TLS Encryption and You
Transport Layer Security (TLS) keeps our information safe by providing a way to secure and encrypt data used for important and sensitive tasks. TLS can be used to establish an encrypted link between host servers or applications and endpoints. These endpoints can be any electronic device capable of TLS encryption, but is most commonly a device such as a computer, phone, tablet, or Point of Sale terminal. For many of us, TLS knowledge ends with ensuring the web address includes an ‘s’ at the end of ‘http’ when making an online purchase or logging into a website that contains a lot of personal information. Beyond that application, TLS encryption is capable of protecting all kinds of data.
Those with endpoint devices already supporting TLS encryption may find that their host application is incapable of reading TLS encrypted data. This means that data must be received as clear data, unencrypted, and is therefore much less secure. This is where the Futurex Kryptos TLS Server comes in. It acts as a kind of translator, encrypting or decrypting data as necessary for the host application. Hardware security module (HSM) solutions, like the Kryptos TLS Server, are capable of data encryption and decryption from a multitude of sources including: online transactions, POS terminals, encrypted e-mails or even just between two data centers. If the data is transmitted through TCP/IP, it is able to be securely processed by the Kryptos TLS Server.
This type of encryption process is sometimes called link encryption, where data is encrypted or decrypted at each end point (such as between a browser and a web server). The Kryptos TLS Server is a relatively easy way to add an extra level of security for processing your client’s sensitive data. This level of security can significantly minimize risk from eavesdroppers or similar attacks on the data you’re looking to protect.
The following infographic details three scenarios:
- 1. There is no TLS encryption at the data creation point, and therefore the host application receives clear data. This leaves the data vulnerable, unencrypted, and not secure.
- 2. TLS encryption is possible, but the host application can’t interpret the incoming data.
- 3. Kryptos TLS Servers decrypt incoming TLS encrypted data, and the data is unencrypted only on a secure local network, usually inside of a data center. The data is re-encrypted before it leaves, and remains protected.