Manualshelf

HP Device Manager 4.5 - Security Mechanism

ManualsBrandsHP ManualsSoftwareHP Device Manager
12345
The crypto algorithms in SSL/TLS use an RSA-created key pair of length 512 or 1024 and an X.509-created certificate. The
symmetric cipher is AES (AES256-SHA).
Secure file server
To perform some tasks or operations, the HPDM Console, Gateway, and Agent need to access a repository, or file server, to
download/upload files to perform some tasks or operations. To protect this data, HPDM 4.4.2 or higher supports two types
of secure file servers: File Transfer Protocol over SSL (FTPS) and Secure File Transfer Protocol (SFTP). FTPS is an extension
of the commonly used File Transfer Protocol (FTP) that adds support for the Transport Layer Security (TLS) and Secure
Sockets Layer (SSL) cryptographic protocols. SFTP is a network protocol that provides file access, file transfer, and file
management over any reliable data stream. It was designed by the Internet Engineering Task Force (IETF) as an extension of
the Secure Shell protocol (SSH) 2.0 to provide secure file transfer capability.
Task verification
To protect thin clients, an HPDM Agent accepts only the tasks that pass task verification. Task verification is based on Key
Authentication. The HPDM Gateway stores the whole key list, which is synchronized from the HPDM Server. The following
procedure details how an HPDM Agent receives a task from the HPDM Gateway.
1. The HPDM Gateway connects to the HPDM Agent.
2. The HPDM Agent accepts the connection.
3. The HPDM Gateway sends an encryption request message and creates an SSL-Server instance with OpenSSL.
4. When the HPDM Agent gets the encryption request message, it creates an SSL-Client instance with OpenSSL and
connects to the SSL Server.
5. The HPDM Gateway accepts the SSL connection and sends a task request message to the HPDM Agent.
6. The HPDM Agent sends a challenge message to the HPDM Gateway when it receives the task request message.
A. A challenge message includes two parts:
i. MD5 checksum of the HPDM Agent’s current key.
ii. 128-byte randomly generated string.
7. When the HPDM Gateway receives the challenge message, it searches the MD5 hash values of the keys from the key
list. If it finds the key, it calculates the MD5 hash value of the key plus the random string and signs the result to the task
for the HPDM Agent. Then, the HPDM Gateway sends the task to the HPDM Agent.
8. When the HPDM Agent receives the task, it verifies the signature first. The HPDM Agent uses its current key and the
random string to calculate the MD5 hash value. If the MD5 hash value is not same as the task signature, it will reject the
task. Otherwise, it accepts the task and adds the task to the execution queue.
4