Products
Link Encryption
OWLink is a link encryption product that ensures safe transmitting and receiving of data in most communication environments, including TCP/IP, wireless, and the web, and is equipped with a KCMVP authentication module to ensure the security of data encryption.
OWLink Product Overview
It can meet security requirements required in open communication areas.
| Confidentiality |
- Apply a proven encryption algorithm with a key length of 128 bits or more (ARIA, SEED, AES, LEA) - Data transmitted over the communication section cannot be sniffed. - Session key sharing (Handshake) is encrypted using a highly secure public key (RSA2048, DHE, ECDHE) |
|---|---|
| Integrity |
- Detecting forgery of transmitted messages using the Message Authentication Code (MAC) method - Apply proven algorithms HMAC-SHA256 - The MAC key is derived in a secure way during the session key sharing process. |
| Authentication |
- Completely block access to unauthorized servers. - Applying certificate-based server authentication method (RSA2048 / SAH256 / ARIA) - Authenticating as the server by verifying the hash and issuer signature of the server certificate. - Provide certificate issuance key to enable application of customer's private certificate (KCMVP encryption module application) |
| Availability |
- It can be quickly responded to by simply restarting the server when it is shut down since it is provided in a library format. - By storing the session key in a database, it is not lost during shutdown and encrypted communication continues. - Automatically update without restarting clients when renewing server certificates |
| Secure Key Management (KMS) |
- Shared session keys provide options to be managed using context variables, DB methods, etc. - Shared session keys are stored encrypted - Session keys provide a function to set an expiration date so that they can be discarded after a certain period of use. - Private key password and DB access password are also encrypted and managed. |
Product Features for OWLink
Security
- - Support for session key sharing protocols of TLS 1.2 or higher level: RSA/DHE/ECDHE
- - Support for various encryption algorithms and operation mode : ARIA / SEED / LEA, CBC/CTR/OFB/CFB
- - Prevention for Replay Attack Function
- - Supports Forward Secrecy: Protects past data in case of session key leak (DHE/ECDHE with RSA sign)
- - Support for Backward Secrecy: Data protection after session key leakage (Key Life Cycle Management)
- - Equipped with KCMVP encryption module: Encryption operation is performed through a verified national encryption module
- - Secure session key management: Shared session keys are stored internally encrypted.
- - Session keys stored in the DB are expired according to user-defined cycles to enhance security.
Convenience
- - Simple core function API: System can be implemented by applying only 4 functions
- - Convenience of library management: Provides common libraries for Client/Server
- - Various session key management options: management using context, management via DB (file DB)
- - Provides DB access control and data management API
- - Flexibility in certificate management: Provide your own certificate issuer
- - Convenience of password management: Separate password encryption tool provided
- - Test source code: Sample code with detailed comments provided for easy application and quick implementation.
Operational
Efficiency
- - Provides a powerful debugging API: Provides an API that returns an error stack trace message when an API call error occurs.
- - Support for Korean/English error messages
- - Support for various DB connections to suit the customer environment
- - Session Key Management DB: Restore session keys when restarting the server application even if it is shut down.
- - Automatic renewal of server certificate: When the server certificate is renewed, it is automatically downloaded to the client via the Profile Update protocol.
OWLink Configuration Diagram
