BIRT iHub secure communications

BIRT iHub secures data in transit to prevent unauthorized third parties from accessing information passing between iHub services and between the iHub server and the end user. Data in transit use the following security protocols:

HyperText Transfer Protocol Secure (HTTPS) is used for communication between the user’s web browser and both the Administration Console and BIRT iHub Visualization Platform services.

Security Assertion Markup Language (SAML) provides a secure means of authenticating and authorizing a user to access a volume.

HyperText Transfer Protocol Secure (HTTPS) is a protocol used to enable secure communication over a computer network. When HTTPS is at the beginning of a URL web address such as https://www.actuate.com, the web browser attempts to activate an encrypted connection using the Secure Sockets Layer (SSL).

A server requires two keys and one certificate to build the HTTPS connection. These establish an SSL handshake to encrypt the data between the client and the server. HTTPS also encrypts the URL’s query parameters, headers, and cookies.

After the client completes the SSL handshake, the web browser securely uses the same features available to an HTTP connection, such as hyperlinks and JavaScript.

Secure Sockets Layer (SSL) is a protocol for securely exchanging information, such as passwords, credit card numbers, medical, and other private data, over a computer network. SSL provides the means to:

SSL uses the following components:

Available only to the owner of the private key. Used to decrypt a message encrypted by the public key.

Available to the public. Used to encrypt a message sent to the owner of the private key.

Contains information such as the certificate issuer, certificate expiration date, information about the certificate owner, and the certificate owner’s public key. The certificate is signed by a certificate authority, using a digital signature.

A trusted agency that validates information about an entity such as an online business, and then signs a digital certificate for the entity to use.

A client uses a web browser to access a server hosting Visualization Platform. The secured connection starts when a client visits the SSL secured server using a URL web address beginning with HTTPS. The client receives the server’s digital certificate identifying the server and including the server’s public key. The client web browser checks the following characteristics of the certificate:

After accepting the server’s certificate, the client uses the public key from the server’s certificate to encrypt a message and then sends the message to the server. The message requests that the server generate a session key, also known as a shared secret key. At the same time, the client uses the data in the message to generate the same session key that the client expects the server to generate.

The server uses its private key to decrypt the message from the client. Then, the server uses the data in the message to generate a session key, identical to the session key the client generated. The client and the server use the generated session key to encrypt data, decrypt data, and verify data integrity using checksums.

The server sends a message encrypted using the generated session key back to the client. This message completes the SSL handshake and confirms that data travels securely between both sides of the connection.

BIRT iHub enables SSL by default, specifying port 8001 in the acpmdconfig.xml file. BIRT iHub stores SSL certificates in the AC_SERVER_HOME/shared/credential folder.

BIRT iHub implements 2048 RSA private key encryption. Actuate supports the following secure protocol configurations:

BIRT iHub disables SSL V2, client-initiated renegotiation for ihubd, and TLS compression.