Business Innovation Manager KBC
In the first article in our ‘Integration can be learned’ series , we shone the spotlight on various integration methods, including iFrames, APIs and widgets. In this article, we'd like to take a closer look at the security aspects of information – or the manner in which data is sent. When exchanging data, we of course want to make sure the process is the right one and the data is sent correctly. It is essential to ensure two aspects here: confidentiality and integrity.
Confidentiality means that the data can be viewed only by authorised persons , thereby preventing it from being leaked to the wider world. Under this arrangement, the sender has to guarantee that the transaction remains confidential.
An example: Max gives an envelope to Katrien. He has sealed the envelope, thus ensuring its confidentiality. No one else can view the information in the envelope during the transaction. If the envelope is already open when Max gives it to Katrien, the confidentiality of the information can no longer be guaranteed. You can take this one step further: say that Max gives the envelope to his daughter and she gives the envelope to Katrien. If the envelope is still sealed, the confidentiality of the information is guaranteed. If the envelope is open, this is no longer the case. The question is whether the information in the envelope is actually from Max . This is where integrity comes in.
Integrity means you are sure of the source of your information: you have received it from someone who claims that they are in possession of the information, and you can check that the person is who they claim to be.
Let's return to our example once again: if Katrien meets Max to receive the envelope, she knows that the information is coming directly from him. If Katrien receives the envelope via Max's daughter, she can no longer be sure of this. In this case, Katrien and Max should agree on a key in advance.
Max can include a letter with the envelope containing a password that the pair has agreed on ahead of time. If the letter containing the password is in the envelope, Katrien knows for sure that the envelope is from Max, thus guaranteeing its integrity. If the letter is not inside the envelope, its integrity is not ensured. The recipient of the transaction therefore controls the integrity. This is what is known as encryption.
3. Let’s go digital
The envelope example takes place in the analogue world. It is also possible to ensure confidentiality and integrity in a digital environment by means of encryption. In fact, it is essential. It should always be assumed that the channel through which we send information is not secure, which is why it is important to encrypt the information during the transaction. There are various techniques for doing so that are typically based on mathematical models. Today, SSL and mutual SSL authentication are most widely used.
SSL (‘secure sockets layer’) can be recognised by the padlock that appears on the left in the address bar for the web addres. This padlock means that the integrity of the website is guaranteed – you are on the site you intend to be (Google, KBC, etc.). This is determined by one of seven global authorities that are permitted to issue certificates. This is comparable with the official Instagram or Twitter account of certain public figures or bodies – these accounts typically feature an icon.
Mutual SSL is an SSL, but it goes in two directions: this ensures the integrity of both yourself and the partner with whom you are communicating. This is a key that can be securely agreed via the Internet (an unsecured channel), but which cannot be retrieved for usage by others. The principle is based on the protocol (or the agreement) to exchange a secret encryption key via an unsecured channel, which was developed by the mathematicians Whitfield Diffie and Martin Hellman.
The terms ‘integrity’ and ‘confidentiality’ are essential for protecting the information you send. It is important to always consider the level to which you wish to securethe information. Sometimes the integrity is essential, while confidentiality is less important – and vice versa. Keep in mind that the Internet (and therefore tools such as e-mail) is considered to be an unsecured channel. If you want to send information digitally, it is a good idea to encrypt it . We take this into account as standard whenintegrating information with KBC . We communicate with our partners on how to ensure this on a technical level, depending on their needs and digital maturity. Safety first!
Would you like to know more about our integration options?
You will find an overview of the various business solutions and technical integrations on the KBC Developer Portal.