Show TOC Start of Content Area

Background documentation Secure Network Communications (SNC)  Locate the document in its SAP Library structure

You can also use Secure Network Communications (SNC) to provide for secure authentication instead of using the traditional user ID and password-based authentication.

Note

SNC is available for user authentication when using the SAP GUI for Windows or Remote Function Calls. When using a Web-based user interface (for example, SAP GUI for HTML), then you need to use an authentication method available for Web-frontends (for example, X.509 client certificates).

SNC uses an external security product to perform the authentication between the communication partners (for example, the SAP GUI for Windows and the application server). The security measures you need to take depend on the security product you use and the type of infrastructure that it supports. For example, if the security product uses public-key technology, then you need a public-key infrastructure (PKI). You need to define procedures for generating and distributing the key pairs for the users and system components and you need to make sure their private keys are stored in a secure location.

Protecting Private Keys

To prevent misuse of the private keys, you must ensure that they are stored in a secure place. There are two methods of storing private keys. They are:

·        Hardware solutions (for example, smart cards or crypto boxes)

·        Software solutions (for example, Personal Security Environments or PKCS#12 format)

Hardware Solutions

The best way to protect SAP System users' private keys is to use smart cards that you issue to each individual user. The keys are saved on the card, and the card is designed to never reveal the private key. Users have to authenticate themselves to their cards, either using biometrics (for example, a fingerprint) or knowledge (for example, a PIN, password or pass phrase entry) and can then use the card to create digital signatures or to encrypt documents. In this case, each user needs to protect his or her smart card from theft or loss.

Caution

Do not allow your users to share smart cards or give them to others to use!

On the server, you can use a crypto box instead of a smart card for higher performance.

Software Solutions

As an alternative, you can also use a software solution to store the users' private keys. The software solution is not as safe as the use of crypto hardware, however, it is less expensive to implement. If you use files to store the users' information and private keys, then you need to take extra care in protecting the files from unauthorized access.

See also:

SNC User's Guide at http://service.sap.com/security.

 

 

End of Content Area