QUIK Software Package ensures integrity and privacy of transmitted data, by providing secure connection between the workstation and the QUIK server. All information is transmitted between the server and a client in encrypted form.
Broker’s tools for encryption and authentication
- Authentication and encryption with standard TLS/SSL protocols
Authentication may be done by name and password, or by X.509 certificate issued for a personal private key generated by user.
- Use of certified GOST algorithms generated by systems of cryptographic data protection CryptoPRO CSP and/or SignalCom SSLPro
Authentication is done by X.509 certificate issued for a personal private key generated by user. The key may also be stored on more protected external carriers – ’pendant’ memory devices (JaCarta, eToken, ruToken, etc.).
- Cryptographic tools by ARQA Technologies
Public and private keys are generated by users and may be password protected. Private keys are kept separately from the software, for example, on a flash card. Authentication is done by public user key, encryption — by symmetric private key.
In addition, QUIK has support for
- various two-factor authorisation mechanisms (RSA SecurID or RADIUS authentication, Windows domain authentication) with a PIN code sent to the user via email or, if the Alert dispatch module is installed, to the user's mobile device via an SMS/push message;
- logging of all transactions and text messages of the users;
- fixed IP-range available for connection to a specific terminal;
- individual security settings for each user, selective approach;
- transactions signed with a digital signature using certified cryptographic tools such as Message-PRO / Signal-COM, CryptoPro CSP, Validata CSP or Bicrypt.
External Cryptographic Tools
Security capabilities can be enhanced by using external certified cryptographic tools for creating digital signatures (sold separately).
* — for the companies that intend to use QUIK server on managed service basis to connect to the Ukrainian exchanges, integration with solutions that use digital signature of certified Ukrainian providers is impossible due to the reasons that lie in the Russian and Ukrainian legislation.
- PIN, a number known only to the user,
- token-key, a number that the token shows on its display.
The user must always keep his token secure. If the token is lost, the person who finds it cannot use it since the PIN is unknown. Similarly, if someone learns the PIN, he will not be able to use it without the token. Moreover, the owner of the token can block it at any time. The token-key can be used only once for authentication. This precludes the possibility of re-using the key in case authentication details have been stolen by an intruder.