Updated: November 1, 2021
Authentication is accomplished primarily by a login and password mechanism. Logins and passwords are only issued after verifying a registered user’s credentials. Users are required to change their password upon initial login and periodically thereafter. Strong passwords are enforced ensuring a minimal length that includes characters, digits and special characters. Passwords are stored encrypted in the database. Users of the SmarTech IMS system also have to trust that they are connecting to SmarTech and not a rogue machine that may be set up to look and act like SmarTech. Server authentication is provided by the use of a server certificate. When a browser connects to the SmarTech system, the browser automatically uses the certificate to verify that it is connecting with the legitimate SmarTech site.
Authorization is the process of granting or denying access to a resource based upon the identity of a user. In the SmarTech system, the authorization model defines what actions individual users and parties can perform. SmarTech defines authorization via the configuration of access control lists, user and company roles and business workflow rules within the system.
Access to the modules in a SmarTech System are configured by a member organization’s system administrator who controls what individual users can see and do.
The SSL (Secure Socket Layer) protocol provides both authentication and trust for exchanging data on the SmarTech Systems. SmarTech’s Server Certificate enables strong (2048-bit) encryption and 256 bit SSL encryption on all communications between a user’s browser and SmarTech’s servers. SmarTech always use SSL to secure the transmission channels and encrypt sensitive data to protect our users.
The integrity of data in a transaction is extremely important to parties involved in it. There needs to be some level of assurance that an unauthorized individual has not altered the information in a transaction. The data must remain exactly as was entered and approved by the different parties involved in the transaction.
SmarTech provides both public key and private key encryption to ensure the data was entered and approved in the original form. No one other than the designated recipient can see or act on the data.
On top of that, we value our user’s privacy, user passwords are never stored in the SmarTech system; instead, only hashed values of the password are persisted. No one with access to the SmarTech system database will be able to find out a user’s password for the purpose of accessing the system.