occur with lower levels of risk. SSL (Secure Socket layer) and all other VPN
(Virtual Private Network) technologies form a simple encrypted "pipe"
between a browser and server. Once the data leaves the network layer, there is
no secrecy or privacy, no integrity assurance and no long term message
identifier to facilitate audit and dispute resolution at the application layer.
A number of feasible attacks against SSL also exist, mainly arising from
weaknesses in certificate issuing procedures and DNS vulnerabilities. Q6: How about PKI?PKI (Public Key Infrastructure) is a great security technology with a number of useful features. Unfortunately, PKI is also burdened with a number of complex, exacting and expensive operational requirements which make PKI less attractive to many businesses, and unsuitable for many processes.Key2IT solutions support and facilitate PKI operations once all the necessary infrastructure and mechanisms for PKI are established, while enabling electronic business growth now using all current infrastructure and mechanisms. While PKI can enable authentication, achieving confidentiality or privacy often requires a second PKI layer, with the attendant overheads of issuing, processing, bandwidth and management. This is another example of the complexity and cost of PKI today. If you would like more information, or would like to provide feedback, please contact us. |
Last updated 30 March, 2004 © Key2IT Pty Ltd. ACN 091 031 462