Security aspects

QUIK Software Package ensures integrity and privacy of the transferred data, by providing secure connection between the workstation and the server. The information transferred between the server and client is encrypted, and can be decrypted only with an access key which is unique for each user. An access key is created by each user and is stored separately from the application, on a removable medium, e.g. a flash card. Therefore, multiple users can work on the same computer with QUIK system installed, each having an individual and confidential access to the data. To avoid unauthorised use of the access key, it is additionally protected with a password.

In addition, QUIK has support for

  1. public/private key authentication;
  2. various two-factor authorisation mechanisms (RSA SecurID or RADIUS authentication, Windows domain authentication) with a PIN code sent to the user via email or, if the Alert dispatch module is installed, to the user's mobile device via an SMS/push message;
  3. logging of all transactions and text messages of the users;
  1. fixed IP-range available for connection to a specific terminal;
  2. individual security settings for each user, selective approach;
  3. transactions signed with a digital signature using certified cryptographic tools such as Message-PRO / Signal-COM, CryptoPro CSP, Validata CSP or Bicrypt.

External Cryptographic Tools

Security capabilities can be enhanced by using external certified cryptographic tools for creating digital signatures (sold separately).

Each user's transaction (new order, request for cancelling an order, non-trade order) can be signed with a digital signature, by using the following cryptographic tools certified by the Federal Security Service:

For Ukrainian companies, QUIK has support for the following cryptographic tools issued by the accredited key certification centres (except where QUIK server is used on managed service basis*):

* — for the companies that intend to use QUIK server on managed service basis to connect to the Ukrainian exchanges, integration with solutions that use digital signature of certified Ukrainian providers is impossible due to the reasons that lie in the Russian and Ukrainian legislation.

For Kazakh companies, support is provided for the cryptographic tools of the following developers:

RSA SecurID

In addition to standard means for authorisation of QUIK Workstation and webQUIK users RSA SecurID® technology can also be used.




Two-factor authentication product designed by RSA Security provides additional protection of QUIK system user’s data from unauthorised access. RSA SecurID solution uses two components for authentication:
  • PIN, a number known only to the user,
  • token-key, a number that the token shows on its display. 
RSA SecurID token is a small hardware device or card with an LCD display showing a number which is changed every minute. The token-key is generated using pseudo-random number generator. Each key is unpredictable, even if the previous key is known.

The user must always keep his token secure. If the token is lost, the person who finds it cannot use it since the PIN is unknown. Similarly, if someone learns the PIN, he will not be able to use it without the token. Moreover, the owner of the token can block it at any time. The token-key can be used only once for authentication. This precludes the possibility of re-using the key in case authentication details have been stolen by an intruder.
img.jpg

Application in QUIK Software Package

To use RSA SecurID technology, one should have RSA ACE/Server software (basic licence) and RSA SecurID Key Fob, Card or PINPad Card tokens. OOO Demos (www.demos.su) is a distributor of RSA Security in Russia.

One dedicated computer is required for deployment of RSA ACE/Server. It is important that this computer and the QUIK server be within the same network segment, and that the computer's clock be synchronised with UTC (e.g. via NTP).

Two-factor authentication can be enabled separately for each client, and does not affect the work of other users of the system. When connecting to QUIK server, the user is prompted to enter his PIN (password) and token-key. The number of attempts is limited. In case an attempt to guess the password is suspected, the communication session is interrupted, and the token is blocked until the administrator takes actions.

To top