The present application relates generally to a system architecture for securing a data environment. It finds particular application in conjunction with a cardholder data environment and will be described with particular reference thereto. However, it is to be appreciated that the present invention is also amenable to other types of data environments.
Electronic commerce, or e-commerce as it is otherwise known, relates to the buying and selling of products and services between consumers and merchants over the Internet. The convenience of shopping over the Internet has sparked considerable interest in e-commerce on behalf of both consumers and merchants. Internet sales, or like transactions, have typically been carried out using standard credit cards, such as VISA, MASTERCARD, DISCOVER, AMERICAN EXPRESS, and the like, or standard debit cards, such as check cards or automated teller machine (ATM) cards which directly access funds from an associated deposit account or other bank account.
Typically, a plurality of parties, such as merchants, payment gateways, acquirers/processors, issuers, and so on, is involved in processing e-commerce transactions. Each of these parties is represented by an internal, internet protocol (IP) network formed from a plurality of hosts, such as computers and servers, each having an IP address. An IP address is a unique number, such as a 32-bit or 128-bit number, that identifies the location of a host on an IP network. While processing e-commerce transactions, these parties exchange a number of communications with each other over an external, IP network, such as the Internet. As with the internal networks, the external network is formed from a plurality of hosts, such as computers and servers, identified by IP addresses.
To connect the internal networks and the external network, network address translation (NAT) is typically employed. Developed by CISCO, NAT is used by a device (e.g., a firewall or router) that sits between the internal network and the external network. NAT allows the device to act as an agent between the internal network and the external network. In that regard, the device translates between IP addresses of the internal network and IP addresses of the external network. For example, the device may receive data packet destined for an IP address of the external network, change the destination IP address of the data packet to the IP address of the internal network, and forward the modified data packet to the IP address of the internal network.
One challenge with communicating over an external network, such as the Internet, is security. The data exchanged between the parties includes payment information, such as credit card numbers, which can be of great value to potential attackers. One approach for mitigating the risk of payment information or other sensitive information falling in to the hands of attackers is to segregate an internal network into a cardholder data environment and a demilitarized zone (DMZ) to intermediate the cardholder data environment and the external network. A cardholder data environment is a network that possesses cardholder data or sensitive authentication data and those hosts and segments that directly attach or support cardholder processing, storage, or transmission. All other hosts of the internal network are added to the DMZ. These hosts are suitably employed to communication with hosts of the external network.
A firewall intermediate the DMZ and the cardholder data environment controls the flow of traffic between the DMZ and the cardholder data environment. The firewall allows limited connectivity between the DMZ and the cardholder data environment so the hosts of the DMZ can partially or wholly offload the processing of communications received from the external network to the cardholder data environment. By employing a firewall intermediate the DMZ and the cardholder data environment, even if an attacker compromises a host in the DMZ, the cardholder data environment is still secure.
The payment card industry data security standard (PCI DSS) is a set of requirements designed to ensure that all parties that process, store or transmit credit card information maintain a secure data environment. The PCI DSS is administered and maintained by the Payment Card Industry Security Standards Council (PCI SSC). The PCI SSC is an independent body that was launched in 2006 by the major payment card brands, such as VISA, MASTERCARD, AMERICAN EXPRESS, DISCOVER and JCB, to manage the ongoing evolution security standards in the Payment Card Industry (PCI) with focus on improving payment account security throughout the transaction process. For information regarding the PCI DSS, see www.pcisecuritystandards.org.
One requirement of the PCI DSS v1.2, section 1.3.5, is to “[r]estrict outbound traffic from the cardholder data environment to the Internet such that outbound traffic can only access IP addresses within the DMZ.” As noted above, a cardholder data environment is a network that possesses cardholder data or sensitive authentication data and those hosts and segments that directly attach or support cardholder processing, storage, or transmission. A typical approach of meeting this requirement is with HTTP proxies in the DMZ. However, such an approach is invasive when using SSL with payment specific certificates. This is further complicated since keys for the certificates are typically stored in hardware security modules (HSMs). The HTTP proxy approach would require several HSMs, each costing approximately $30,000, in the DMZ.
The present invention provides a new and improved method, which overcomes the above-referenced problems and others.