The sending systems may, for example, be different point-of-sale checkout stations, which must be capable of communicating with a central server (the receiver), in particular for the management of inventory or the consolidation of sales made.
In the case of a company that is geographically extended, the different checkout stations can be linked to a central server by means of network operators, via telecommunications lines that may be either private or public.
The private lines, also called VPN (Virtual Private Network), are used to form the company's internal network or Intranet. The company's Intranet has the advantage of being capable of being entirely secured since all of the access points are determined in advance and may comprise internal security devices defined by the company.
The public lines may be used for relationships with partner companies, via an Extranet-type network. Access to these lines is achieved by means of a public network operator of the ISP (Internet Service Provider) type. The company's Extranet is also capable of being entirely secured since each partner can be identified by means of a Certification Authority (CA), and the connection between each partner and the company can be considered to be private (equivalent to a VPN-type line), even if it is part of the public network.
These professional solutions (Intranet, Extranet) remain complex and expensive to implement operationally in companies.
The public lines may also be used for random dealings and on demand with all of the clients and prospective clients of the company, via the Internet. The Internet does not have a specific security device, although passwords and technologies for access to a server can be used, but without guaranteeing bilateral security between a client and a server. Indeed, any access point of the public network having knowledge of the password securing devices can access the information exchanged.
These devices do not therefore guarantee the degree of security desirable for company data exchanges over the Internet-type network.
Moreover, an Internet-type network does not guarantee that the data received by the receiver remains consistent with that initially transmitted by the corresponding sender because of the risk of involuntary corruption of frames transmitted by such a network based on IP (Internet Protocol) technology.
To overcome this lack of security over the Internet-type network, different solutions for securing access and data exchanges that use technologies based on a set of mathematical encryption models of the RSA, SSL, HTTPS type and so on, have been developed.
These encryption techniques do not always make it possible to guarantee sufficient security of exchanges between clients and the server, in particular when these exchanges are performed interactively.
It has indeed been noted that these devices can be fooled by access points of the public network for the purposes of corruption, destruction or espionage of company data.
To minimise these risks, exchanges are limited by the use of transaction files, i.e. files combining information or movements that have appeared during a given time period.
It is, however, increasingly necessary to be capable of using, in an entirely secure and interactive manner, public Internet-type telecommunication networks that have the following advantages:
no network-related transmission cost for the company,
global access without any additional cost open to the company,
high current available bandwidth on the networks,
permanent availability making it possible to maintain, at any time, proper operation of the data exchange system.
The imperatives for computer security on the Internet concern four main points:
integrity, to guarantee that the data is not modified during its transmission (including even the case of involuntary corruption based on IP frames transmitted, then received);
confidentiality, to guarantee that only those involved in a data exchange are capable of understanding the data exchanged;
non-repudiation, to guarantee that the sender of a message cannot later deny having sent said message;
authentication, to verify that a message received comes from an authorised person.