| |
|
|
"Powering Expert Auctions"
There are many different forms of security implemented in the OptimalCommerceTM Software platform. They include physical security for the hosted environment, Network security for the hosted application, application level security strictly controlling access to the server with secure and encrypted login procedures for all users, database level security, and the use of code keys for support or backup bidding assistance.
Physical Security
Physical security is necessary to assure the integrity of an auction event. Optimal Auctions restricts access to both its primary and secondary systems and limits the number of authorized administrative users of the software.
Network Security
Network security for the OptimalCommerceTM Software system is provided through hardware firewalls and intrusion detection software. Additionally, the hardware and software have been ?hardened' according to a detailed security checklist that assessed all of the potential security holes in all of the supported components. The checklist is a detailed articulation of all of the components and the known security holes. Optimal Auctions retains a third-party who specializes in security auditing the application.
Application Level Security
The software utilizes payload (traffic) encryption between the server and the client with authentication provided by electronic key from an authorized electronic key issuer. Payload security is provided by Secure Socket Layer ("SSL") session level encryption between the server and the browser.
Client sessions are also authenticated with encrypted passwords in accordance with industry standard procedures for ensuring controlled and secure access.
The application server monitors user sessions to ensure no unauthorized access can occur. It also strictly controls access based upon user roles so that even authenticated users can't access data to which they are not entitled.
Database Level Security
We utilize a secure database server providing strict access control to all data objects by way of secure authentication. We configure this server to strictly limit access to the minimum required by our application server.
Code keys
Alphanumeric code keys are generated by Optimal Auctions and distributed to bidders with their information packets. These keys are to be used to authenticate users when they call the Auction Support line for technical or backup bidding assistance. The codes are not reproducible and can only be used once.
|
|
