R E M E D Y

D
A
T
A
S
H
E
E
T
Remedy >> Action Request System Suite
If your organization is like most, you need to expose
critical AR System applications and data to an increas-
ing number of usersboth inside and outside the
organization. Many of these applications and data deal
with sensitive information. So, it is imperative that you
protect them from unauthorized access by users, not
only from outside the firewall, but from the inside, as
well.According to studies, while the threat of external
hackers is certainly growing, insider security breaches
are also on the rise. For this reason, you need to protect
your sensitive applications and data from all unautho-
rized userswhether internal or external.
The AR System provides a variety of access control
features that protect sensitive applications and data.
Password protection ensures that only authorized
users are permitted to enter the system.And group
permissions restrict authorized users to access only
those system resourcessuch as applications, forms,
fields, and even recordsthat they are authorized
to view or change.
For complete protection, however, you also need
to ensure that sensitive information is protected from
eavesdroppers as it is passed over the wire between
the various components of the system. Secure Sockets
Layer (SSL) encryption encrypts information com-
municated between Web browsers and Web servers,
protecting it from eavesdroppers. In addition, the AR
System supports database vendors encryption mecha-
nisms to protect information communicated between
the AR System server and the database.
Now, with AR System Encryption Products, you
can encrypt the information passed over the wire
between the AR System Server and the other com-
ponents to which it connects, such as Web servers
and AR System clients. So, you can provide complete
end-to-end encryption of informationall the way
from end users to databasesregardless of whether
users are using Web browsers or AR System clients.
As a result, you protect critical information from
eavesdroppers inside as well as outside the firewall.
Protect your sensitive applications
and data from unauthorized
access. Use AR System Encryption
to provide complete end-to-end
encryption of information all the
way from end users to databases.
AR System

Encryption
Bring complete end-to-end encryption to Action Request System

Applications
Remedy, a BMC Software company
Strong Public Key/Private Key Technology
AR System Encryption employs public key encryp-
tion technology to secure the links to the AR System
server.The AR System server generates the public
key and private key and makes the public key available
to AR System clients, which includes Web servers.
The client generates a secret code and uses the pub-
lic key to encrypt it when it sends it back to the AR
System server.The AR System server then decrypts
the secret code and both the client and the server then
generate a symmetrical data encryption key using the
secret code and other data.As a result, the symmet-
rical encryption key is never transmitted over the
wire and is not exposed to eavesdroppers, ensuring
strong security.
Meet a Variety of Security Needs
AR System Encryption is available in three versions
that differ in the strength of their keys.You can select
the version that best meets your security requirements.

AR System Encryption Standard Security.

Uses the Certicom Elliptical Curve Cryptography
(ECC) 163 public key algorithm to generate 56-bit
equivalent public key pairs and the Data Encryption
Standard (DES) data encryption key algorithm to
generate 56-bit equivalent keys.

AR System Encryption Performance Security.

Uses the Certicom ECC 239 public key algorithm
to generate 128-bit equivalent public key pairs and
the RC4 data encryption key algorithm to gener-
ate 128-bit equivalent encryption keys. (Also includes
the Standard Security key technologies.)

AR System Encryption Premium Security.

Uses the Certicom ECC 571 public key algorithm
to generate 2048-bit equivalent public key pairs and
the RC4 data encryption key algorithm to generate
2048-bit equivalent encryption keys. (Also includes
key technologies from Standard and Performance
Security products.)
Usage Scenario
How does it all pull together? If you take the average
end-user accessing an AR System application through
a Web browser or Windows client, theyll now be able
to experience end-to-end data security.
Web
When an end user submits a request through their
IE or Netscape browser, the information theyve sub-
mitted can be encrypted with the Secure Sockets
Layer (SSL), the popular security protocol supported
by most Web servers. From there, the request is sent
from the Web server to the AR System server.With
the AR System Encryption Products, the link between
the servers can be encrypted based on an encryption
level that meets the needs and restrictions of your
company 56-bit equivalent , 128-bit equivalent,
or 2048-bit equivalent public key pairs. Information
from the AR Server to the underlying database can
then be encrypted using the database vendors encryp-
tion model, providing an end-to-end encryption link
along the data route.
Windows
Along the same lines, a user accessing an AR System
application through the Windows user tool can also
send and receive data over an encrypted link to
the AR System server using the new AR System
Encryption Products. From there, the database
vendors encryption takes over to ensure complete
coverage of the data route.
About Remedy
Remedy is your source for Service Management solu-
tions that meet your needs. Remedy, a BMC Software
company, has a successful track record of providing
industry-leading Service Management solutions that
enable organizations to reduce costs, improve quality
of service, and maximize overall operational effec-
tiveness. Remedy automates service-related business
processes through a complete suite of out-of-box best-
practice Service Management applications, including
Help Desk, Asset Management, and Customer Support.
All Remedy applications leverage the highly flexible
Action Request System

, a comprehensive development
environment that delivers business process authoring
capabilities to meet the unique requirements of organ-
izations today and into the future.
Remedy, a BMC Software company. Remedy, the Remedy logo and all other Remedy product or service names are registered trademarks or trademarks of BMC Software, Inc.
2003 BMC Software, Inc. All rights reserved. DS
_
AR
_
ARSEN
_
US01 25945
Remedy Headquarters
2350 Bayshore Parkway
Mountain View, CA 94043 USA
Tel: 650.903.5200
Fax: 650.903.9001
www.remedy.com
Remedy AR System Encryption