A multi-billion dollar division of government contractor asked to license software from Clockwork and beyond that required data to be encrypted both at rest and in transit. The company requested a device-agnostic solution for Clockwork’s software as long as the user’s access is authenticated and the data is encrypted and delivered in a secure manner. To provide requested level of encryption along with requested custom functionality, we decided to provide a stand-alone product the client could use as needed with the organization’s other software applications instead of just embedding this function within Clockwork’s software.
Client required data to be encrypted both at rest and in transit for a Clockwork licensed application. First, we provided research regarding Encryption and Authorization Methodologies: Evaluation of symmetric and asymmetric cryptosystems, Asymmetric: Diffie-Hellman key exchange technique, SHA-1, and Triple DES; Symmetric: shared key, Rijndael algorithm.
To accomplish, and provide a value-added product for the client, we created a stand-alone encryption module using REST API web services and MongoDB that could be used not only for the Clockwork licensed software, but could “plug in” to any software at the company via web services to encrypt and decrypt any data passing through the module.
- Research regarding Encryption and Authorization Methodologies & evaluation of asymmetric and symmetric cryptosystems
- Authorizing transactions to ensure the requesting client is a trusted user of the application
- Created custom software module that encrypted data at rest and in transit
- Solution used REST web services APIs, MongoDB
- Solution could be used with any application that could pass data through the module via web services, thereby enabling encryption in other applications within the company as well as with software from Clockwork
Created solution beyond the client’s requirements by delivering stand-alone module that could be used both with Clockwork licensed custom software application but could also be used elsewhere in the company.