Security Guide for Siebel Business Applications > Communications and Data Encryption >
Types of Encryption
Encryption is a method of encoding data for security purposes. Siebel Business Applications support industry standards for secure Web communications and encryption of sensitive data such as passwords.
To facilitate compliance with U.S. export restrictions on encryption technology, Siebel Systems limits the encryption key length to 56-bit in its products. Customers who want to use encryption keys longer than 56-bit for transport layer encryption and data encryption can do so by using the Siebel Strong Encryption Pack. For more information, see About Siebel Strong Encryption Pack.
To make sure that information remains private, Siebel Business Applications support the use of the following encryption technologies for transmitting and storing data:
- SSL encryption for Web client connections. For data security over the Internet, Siebel Business Applications use the Secure Sockets Layer, version 3.0 (SSL) capabilities of supported Web server platforms to secure transmission of data between the Web browser and the Web server.
Siebel Business Applications can be configured to run completely under HTTPS, have specific pages run under HTTPS (for standard interactivity only), or simply handle login requests under HTTPS. For more information, see Configuring Secure Views and Login Features.
- Encryption for SISNAPI connections (SSL, Microsoft Crypto, or RSA). For communications between Siebel components, Siebel administrators can enable encryption for SISNAPI (Siebel Internet Session API). SISNAPI is a TCP/IP-based Siebel communications protocol that provides a security and compression mechanism for network communications.
SISNAPI encryption can be based on Secure Sockets Layer, version 3.0 (SSL) or on Microsoft Crypto API or RSA algorithms. SSL and RSA are supported across multiple operating system platforms. By default, SISNAPI encryption based on SSL uses the DES algorithm with a 56-bit key that performs both encryption and decryption. To upgrade to the AES algorithm with 256-bit encryption keys, you need to install the Siebel Strong Encryption Pack. For more information on the Siebel Strong Encryption Pack, see About Siebel Strong Encryption Pack.
SSL also supports certificate authentication between the Web server and the Siebel Server, or between Siebel Servers.
- SSL encryption for connection to LDAP/ADS. Secure Sockets Layer (SSL) can be used for connection to certified LDAP or ADS directories.
- SSL encryption for connections to email servers. SSL encryption is supported for connections to email servers, using Siebel Communications Server components. For more information, see Siebel Communications Server Administration Guide.
- AES and RC2 database encryption. Siebel Business Applications allow customers to encrypt sensitive information stored in the Siebel Database (for example, credit card numbers, Social Security numbers, birth dates, and so on) so that it cannot be viewed without access to the Siebel application.
Customers can configure Siebel software to encrypt field data before it is written to the database and decrypt the same data when it is retrieved. This prevents attempts to view sensitive data directly from the database.
Sensitive data can be encrypted by using AES (Advanced Encryption Standard) or RC2 encryption, at various key lengths. Encryption can be enabled for business component fields using Siebel Tools. For more information, see Configuring Data Encryption.
NOTE: Field-level encrypted data should not be replicated to mobile users using Siebel Remote, because it cannot be decrypted and viewed on the Mobile Web Client. The local database for the Mobile Web Client can, however, be encrypted, if it is based on the encrypted template. For details, see Siebel Remote and Replication Manager Administration Guide.
- RC4 encryption. Siebel Business Applications use RC4 encryption to encrypt passwords stored in the siebns.dat file and to encrypt the Auto-Login Credential Cookie. For more information about encrypted passwords in the siebns.dat file, see About Password Encryption. For more information about the Auto-Login Credential Cookie, see Auto-Login Credential Cookie.
- RSA SHA-1 password hashing. Siebel administrators can enable password hashing. Hashing uses a one-way hashing algorithm. The default password hashing method is RSA SHA-1. (The previous mangle algorithm is still available for existing customers.)
Password hashing invalidates the password to unauthorized external applications and prevents direct SQL access to the data by anything other than Siebel Business Applications. For more information, see Configuring Password Hashing.
Figure 5 shows some of the types of encryption available in the Siebel application environment.
Figure 5. Communications Encryption in the Siebel Application Environment