Basically, all JAMES' own processes are mapped in encrypted form.
This means the following levels in detail:
- Communication between the portal and client via HTTPS
- Communication between terminals (kiosk) and JAMES portals.
- As far as the database is not operated locally on the same machine, the database connect (SSL, TLS) and thus all data transfer between middleware and database backend.
- Remote maintenance via SSHJAMES, however, is usually part of a larger overall system and thus interacts with third-party systems. Regardless of whether JAMES is the client or server for these subsystems, the external system provides the maximum level of security.
For particularly security-relevant systems and only in combination with an internally specified database, the data in the database can also be encrypted at runtime.
Unless otherwise specified, communication is secured with self-issued, self-authenticated certificates. The certificates are issued with 2048 bit strength and AES265 algorithm.
The servers are equipped with TLS 1.2 (TLS 1.3 optionally available), PFS and HSTS. The transmission is preferably done with HTTP2 protocol. A fallback to HTTP 1.1. is provided.
Furthermore, JAMES can participate in a PKI infrastructure specified by the environment. Here, the entire certificate chain is made available and managed by a central office.