Secure Network Communications (SNC)

Use Secure Network Communications (SNC) to provide for secure authentication instead of using the traditional user ID and password-based authentication.

SNC uses an external security product to perform the authentication between the communication partners (for example, the SAP GUI for Windows and the application server). The security measures you must take depends on the security product you use and the type of infrastructure that it supports. For example, if the security product uses public-key technology, then you need a public-key infrastructure (PKI). Define procedures for generating and distributing the key pairs for the users and system components and make sure that their private keys are stored in a secure location.

SAP offers such a security product: SAP Single Sign-On.

To prevent misuse of the private keys, you must ensure that they are stored in a secure place. There are the following methods for storing private keys:

  • Hardware solutions (for example, smart cards or hardware security modules)
  • Software solutions (for example, Personal Security Environments or PKCS#12 format)

Hardware Solutions

The best way to protect private keys of users is to use smart cards that you issue to each individual user. The keys are saved on the card, and the card is designed never to reveal the private key. Users must authenticate themselves to their cards, either using biometrics (for example, a fingerprint) or knowledge (for example, a PIN, password or pass phrase entry). Users can then use the card to create digital signatures or to encrypt documents. In this case, each user must protect his or her smart card from theft or loss.

On the server, you can use a hardware security module instead of a smart card for higher performance.

Software Solutions

You can use a software solution to store the private keys of users. The software solution is not as safe as the use of crypto hardware, but it is less expensive to implement. If you use files to store the information and private keys of users, then you must take extra care to protect the files from unauthorized access.

Related Information