User's Manual

6.4 SSL operation

The components or properties characterizing a system for secure information exchange based on cryptography are data

confidentiality, client / server authentication and information integrity.

Confidentiality means that the exchanged information is not understood by anybody outside the people involved in the

transaction.

Integrity means that particular function which enables guaranteeing that personal data is original, that is, it has not been

modified in any way by the version sent by the sender. It is to be noticed that integrity can be combined with

confidentiality but also it may not; if information is not confidential it can be transmitted in plain text mode but the

main thing is that it must be possible to check that it corresponds to the original message exactly.

Client secure authentication means the possibility to check and control for certain that the client is what it declares to be

and therefore its authenticity.

Server secure authentication means the possibility for the client to verify for certain that the interlocutor server is

actually what it declares to be and not, for instance, another server simulating the requested server.

Using WebIdentity provides secure client authentication and confidentiality. To guarantee also the other two security

components, one possible standard-based solution is using SSL (Secure Sockets Layer) which manages secure server

authentication, integrity and confidentiality. Therefore the two solutions can be considered complementary and in a

position to provide an ideal solution for confidentiality, secure client authentication, secure server authentication and

integrity.

Two possible operating solutions with SSL are displayed in the following table:

Confidentiality

Client Authentication

Server Authentication

Integrity

Webidentity SSL Webidentity SSL

Combination 1

Combination 2

In the first combination WedIdentity is used for client strong authentication and SSL for confidentiality, server strong

authentication and integrity. In point of fact the whole SSL potential is used with the addition of client authentication

which SSL

does not provide; in such a combination, development and integration time is reduced to a minimum, as the

modifications to bring about are limited to the management of authentication whilst confidentiality is provided by SSL

in a transparent mode.

In the second combination WebIdentity is entrusted with data confidentiality and client strong authentication whilst SSL

is to provide server strong authentication and integrity. In this case WebIdentity cryptography function is used for

encrypting single critical items of information, as distinct from SSL which encrypts everything or nothing. It is also to

be considered that WebIdentity encryption enables keeping the information secure even when this is stored in the

browser cache or stored locally: indeed, for displaying the pages that have been stored locally in encrypted format it is

necessary to insert the token, on the contrary case their content would be unreadable as far as the WebIdentity encrypted

SSL version 2