The Design And Programming Of Device Security Framework

Today, businesses face their greatest security challenge. The "networked world" exposes their systemsand data to security breaches more than ever before and this threat increases daily. Security administrators are scrambling to protect their infrastructure and data from network abuse, publicity seeking hackers, corporate espionage, and theft of confidential or proprietary information. Despitethese efforts, high-profile security breaches continue to make headlines?often with significant financial loss and negative publicity.What's needed is a cost effective, easily integrated, easy-to-use solution for rock-solid enterprise network and Internet security. With the DSF(Device Security Framework) Infrastructure and SDK, applications can now be made "Device-Aware". A device aware application can tie its data to a specific instance of the application on a specific device. This allows for new products to be created that can confidently runon a device. DSF applications have the following two traits:One is application data can not be opened by other applications on the same machineï¼›The other is application data can not be opened on any other machine.The Device Security Framework is an integrated suite of products, consisting of:Central Device Authority (CDA). The CDA manages and administers trust to secondary authorities, known as Regional Device Authorities. The CDA also evaluates and certifies security-enabled, device-aware applications that communicate with the security network and are used on client devices. The CDA is owned and administered by Third Party.Device Authentication Server (DAS). The DASs enroll new end-user client devices and manage and authorize enterprises running device authentication servers, called Device Security Servers. The Regional Device Authority works with the enterprise Device Security Server to register (authorize) individual end-user devices so they can run the security-enabled, device-aware applications. Device Security Server (DSS). These servers are installed inside the perimeter of an enterprise. They act as a central repository to provide cryptographic functionality to enterprise clients. For example, a DSS can act as an authentication server for an enterprise VPN Gateway. They are typically purchased/licensed by the enterprise, and the system administrator of the company maintains them.Device Security Client and software. This software runs in end-user clients, who can then communicate with the other components of the infrastructure to usecryptographic services.The DSF SDK facilitates writing applications that can use the DSF framework.Typically, an application written with the SDK consists of some functionality in a DSS and some functionality in end-user clients. The product ships as these two components. When they are installed,they interact with DASs to initialize themselves, get the appropriate licenses, register new clients,request App Containers, etc.mechanism based on a shared secret stored in an App Container in the client).The following sections examine each component in detail.