Client-Library and Server-Library applications can use a security mechanism to perform authentication and per-packet security services. The security mechanism behaves like a clearinghouse through which Client-Library and Server-Library validate information. Figure 6-1 applies to both authentication and per-packet security services.
Figure 6-1: Open Client and Open Server applications using a security mechanism
If an Open Client application requests authentication services, the following process occurs:
Client-Library validates the login with the security mechanism. The security mechanism returns a login record, or token. The security mechanism creates the login token based on which security services are requested.
Client-Library establishes a transport connection with the Open Server application and sends its login token.
Server-Library authenticates the client’s login token with the security mechanism. If the login is valid, the Open Server application establishes a secure connection.
If an Open Client application requests per-packet security services, the following process occurs:
Client-Library uses the security mechanism to prepare the data packet to send to the Open Server application. Depending on which security services are requested, the security mechanism might encrypt the data or create a cryptographic signature associated with the data.
Client-Library sends the data packet to the Open Server application.
When Open Server receives the data packet, it uses the security mechanism to perform any required decryption and validation.
See “Security Features” in the Open Client Client-Library/C Reference Manual for a detailed explanation of the Client-Library’s security features.
