File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

ensuring secure and trusted communication between two applications

 
Vikrama Sanjeeva
Ranch Hand
Posts: 756
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,

There is an app A, providing an interface for payment processing to all those apps (B1, B2, ...) connecting to it. Means app A takes payment details as an input from B1, B2 etc and passes this input to a payment processor.

App A will publish its services via various modes (WS, JMS, Sockets etc) so that B1,B2 has multiple ways to connect app A.

I want to assure:

  • 2-Way communication between A and B1,B2 etc is secure and confidential
  • Both A and B1,B2 has assurity that they are communicating to the right partner. Means, in case, if someone forge the IP of B1,B2 then A must know that its not communicating with the right person.

  • Both A and B1,B2 etc belongs to same intranet but different network segments. Probably, A will be on separate box and behind firewall.

    Kindly advise what are the methods available to assure above two points


    Bye,
    Viki
     
    Henry Wong
    author
    Marshal
    Pie
    Posts: 20833
    75
    C++ Chrome Eclipse IDE Firefox Browser Java jQuery Linux VI Editor Windows
    • 0
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Vikrama Sanjeeva wrote:Hi all,

    There is an app A, providing an interface for payment processing to all those apps (B1, B2, ...) connecting to it. Means app A takes payment details as an input from B1, B2 etc and passes this input to a payment processor.

    App A will publish its services via various modes (WS, JMS, Sockets etc) so that B1,B2 has multiple ways to connect app A.

    I want to assure:

  • 2-Way communication between A and B1,B2 etc is secure and confidential
  • Both A and B1,B2 has assurity that they are communicating to the right partner. Means, in case, if someone forge the IP of B1,B2 then A must know that its not communicating with the right person.

  • Both A and B1,B2 etc belongs to same intranet but different network segments. Probably, A will be on separate box and behind firewall.

    Kindly advise what are the methods available to assure above two points


    Bye,
    Viki



    SSL will encrypt (protect the data packets from being seen by a third party) -- so that will solve the first issue. SSL also support authentication, so that will kinda help protect against "untrusted" sources. However, that probably won't guarantee that the other end is correct -- to do that you will have to use some sort of application level authentication.

    Henry
     
    • Post Reply
    • Bookmark Topic Watch Topic
    • New Topic