aspose file tools*
The moose likes Security and the fly likes ensuring secure and trusted communication between two applications Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "ensuring secure and trusted communication between two applications" Watch "ensuring secure and trusted communication between two applications" New topic
Author

ensuring secure and trusted communication between two applications

Vikrama Sanjeeva
Ranch Hand

Joined: Sep 02, 2001
Posts: 756
Hi all,

There is an app A, providing an interface for payment processing to all those apps (B1, B2, ...) connecting to it. Means app A takes payment details as an input from B1, B2 etc and passes this input to a payment processor.

App A will publish its services via various modes (WS, JMS, Sockets etc) so that B1,B2 has multiple ways to connect app A.

I want to assure:

  • 2-Way communication between A and B1,B2 etc is secure and confidential
  • Both A and B1,B2 has assurity that they are communicating to the right partner. Means, in case, if someone forge the IP of B1,B2 then A must know that its not communicating with the right person.

  • Both A and B1,B2 etc belongs to same intranet but different network segments. Probably, A will be on separate box and behind firewall.

    Kindly advise what are the methods available to assure above two points


    Bye,
    Viki


    Count the flowers of your garden, NOT the leafs which falls away!
    Prepare IBM Exam 340 by joining http://groups.yahoo.com/group/IBM340Exam/
    Henry Wong
    author
    Sheriff

    Joined: Sep 28, 2004
    Posts: 18896
        
      40

    Vikrama Sanjeeva wrote:Hi all,

    There is an app A, providing an interface for payment processing to all those apps (B1, B2, ...) connecting to it. Means app A takes payment details as an input from B1, B2 etc and passes this input to a payment processor.

    App A will publish its services via various modes (WS, JMS, Sockets etc) so that B1,B2 has multiple ways to connect app A.

    I want to assure:

  • 2-Way communication between A and B1,B2 etc is secure and confidential
  • Both A and B1,B2 has assurity that they are communicating to the right partner. Means, in case, if someone forge the IP of B1,B2 then A must know that its not communicating with the right person.

  • Both A and B1,B2 etc belongs to same intranet but different network segments. Probably, A will be on separate box and behind firewall.

    Kindly advise what are the methods available to assure above two points


    Bye,
    Viki



    SSL will encrypt (protect the data packets from being seen by a third party) -- so that will solve the first issue. SSL also support authentication, so that will kinda help protect against "untrusted" sources. However, that probably won't guarantee that the other end is correct -- to do that you will have to use some sort of application level authentication.

    Henry


    Books: Java Threads, 3rd Edition, Jini in a Nutshell, and Java Gems (contributor)
     
    I agree. Here's the link: http://aspose.com/file-tools
     
    subject: ensuring secure and trusted communication between two applications