Menu ≡ ╳ HOME ABOUT PRODUCTS Business Solution FESA Financial FESA Financial Query FlexSystem Consolidation System FESA Fixed Asset Flex Analytics FESA Human Resources FESA Trading FlexWorkflow DocumanLink FESA Property AX Tailor-made Solution Job Cost Management System Expenses Claim Management System Facilities Booking Management System TimeSheet Management System Gift Inventory Management System ShipWatch Management System Others PRODUCTS A-Z SERVICES TECHNOLOGY Technology Overview Business Benefits Software and Systems Integration Big Data / GPU Processing Cloud Solution Communication Security Mobile Software Quality CLIENTS CAREER NEWS & EVENTS

Communication Security

COMMUNICATION SECURITY

FESA Client-Server Communication Security Model

FESA Client-Server Model uses FlexSystem’s proprietary encryption and compression technology to produce a Secure Channel. This secure channel is a way of transferring data that is resistant to overhearing and tampering.

On top of this secure channel, we provide a way to support the Open Standard secure model and to ensure the confidentially of data transferred on the network; connections can be optionally encrypted on FESA application server. Besides, it also supports server certificates, so that client devices (Windows & Web) can verify the identity of the server computer.

Secure Connections

When the option is enabled, data are transferred in a secure connection (secure channel). Before a secure connection is enabled, client sends a request for key exchange; server and client then perform a key exchange using asymmetric encryption so that the session key is delivered to each other in a secure way. The session key will then be used for the symmetric encryption; a secure connection is established.

Key Exchange

To establish a secure connection, client and server perform a handshaking process to exchange a session key. Client uses 1024-bit/2048-bit RSA algorithm to encrypt a new generated pre-master-secret, and sends it to the server; then server uses this pre-master-secret to derive the session key. A session key is cryptographically secure random, and is only valid for one session; it will be generated and exchanged for every session.

Connection Encryption

Once a session key is derived, a secure connection will be started; data transferred between server and client will be encrypted using 256-bit Advanced Encryption Standard (AES) or 192-bit Triple DES algorithm depends on the configuration of the application server.

Specifying a Symmetric Algorithm

The default symmetric algorithm for encrypting connection is AES 256-bit; it can be overridden by specifying an algorithm settings, the available options are AES and 3DES.

Server Certificate

Application server can optionally install a server certificate (X.509 certificate) to prove its identity to client computers; and a server certificate includes a public key for session key exchange.

Preparation and Applying Server Certificate

To apply a server certificate, you need to submit a Certificate Signing Request (CSR) to your Certification Authority (CA) (e.g. VeriSign, Thawte or even your own CA) to sign the certificate.

Summary

Pros & Cons on Different Security Settings

Security Settings	Pros	Cons
Proprietary Secure Channel	Fast Lightweight Proprietary Encryption Model	Non-open Standard
Secure Channel without Digital Certificate	High Secure Open Standard Model AES 256-bit or 3-DES 192-bit available	Slower than Proprietary Secure Model More Network Traffic than Proprietary Secure Model
Secure Channel with Digital Certificate	Highest Secure Open Standard Model with Cert AES 256-bit or 3-DES 192-bit available	Certificate Signing Request (CSR) to Certification Authority (CA) required