Product: Tessellation Software Framework |
Advantages: Security (Ultra-high "Government" Level Security)
-
Encryption: Provides 128 bit encryption on communication in each direction
over a local area network, wide area network and/or over the internet.
-
Two-Way Authentication: Framework provides one or two way authentication
by using digital certificates at both client and server locations. (When a client of
the implementer [i.e., end-user] initially establishes a connection to the application
that implementer developed to work within this Framework on the server-side
[i.e., when the end-user uses the implementer provided GUI, which, in turn, uses the
client components of this Framework to connect through the server components of this
Framework to implementer's server-side code], the Tessellation Framework ensures the
end-user that he/she is truly connecting with implementer's application; and, if
two-way authentication is opted for, the Tessellation Framework ensures the implementer
that it is truly a specific authorized end-user who is connecting to its application.)
-
ACL Permissioning: The TSF provides for and uses ACLs (Access Control Lists)
that tie particular Username-Password pairs with particular certificates. In order
to gain access, an entity must not only connect with a trusted and permissioned
certificate (the “trusted” part handled by the “Two-Way Authentication” capability
described above), but the certificate itself must be in the ACL and must be connected
to the username-password pair that is sent in the first command immediately following
the establishment of a connection.
-
Integrity: Guarantees that messages received have not been tampered with.
-
Non-repudiation: This framework automatically digitally signs and verifies
messages in both directions (i.e., from client-specific code to server-specific code
and vice-versa). It logs and rejects any messages that do not successfully verify.
(Development teams may, for non-sensitive information [e.g. market data], opt out of
signing/verification on a message by message basis.) If a message is signed, it is
automatically verified upon receipt. If a signed message does not verify, it will
not be passed by the server components of this Framework to implementer's
server-specific code.
Signed messages may be stored; and, since only the client (i.e., end-user of the implementer) whose private key corresponded to the digital certificate that properly verified the message could have been the one who signed the message (and given the recent law passed by Congress giving digital signatures the weight of physical signatures from a legal perspective), by storing all signed commands (along with the end-user's digital certificate used to verify the message), the implementer will be able to prove – in court if necessary – that the originator of any given command (e.g. a trade or bid/offer in the financial community; or, a request to alter a medical record; etc.) came from the end-user who implementer supposed. This ensures that any commands reaching the server-specific code (or, the client-specific code if that is desired) may not be repudiated by the entity that sent them and that the implemnter will always be able to prove the ownership and content of commands/requests coming from their clients.
This Framework provides for these non-repudiation capabilities through the automatic digital signing, verifying (and logging/rejecting of unverified messages) as already mentioned, as well as by providing a signature server to store digitally signed messages (and their associated certificates).
The Tessellation Software Framework provides stronger non-repudiation capabilities over the public internet than most existing trading platforms used by the financial community.