Encryption
Encryption is the scrambling of data so that it can only be read
by its intended recipient. "Conventional" or "symmetric" encryption uses a single cryptographic key which is shared by both parties to the communication.
Public Key Cryptography
Public key cryptography is cryptography that uses two cryptographic keys instead of one. One key, the "private key," is kept secret by the key-pair owner, and used to decrypt messages that were encrypted with the other, "public key." Messages encrypted with the public key can only be decrypted with the corresponding private key. This greatly facilitates key management because public keys can be widely distributed without fear of losing security. Conversely, messages can be "encrypted" with the private key and "decrypted" with the public key. The latter process provides no secrecy since the public key is widely available, but does provide assurance that the (sole) owner of the private key was the one who performed the "encryption." This is called a "digital signature."
Hash
A hash is a cryptographically secure checksum which has the following properties:
 |
 |
given a hash, it is not feasible to ascertain the input data from which it was computed |
|
|
it is not feasible to find two different messages whose hash values are identical. These properties make hashes very useful for verifying message integrity. |
Digital Certificates
Digital certificates are digital documents that bind a public key to an identity and can be used for authentication purposes in cryptographic protocols. Digital certificates contain the following data:
|
|
Subject's name, company and address |
|
|
Subject's public key |
|
|
Issuer name |
|
|
Valid dates |
This data is combined and digitally signed (see "Public key cryptography," above) by a trusted third party called a certificate authority (CA). Anyone who verifies the CA's signature on the certificate is assured that the identifying information contained therein corresponds to the accompanying public key.
SSL Certificates (Direct Connect Only): Intuit products will establish a 128-bit connection with the Financial Institution's OFX server even if the server will allow a lesser connection from another client source.
Intuit recommends the VeriSign OFX CA Generation 2 certificate. Additional information on this is available at Financial SSL Certificates for OFX
Intuit products will also support the following SSL Certificates:
|
|
Entrust.net Secure Server CA |
|
|
RSA Secure Server CA |
|
|
VeriSign International Global Server CA |
Special Note for Quicken Mac 2004:
If the OFX server is using a certificate other than the VeriSign OFX Generation 2, Quicken Mac users must install a special software patch in order to connect. The patch can be downloaded from http://web.intuit.com/support/quicken/updates/index.html
Application Level Security
Application level security is security that is built into the software application. For example, in Quicken these measures include use of a password that authenticates the customer initiating each banking transaction and a series of prompts and controls that allow users to monitor closely online activity and to confirm only authorized transactions.
|
