Cryptographic services ensure that Cognos 8 communications and sensitive data are secure. Encryption is used to secure
static data
temporary data
transient data
Two categories of encryption strength are available for Cognos 8. Basic encryption is the standard Cognos cryptographic service included with Cognos 8. If an assessment of your security risks indicates a need for stronger cryptographic services, you can replace the standard Cognos cryptographic services with one of the enhanced encryption modules.
For more information, see Configuring the Cryptographic Environment.
Cognos 8 relies on the functionality of a certificate authority (CA) to provide cryptographic services. By default, Cognos 8 provides a simple built-in CA. You may choose to disable it and use a third-party CA. You can use any third-party CA that generates Base-64 encoded X.509 certificates. For more information, see the Installation and Configuration Guide.
The Cognos standard cryptographic provider, which uses Standard OpenSSL, is included with Cognos 8. It includes the following:
secure sockets layer (SSL) services
The SSL protocol is used to secure communication between Cognos 8 components installed on the same computer or on different computers.
trusted requests on BI bus messages
Signatures are used to digitally sign some messages to ensure that they come from a recognized Cognos 8 service.
encryption of the deployment process
Symmetric algorithms are used to encrypt and decrypt data in the export and import processes.
encryption of temporary files
Symmetric algorithms are used to encrypt and decrypt temporary files.
Data stored in the database depends on database security to protect it.
The standard Cognos cryptographic provider uses an encryption mechanism with keys up to 56 bits. Use it either with the built-in certificate authority (CA), or with a third-party CA.
If you require stronger security, you can replace the standard Cognos cryptographic provider with a module that provides enhanced encryption.
Enhanced encryption modules are available from Cognos. They are packaged separately to adhere to government regulations controlling the export of cryptographic software.
You can add enhanced encryption after you start using Cognos 8 with standard encryption. However, after you install enhanced encryption and configure Cognos 8 to use it, you cannot return to standard encryption.
This module uses encryption algorithms with a key size up to 168 bits for symmetric encryption operations.
You can use the Enhanced Encryption Module for OpenSSL either with the built-in Cognos 8 certificate authority (CA) or with a supported third-party CA. To use a third-party CA, you must purchase and install appropriate software before you install and configure the Enhanced Encryption Module for OpenSSL.
This module uses encryption algorithms with a key size up to 168 bits for symmetric encryption operations.
If you choose the Enhanced Entrust encryption provider, you must purchase and install an Entrust Public Key Infrastructure (PKI), which includes its own CA. The PKI must be available before you install and configure the Enhanced Encryption Module for Entrust.