VeriSure

VeriSure White Paper
 

Table of Contents

Full 128-bit encryption world wide
Figure 1: Enhance Your Browser to 128 Bit Security
Figure 2: Enhancing Both Browser and Server to 128 Bit Security
Proven SSL 3.0 technology
Reliable Client Authentication
Protection against Java viruses
Features
Hardware and Software Requirements
Support
Full 128-bit encryption world wide
VeriSure is a Java-based applet that is automatically loaded when your customers need to access a secure site with 128 bits encryption.

Browsers exported from the USA are crippled by 40 bit encryption because USA export regulations prevent export of 128 bit encryption. 40 bit encryption is easily broken with enough time and computing power.

VeriSure extends those browsers to 128 bits to provide highly secure encryption (currently unbreakable), regardless of whether they are in the USA.

This means you can offer your customers secure online transaction facilities such as governmental services, banking, investment and other financial services.

Enhance Your Browser to 128 Bit Security
 
 		  
ANY 128 BIT
WEB SERVER
example:
PowerWeb
128 BIT
VERISURE
JAVA APPLET
WITH
CLIENT
CERTIFICATES
 
WITH
SERVER
CERTIFICATE
PRIVATE KEYS
 
 
CLIENT Machine
 
SERVER Machine
Your Java enabled browser uses 40 bit SSL 3 to talk to the VeriSure Java applet on your client machine which converts all transmitted data to 128 bit SSL 3 encryption before transmitting it across the Internet.

Client authentication is performed through Client Certificates which can be stored on the local machine's hard drive or can be retrieved from a card reading device (such as a SmartCard) for walk-by kiosks.
 

 		 
Any 128 bit SSL 3 server can be accessed through VeriSure, or VeriSure can be restricted to specifically designated servers only by specifying the allowed server certificates.

Where a browser has been enabled by multiple VeriSure licensees, only one copy of VeriSure is loaded, each licensee distributes its own certificates independently.
Enhancing Both Browser and Server to 128 Bit Security
 
 
128 BIT
VERISURE
40 BIT
WEB
SERVER
128 BIT
VERISURE
JAVA APPLET
WITH
CLIENT
CERTIFICATES
SERVER
PASS
THROUGH
WITH
SERVER
CERTIFICATE
PRIVATE KEYS
 
 
CLIENT Machine
 
SERVER Machine
As above, the same VeriSure solution can talk 128 bit SSL 3 to servers which only handle 40 bit SSL 3 or no encryption at all, preserving 128 bit security across the Internet, using the companion VeriSure server pass-through software.  
The VeriSure pass-through server accepts 128 bit SSL 3 connections and converts them to: 40 bit SSL for use with 40 bit servers,
unencrypted data for non-SSL servers.

Client Authentication is performed through verifying Client Certificates and relaying them to the 40 bit server.
 

Proven SSL 3.0 technology
VeriSure uses proven SSL 3.0 technology which provides authentication of servers and implements encrypted message digests on every packet to ensure data integrity against tampering, as well as 128 bit encryption for privacy and unlimited bits RSA encryption for authentication.

VeriSure does not use SSL 2.0 which has several well known flaws, especially regarding message digests.

The message digest authenticates the message against tampering or forgery which is especially important for financial transactions. Let's say a third party intercepts a message across the network and decrypts it. The value to that third party is limited to the content of the information of that single message, because that third party cannot create new messages for two reasons: the encryption key changes with every message and every message is authenticated with a message digest which cannot be reverse computed.

Reliable Client Authentication
VeriSure ensures clients are authenticated through the use of Client Certificates. If your server is unable to process client certificates, you can use the companion VeriSure pass-through server product which will verify the certificates on your server's behalf.

VeriSure loads certificates in x509 version 3 format and private keys in PKCS#8 format. If the certificates are stored locally on the hard drive, they should be placed in the "VeriSure" sub-directory of the Java home directory.

Protection against Java viruses
Each VeriSure is protected by only allowing connections to specified sites. This protection is built into VeriSure by way of public key cryptography which means that other malicious applets or viruses cannot manipulate this information.

VeriSure also performs SSL 3.0 authentication of the remote server upon every connection, thereby assuring customers of the true identity of the server they are connecting to.

Features
VeriSure is built upon industry standards which means that you don't need custom server solutions. Being built upon standard Java 1.02 or later, it runs on any customer machine that has a web browser that supports Java, regardless of operating system.

The VeriSure classes are available for licensing for third party application development.

VeriSure does not require your browser settings to be changed to specify a secure proxy server, instead it uses JavaScript within the initial HTML page to initiate the startup of the VeriSure Java applet.

Hardware and Software Requirements
VeriSure is available for any platform that supports Java and has a Java-enabled web browser, including: AIX, Solaris, Windows NT, Windows 95, OS/2, MVS, OS/400.

Browsers supported:

MSIE 3.01 with the MS JavaVM level 1.5
Netscape Navigator 3.0
All Java-enabled browsers

Servers supported:

All 128 bit SSL 3 servers, including PowerWeb.
All 40 bit SSL 3 servers, with the companion VeriSure server pass-through.
All non-secure servers, with the companion VeriSure server pass-through.

Support
CompuSource provides support to licensees of VeriSure, who in turn support their own customers.
Copyright © CompuSource
All rights reserved.
[email protected]