If data requiring an extremely high degree of security is to be transferred, it is important to subject the respective partner system to a reliable identity check (“authentication”) before the transfer. The two openFT instances engaged in the transfer can perform mutual checks on one another, using cryptographic resources to determine whether they are connected to the “correct” partner instance.

To this end, openFT supports the following addressing and authentication concept:

• the addressing of openFT instances via network-wide, unique instance IDs:

  For the local system, these IDs are defined using an operational parameter. Instance IDs of partner systems are stored in the partner list. openFT administers the resources assigned to these partners, such as request waiting queues and cryptographic keys, with the aid of the instance IDs of the partner systems.

• the exchange of partner-specific key information:

  The FT administrator can prepare RSA key pair sets, each of which consists of a private and a public key, for each local openFT instance. In order that one’s own openFT instance can be authenticated in the partner system, the appropriate public key must be made available to the partner system. This should take place via a secure path.

For more details, please refer to section “Authentication”.