YNL Logo
YSER Newsletter
Your e-Procurement Community
In This Issue
Security
Winner!
Quick Links
Join Our List
Join Our Mailing List
Issue: 4 September/2007
Dear Sacha,

The apprehension when trying something new applies as surely to security measures as it did to such newfangled devices as the fax machine, computers, and the Internet.  Our comfort level with the new device is directly proportional to how much we know about it.

Take your common door lock, for example.  It's been around for centuries and we know that it works.  When we lock a door we can immediately see that we can no longer just walk through it.  We are comfortable with this security, even if the lock is a simple one.

There are other forms of security we accept without question, the most notable being important papers and signatures.  When someone hands me a check I automatically assume that the check, like the signature, is authentic.  I'd have a hard time verifying either, even if I wanted to.

How different is it, really, with computers?
Security
Knowledge is the best security

There are two basic aspects to computer security.  The first is accessing the computer and the second is sending and receiving data.  Though we deal with both regularly, chances are that we don't really know much about the security involved in sending or receiving data.

We've all encountered, or are at least aware of, magnetic keys, pass cards, and magnetic locks.  The talk is still of locks and keys on a door, and when we pull on a locked door it won't open.  Everything seems familiar so we consider it to be just as safe and secure, though we don't really know how it works.

When you use a card to open a door, the reader reads the information on the card and this is compared with entries stored on a computer.  If it finds a match the door opens.  This card is your password.  Rather more convenient than having to remember the password and type it in every time you want to open a door, isn't it?

When viewed that way it becomes clearer that when you deal with your computer, the difference in locks and keys is largely cosmetic.  This is why a good password is so important.  Even the best lock is easy to defeat if the key is very simple.  That is the reason professionals will always tell you not to use the names of family members, pets, or birth dates as a password.

So, you've unlocked your computer with a password your neighbor won't guess.  Now you need to send some confidential information, such as a bid.  How do you do it securely?

No doubt you've heard of SSL (secure sockets layer).  SSL creates a secure link between you and the recipient, making it virtually impossible to intercept or read the data (the bid) you send.  The 128-bit security used by SSL today has never been hacked.  It is a fantastic security measure, as far as it goes.  How far does it go?  No farther than the link between you and the recipient.

Once the data arrives are the recipient's computer, the bid is only as secure as their computer.  Additionally, unless you've taken measures to encrypt your bid, the recipient could very well read it.  This places both of you at risk.  You don't want any confidential information revealed and undoubtedly the recipient doesn't want to be responsible for the safety of an unsecured document.

This is why a product like the ElectronicTender System is crucial.  The ETS contains three layers of security:
  1. Data is encrypted on your computer before it is sent.
  2. Your data is sent over an SSL connection.
  3. Bids go into a sealed "lock box".
Because your data is encrypted before it is sent it remains encrypted even after it arrives.  Thus, even if someone could somehow access your bid, they couldn't read it.

The SSL connection, as discussed, ensures that your bid arrives safely.  Although it can't provide complete security by itself, SSL remains an important part of a secure system.

The "lock box" is a unique system that prevents anyone from accessing your bid before the time for opening the bids is reached.  At that point the bids become accessible but they're still encrypted.  Only once you provide the key - the password - to unlock the bid will the recipient be able to read it.

This, ladies and gentlemen, is what we view as proper security.
Winner!
Weaver Congratulations to Alan Weaver!

Our congratulations go out to Alan Weaver, Senior Contracts Administrator with the St. Johns River Water Management District
 in Jacksonville, Florida.

Alan is the winner of the Garmin Nuvi 200 GPS system.  These portable GPS systems can be real life savers, which is why we knew it'd make a great prize for anyone.

Here's to never having to ask for directions again!
Computer security looks difficult for us to understand only because we don't concern ourselves with it on a regular basis.  The security measures the ETS uses are not new or novel concepts.  The challenge there lay in implementing them so they could be used on such a system.

The encryption could just as well be a sealed envelope or, more appropriately, a code.  The SSL connection can be likened to any secure means of transportation, such as the armored vehicles used to transport money.  The "lock box" is just that, a safe that will only open at a particular time on a particular date.

These security measures only seem arcane because new ideas were needed to make them work, and these ideas were given new names, but the principles behind them are ones we are all familiar with.

Next week I'll tackle digital certificates, which are used in the ETS.  While they are an additional security measure, they differ in that you can use them in your everday life.
 
Sincerely,
 

Sacha Hartmann
YSER Inc.
This email was sent to shar@yserinc.com, by shar@yserinc.com
YSER Inc. | Delaware Technology Park | 1 Innovation Way | Suite 301 | Newark | DE | 19711