Articles in this section

1.1 Introduction into eRoaming Security Concept

You are now in phase 1 - IT-Security.

 

Motivation

The eRoaming Platform is accessed by roaming partners. Besides the users who access the GUI of the platform, there are backend systems which communicate with the platform in automated ways via Web Service calls. In the same way the eRoaming Platform accesses the backend systems of the roaming partners.

The eRoaming Platform is operated by Hubject. Roaming partners are operating their systems separately. Communication between them uses standard internet infrastructure. Connections need to be secured to achieve the following general goals of information security:

  • Confidentiality - messages can only be read by intended recipients.
  • Integrity - altering of messages during transmission (deliberately or by technical errors) must be detected.
  • Authenticity - messages must be attributable to a unique sender. Sender must not be able to repudiate the transmission of the message.

IT Security Mechanisms

IP Whitelisting

Incoming connections of roaming partner backends are sent via the internet to the eRoaming Platform. Access is only possible if your IP address is whitelisted. Outgoing HBS connections are sent directly to partner backend systems passing the firewall.

180129_IT_Security_Grafik_Zendesk_new.PNG

HTTPS & Certificates

The Web Services are transmitted using HTTPS, the SSL/TLS secured HTTP variant. The SSL tunnel guarantees the above goals of information security: confidentiality via encryption, integrity via signed checksums and authenticity via authentication using digital signatures and certificates. 

 

Please continue with whitelisting of the IP addresses.

Related articles