Show TOC

Digital Signatures and EncryptionLocate this document in the navigation structure

Secure store and forward (SSF) mechanisms provide you with the means to secure data and documents in SAP NetWeaver Application Server (SAP NetWeaver AS) as independent data units.

By using SSF functions, you can wrap data and digital documents in secure formats before they are saved on data carriers or transmitted over (possibly) insecure communication links. If you save the data in a secure format in SAP NetWeaver AS, it remains in its secured format even if you export it out of the system.

SSF mechanisms use digital signatures and digital envelopes to secure digital documents. The digital signature uniquely identifies the signer, is not forgeable, and protects the integrity of the data. Any changes in the data after being signed result in an invalid digital signature for the altered data. The digital envelope makes sure that the contents of data are only visible to the intended recipients.

The SSF mechanisms are useful in those application areas where an increased level of security exists pertaining to:

  • The specific and unique identification of persons or components (for example, in work flow processes)

  • Non-repudiation or proof of obligation (for example, when signing paperless contracts)

  • Authenticity and integrity of data (for example, saving audit logs)

  • The sending or storing of confidential data

By using the SSF mechanisms in SAP applications, you can replace paper documents and handwritten signatures with automated work flow processes and digital documents that are secured with digital signatures and digital envelopes.

Implementation Considerations

You use the SSF mechanisms if you are using an application in SAP NetWeaver AS that has implemented digital signatures or digital envelopes.

There are a number of applications that currently use the SSF mechanisms to provide data protection, for example:

  • SAP Single Sign-On

  • Production Planning - Process Industry

  • Product Data Management

  • SAP ArchiveLink - SAP content server HTTP interface 4.5

With time, more applications will use SSF for their security purposes.

Examples of SAP Applications That Use the SSF Functions

The following SAP applications are examples of areas that use digital signatures to meet their requirements:

  • SAP Single Sign-On

    • Secure Login Client enables you to make system signatures with your SAP user and your Microsoft password from Microsoft Active Directory.

    • Secure Login Library provides digital signatures with encryption keys embedded in a hardware security module.
  • Quality Management

    • When saving inspection results for an inspection lot

    • When making and changing the usage decision for an inspection lot

  • Production Planning for Process Industries

    • When completing a work step in the process industries sheet

    • When accepting invalid values within input validations

    • When approving a batch record

  • SAP ArchiveLink Content Server HTTP interface 4.5

    When authenticating a request to access the archive