Chapter 9: Using TLS and FIPS in EAServer
The National Institute of Standards and Technology (NIST) develops standards and guidelines for such things as security and interoperability for federal computer systems. These guidelines are called the Federal Information Processing Standards (FIPS).
EAServer uses a cryptographic module to perform encryption and decryption, signing and verification, computing a checksum (or MAC) of data, and protecting security-sensitive data. These operations are invoked by the Transport Layer Security (TLS) runtime, a software implementation of a PKCS #11 interface, and key management utility routines.
EAServer utilizes a FIPS 140-2-certified cryptographic module provided by Certicom Cryptographic libraries.
For more information, see these Web sites:
– describes the FIPS standards, contains related documents and specifications, and answers commonly asked questions.
– describes the FIPS 140-2 certified cryptographic module that is integrated into EAServer.
– contains a list of certificates issued by NIST, including a copy of the Certicom certificate.
TLS is a protocol based on Secure Sockets Layer (SSL) that is used to establish secure connections between a client and server. TLS can authenticate both the client and the server, and create an encrypted connection between the two.
The TLS protocol addresses some of the security concerns of SSL v3. FIPS requires TLS for use with a FIPS cryptographic module.
See RFC 2246 for a complete description of TLS.
|Copyright © 2005. Sybase Inc. All rights reserved.|