Previous Table of Contents Next


Nonrepudiation. In this section, nonrepudiation is defined as the process of ensuring that a user — either the originator or the recipient — can be identified as having engaged in a particular transaction. This facility may also be used during the normal course of business activity to identify the originator of information. Nonrepudiation involves the following procedures:

  Electronic identification of the sender is accomplished by digital signaturing. Depending on the nature of an organization’s business, a choice of standards can be followed.
  Message hashing ensures that the content of the message is not altered. This is accomplished by cycle redundancy checks, which sum up a total value of the message’s bits and stores that hash with the digital signature in an encrypted envelope for the message. Two major hashing algorithm standards exist: MD5, which is supported by RSA and the Internet (ANSI X930 part 2 and RFC 1321), and secure hash standard, which is supported by NIST (FIPS 180 and 180-1).
  A copy of the message (the hash) with the digital signature of the originator is sent to the message archive. Each message must have an established retention date that will vary according to the message content. The records retention policy should serve as the guide for establishing the date. The message should be automatically removed from the archive database when this date is reached.
  Proof that the message was delivered requires an electronic acknowledgment containing the date stamp of the activity to be sent to the archive and matched to the message.
  Proof that the message was opened requires an electronic acknowledgment containing the date stamp of the activity to be sent to the archive and matched to the message.
  When the importance of a transaction dictates that nonrepudiation is required, a utility should monitor the message activity to ensure that the message was received and opened. Electronic message status should be returned to the sender for appropriate follow-up as required (e.g., to determine why the message was not received or opened).
  The trustworthy information processing infrastructure must provide assurances that the message and audit details cannot be altered.

Many business uses exist for nonrepudiation in the mobile world (e.g., purchase orders, expense statements, strategic management directives, conflict of interest forms, and other important documents) that can provide technology an opportunity to reduce today’s manual administrative efforts. However, nonrepudiation does not address confidentiality of the message; this is accomplished through encryption.

Remote Access Authentication. After the decision is made to allow modem, Internet, CDPD, or ISDN access to the infrastructure, the risk of unauthorized access to the infrastructure increases. Call forwarding and other advances in technology have eliminated the security effectiveness of dial-back modems. The Gartner Group considers dial-back modems to have limited effectiveness.

The most effective way known to authenticate a remote user is through two-phase authentication: with something that the remote user knows and something that the remote user possesses. Another means of authentication is through the use of biometrics, which includes voiceprint, fingerprint, or retinal scan. Currently, the cost and technical problems associated with remote biometrics scans render them impractical for common use.

When selecting one of the myriad products that support two- phase authentication, the following items should be added to the functional requirements list:

  It must provide the capability for centralized administration of access system controls (e.g., personal identification numbers, passwords, alarms, use analysis), while the actual authentication platforms may be decentrally deployed.
  It must function independently from the network infrastructure. The product should be independent of modem type, BAUD rate, or any other characteristics related to transmission of data. When changes are made to the network infrastructure, the product should not require modification.
  It must function independently from the hardware infrastructure. The product must function with all hardware platforms and operating systems. When changes are made to the hardware infrastructure, the product should not require modification.
  The product must function independently from all application software. Changes to the application should not dictate changes to the product. A one- time modification to the application software may be required to request the user’s identification to the product.
  It must provide a random- number challenge (algorithm) to the product making the call that is in the possession of the caller. The challenge response (one- time password) must be unique for each authentication session. This ensures that the caller has the product in his or her possession each time a call is placed.
  The product must allow encrypted data to be processed. It is not a requirement for this product to perform the encryption.
  The product must accommodate caller mobility. The caller may need to call different processors or locations that are not part of the infrastructure. In addition, the caller may want to place calls from different devices (e.g., a different microcomputer in a different location); therefore, the authentication process must be capable of being relocated.
  The product must provide magnetic and printed reports of audit trail activity. The following data should be included in the audit log: date and time for all access attempts, the line on which the call entered, entry time, disconnect time, reason for disconnect, caller associated with the call, and system violations or other unusual occurrences.
  If the product in the caller’s possession fails, a backup capability should exist that will grant the requester access to the infrastructure. The backup process must be available at all times. The most economical way would be to place a call to the network help desk; the help desk will then grant one-time access on verbal authentication of the requester. This requires a process that will mitigate social engineering.

Exhibit 2. Safe Practices for Mobile Users


1.  Be aware of the surroundings.
2.  Make portable devices inconspicuous.
3.  Shred confidential documents before discarding them.
4.  Lock portable devices out of sight when leaving them unattended.
5.  Hide physical security tokens; do not carry them in the same case with the notebook.
6.  Establish a regular schedule for performing appropriated backup practices.
7.  Select nontrivial passwords.
8.  Change passwords frequently.
9.  Follow the common-sense rule to question whether you are in an appropriate place and time to be working with the company’s information assets.
10.  Most important of all: treat sensitive company information as if it were the combination to your personal safe.


  The process device must provide controlled one-time access for some individuals (e.g., vendors or customers) that is granted by a remote authority. An example of this feature would be a one- time password generator that would relay the challenge and response over the phone. The central unit issues a random challenge number, the hand-held password generator calculates a response through an algorithm using the personal identification number of the requestor, and this unique response is compared to the central unit’s response for that user. If the two responses agree, then access is granted.
  It must support the establishment of alternate dial authentication hot sites when the primary site goes off line for any reason.


Previous Table of Contents Next

Copyright © CRC Press LLC