Security solutions

The CBT Thin Client Applets is a collection of small Java applets which can be executed in a browser. They are primarily used as security components in client-server web applications to provide security mechanisms such as digital signatures and encryption. By using CBT, a web application will be able to establish the identity of end users, allow them to digitally sign transactions and achieve confidentiality and integrity of data sent between client and server.

The CBT applets can be used to secure many different kinds of web applications such as:

• Internet banking applications - allowing users to manage their accounts, transfer money, buy and sell stocks etc.
• E-government portals - allowing citizens to access services provided by governments and municipalities.
• E-commerce sites - allowing customers to buy goods on-line from Internet shops.

CBT can be used both in open PKI environments where trusted third parties act as Certificate Authorities (CAs) and Registration Authorities (RAs), as well as more closed environments where no third parties are involved.

• The applets do not require installation on the client computer as the applets are downloaded on each access to the web application. This makes it possible for the end-users to be mobile and it removes the burden of handling installations, software updates etc. Automatic installation of the applets on the client system can be done via the Internet if desired.
• Many different client platforms and browsers are supported including Windows, MacIntosh and Linux.
• The applets have a very simple and user friendly graphical user interface (GUI).
• All major Certificate Authorities can be supported.
• Both key files and hardware tokens (e.g. smartcards) can be used with CBT.
• Open standards are used for interoperability such as PKCS, PKIX, X.509, XML dig. sig., XML encryption etc.
• CBT can achieve true end-to-end security which is not possible with normal SSL.

The following white paper describes the CBT solution in more detail. It is targeted for solution architects who want to learn how CBT is used in a portal or web application. Read more in this white paper.

Phishing is the fastest growing fraud on the Internet and has recently been given a lot of attention in the media. CBT and digital signatures can be used to secure Internet applications against phishing attacks. Read more in this white paper.

CBT integrates well with the Tivoli Access Manager product. Specifically, CBT can extend the available authentication capabilities in TAM. For example, CBT plug-ins for TAM has been developed to support large authentication frameworks and ID services offered by governments and banks in the Nordic countries.

The CBT Thin Client Applets are complemented by a set of server components which handle tasks such as verifying digital signatures, decryption of messages, communication with external CA's for e.g. revocation checks and other PKI related checks. The server components run on several platforms and they support IBM cryptographic hardware.

The server APIs are available as an integrated component which performs all necessary checks on signed messages, including status check of certificates via the CRL or OCSP protocols. This makes the CBT components easy to use from the service provider’s applications.