RuleLab.Net Security
|
Communication with the Rules Designer and the Web Service is protected by the Secure Sockets Layer (SSL). Additionally, we offer an optional encryption of your entire online data content (Rules, Facts, Atoms and XML References). Encrypting your data protects it from a potential unauthorized access to the online database. It also protects data in the event your login ID and password are stolen.
RuleLab.Net allows you to generate your private encryption Key. Your encryption Key is passed to the system through a cookie that we place on your local box. Every computer accessing encrypted data will have to provide that encryption Key to the RuleLab.Net. A user who created the key will know the combination. His/her computer will automatically get the key and keep it in a cookie. Other users will have to know the Key and enter it into the RuleLab.Net. Upon entering, their computers too will have the Key stored in a cookie.
Users enter login IDs and passwords several times per day but they enter the encryption Key only once in months (until/unless they delete cookies or the cookie expires). Therefore, the odds of the Key combination leaking are less than of the login ID and password. Similar to client certificates, the encryption Key enables an access to the site only from the authorized client computers.
Data Encryption
The encryption public Key is stored within our system. The encryption private Key can be generated via the Encryption tab of your Account screen. We do not transfer your private Key in plain text across networks. Your Encryption Key is stored in a cookie which itself is encoded using the key combination only known to VDE Technologies staff. Also note that cookies and encrypted by the SSL.
To encrypt your online content, go to the Encryption page and click the “Generate New Key” button. It will create a unique 8 number combination. Once the Key is generated, the “Encrypt my XML data” checkbox becomes enabled. You must click this checkbox to apply the encryption. It will encrypt the existing XML files in your RuleLab.Net account and force an encryption of new files that will be added in the future. |
|
You can always decrypt the files by unchecking the box. All your online files will be immediately decrypted. The reason you may want to decrypt the files is for involving VDE Technologies staff in troubleshooting an issue. You don’t have to decrypt anything to retrieve your XML files - when you download files from your account, the downloaded copy is decrypted automatically.
Encryption Key
Please do not loose your private Key. If it is lost, we may not be able to recover your data. It’s a good practice to download the online project files to your local box for a backup. If you keep them locally, you can always upload them to our system. This way, if the Key is lost, you will restore your work.
If the system asks you to enter the Key, please go to the Encryption tab, type in your private Key combination, and click the Update button. You will have to reload the project if you have one open. If you don’t have a valid Key, please ask another team member. If the RuleLab.Net Service access is shared between multiple users, each additional user will have to type the Key when prompted.
In the event of miscommunication between users, one of the authorized users can decrypt the files and generate the new Key to encrypt them back. However, please do not decrypt/generate new Keys without informing other team members! If you change the Key, send them the new Key right away.
Manually entering the private Key maybe required due to the following reasons:
1. Cookie expired or deleted from the machine
2. Accessing the Rules Designer from a new machine
3. New user is granted access to the Rules Designer
4. Encryption Key has been changed by another user.
Testing the encryption
So, how can you confirm that your data is encrypted? Simply encrypt your RuleLab.Net online data using a computer at work then try logging in from your home computer. Your home computer will let you login but will not show any content until you enter the encryption Key. Note that trying it with two computers connected to the same router may not work because the cookie generated on one of them might automatically become available on the other.
Using the Web Service to access encrypted data
If you encrypted the online content, your application has to provide the private Key when making calls to the RuleLab.Net Web Service. The private Key must be sent within the Client Authentication Header. See the Web Service specification for more details.
Related topics
Introduction to RuleLab.Net
RuleLab.Net System architecture