Data Integrity and Confidentiality in SAP Folder Management
Support for electronic authentication mechanisms and protection of electronic business processes is increasingly important for a variety of applications. This applies in particular to transactions handled across public data communication networks.
To ensure that data has not been modified, that the creator of the data can be uniquely identified, and that the data cannot be accessed by unauthorized parties, SAP uses two basic mechanisms -
- Digital Signatures, which is the electronic pendant to a handwritten signature
- Digital Envelopes, which support the asymmetric digital signature method.
These mechanisms are provided via the digital Secure Store and Forward (SSF) interface to external security products. SSF uses digital signatures and digital envelopes to secure digital data and documents.
A digital envelope is a security mechanism that protects a message from being viewed by anyone other than the intended recipient and is created using hybrid encryption.
Digital signatures verify the identity of a signatory, as well as the integrity of a signed data package. A digital signature cannot be falsified, so it protects the integrity of the data involved. Any changes to the data after the signature has been provided render the digital signature invalid for the modified data. The SSF interface operates using public and private digital keys, ensuring that only the intended recipient can read the data content. Digital signatures are based on public key technology.
SSF also protects SAP data and documents stored on data carriers. SAP Records Management protects data transferred across unsecured communication channels like the Internet by packing the data and documents into secure formats before they are stored on a data carrier or transferred via unsecured communication channels.
Protecting data and documents with SSF fulfills the following basic security requirements:
- Data integrity (protection against falsification)
- Confidentiality of data (protection against unauthorized reading)
- Sender authentication (protection against impersonation)
- Verification (proof of order placement)
More details on Digital Signature can be found in the link - http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/60d300a0-aa9d-2e10-aeb9-c13cf6d91f98?QuickLink=index&overridelayout=true&51891794871453