Santéon. Process. Technology. Content.
Santéon. Process. Technology. Content.
Site Map / Support / Contact Us
COMPANY / SOFTWARE / SOLUTIONS / TECHNOLOGIES / SERVICES / INVESTOR RELATIONS
SEARCH   

Overview
Unique Development Environment for Customization
Interoperability
Intelligent
Document
Technology
Process
Optimization Technologies
Web Services
Standards
Security

Santéon, Inc.
5285 Shawnee Road, Suite 401
Alexandria, VA 22312
Phone: 703-970-9200
Toll Free: 1-866-Santeon
info@santeon.com

© 2006 Santéon, Inc.
All Rights Reserved

                         

                         

                         

Related Materials
Santéon XIP Security White Paper

Security

Secure and reliable

Santéon XIP Business Process Management (BPM) Platform ensures secure integration and management of process within and across the extended enterprise, using the latest security technologies to face the security challenges associated with automation and data exchange.

Santéon tools and technologies integrate a security framework for message and data encryption, decryption, digital signatures and de-identification software components ensuring secure transaction processing within and across enterprises.

Santéon takes advantage of the latest standards in security including support for firewalls, symmetric and asymmetric encryption and many built-in security features in Windows operating system, databases and IIS to provide a robust and secure architecture to support mission-critical business processes.

Encryption and EDI Communication

XIP supports a wide range of encryption methods and protocols including symmetric (secret key) and asymmetric (public/private key) cryptography. XIP supports RSA algorithm for asymmetric encryption and DES, 3DES and RC2 for symmetric encryption. The encryption can be used either for external communication with trading partners (defined and modified through XIP Administration) or for internal communication between workflow components. XIP Workflow Input and Output components use encryption with standard extensions to transport protocols with support for Secure Multipurpose Mail Extensions (S/MIME), SFTP and HTTPS allowing maximum security with open standard support for both inbound and outbound messages.

MSMQ Security

XIP depends heavily on Message Oriented Middleware (MOM) and asynchronous messaging concepts. XIP uses Microsoft Message Queuing (MSMQ) technology as the infrastructure for Santéon's MOM infrastructure. MSMQ takes advantage of various built in security features in Windows operating systems:

  • Access Control to restrict user access to Message Queuing objects
  • Authentication implemented through any authentication method supported by Windows 2000 including public key certificates, Kerberos or NTLM
  • Encryption through both asymmetric (public/private keys) or symmetric (secret key) cryptography is used to encrypt messages sent between Message Queuing components
  • Auditing to record which users attempt to access Message Queuing objects in Active Directory

Through the use of Message Queuing, XIP guarantees no message loss and ensures that messages are not modified or viewed except by authorized users.

Human Interaction Security

Most real world business process requires human intervention. Santéon provides a unique solution for including manual tasks within an automated process. Using a simple drag and drop interface, a form can be designed and included in a Human Interaction (HI) workflow for users to view and interact with data, edit and make decisions that determines the route of the workflow. The flexibility provided by HI requires careful handling of security related issues to ensure that only authorized users can view or edit messages (documents). Through XIP Administration, administrators can define users and groups and assign specific rights to each group of users. XIP uses id/password to log users to the system. Additionally, all human activities are audited providing full tracking of who did what on each message throughout the entire workflow process.

The HI client communicates with the server through a Web Service using HTTP and SOAP protocols, which allow administrators to use firewalls to allow only secure HTTP text-based traffic. Web Services have the drawback of communicating data in plain text which introduces a potential threat; multiple standards are in progress for encrypting data with Web Services. XIP is using SSL to encrypt traffic between the client and the Web Service. SSL adds processing overhead, but it provides a secure means of communication relatively easily and without much need for administrative support.

Portal Security

At the very front of XIP platform there is a portal for trading partners to allow them to perform common operations such as submitting claims, performing eligibility checks or requesting claim status information.
The portal is built over a 3-tier architecture with presentation and client tier fully separated from the business logic.

All traffic between client and server is done through standard HTTP giving administrators the ability to fully exploit firewalls and allow only safe HTTP traffic. The portal supports up to 128 bit SSL based encryption. SSL (Secure Socket Layer) allows secure encrypted exchange of sensitive data over public media without any need for the partners to go through exchanging keys and maintaining them.

Every trading partner is established through a set up process after which the administrator will be issued id/password combination by which he can log and perform a defined set of operations/transactions. The passwords are encrypted through one way hashing and stored in the database. Using one way hashing provides maximum protection for passwords so even if an intruder had access to the database, he can not retrieve the passwords. Additionally, by using IIS and firewall technologies, the portal can be protected against brute force and Denial of Service Attacks.


© 2006 Santéon, Inc. All Rights Reserved     		info@santeon.com