The IBM CBT Digital Signature (CBT) solutions portefolio encompass most components to develop a secure solution for exchanging and storing private information. This has since 1995 been used by many customers for Internet banking solutions and other self service solutions including electronic document handling where the XML standards including XAdES are supported.
The basic components are:
and at a higher level CBT offers these Web applications:
Unique CBT features:
CBT has from its start offered end-to-end encryption and strong cryptographic hardware protection of private keys.
CBT applets have always had very small footprints supporting regions with less bandwidth available.
Very robust CBT applets working with all kinds of browsers and Java versions.
CBT Thin Client Applets
The CBT Thin Client Applets is a collection of small Java applets which can be executed in a browser. They are primarily used as security components in client-server web applications to provide security mechanisms such as digital signatures and encryption. By using CBT, a web application will be able to establish the identity of end users, allow them to digitally sign transactions and achieve confidentiality and integrity of data sent between client and server.
The CBT applets can be used to secure many different kinds of web applications such as: Internet banking applications - allowing users to manage their accounts, transfer money, buy and sell stocks etc.
E-government portals - allowing citizens to access services provided by governments and municipalities.
E-commerce sites - allowing customers to buy goods on-line from Internet shops. CBT can be used both in open PKI environments where trusted third parties act as Certificate Authorities (CAs) and Registration Authorities (RAs), as well as more closed environments where no third parties are involved.
Main benefits of CBT Applets
The applets do not require installation on the client computer as the applets are downloaded on each access to the web application. This makes it possible for the end-users to be mobile and it removes the burden of handling installations, software updates etc.
Many different client platforms and browsers are supported including Windows, MacIntosh and Linux.
The applets have a very simple and user friendly graphical user interface (GUI). All major Certificate Authorities can be supported.
Both key files and hardware tokens (e.g. smartcards) can be used with CBT. Open standards are used for interoperability such as PKCS, PKIX, X.509, XML digital signature, XML encryption etc.
CBT can achieve true end-to-end security which is not possible with normal SSL.
CBT Solution White Paper
The following white paper describes the CBT solution in more detail. It is targeted for solution architects who want to learn how CBT is used in a portal or web application. Read more in this white paper (PDF, 727KB).
CBT and Phishing Attacks
Phishing is a growing type of fraud on the Internet. CBT and digital signatures can be used to secure Internet applications against phishing attacks. Read more in this white paper (PDF, 267KB).
CBT and Tivoli Access Manager/Tivoli Federated Identity Manager
CBT integrates well with the Tivoli products. Specifically, CBT can extend the available authentication capabilities in TAM or TFIM. For example, CBT plug-ins for TAM and TFIM are available to support large authentication frameworks and ID services offered by governments and banks.
CBT Server components
The CBT Thin Client Applets are complemented by a set of server components which handle tasks such as verifying digital signatures, decryption of messages, communication with external CA's for e.g. revocation checks and other PKI related checks. The server components run on several platforms and they support IBM cryptographic hardware. The server APIs are available as an integrated component which performs all necessary checks on signed messages, including status check of certificates via the CRL or OCSP protocols. This makes the CBT components easy to use from the service provider’s applications.