How does FormsAssurity integrate into my e-commerce / shopping cart system ? Do I need to purchase multiple forms dependent on what the customer orders ?
You only need to purchase a single secure form regardless of how complex your ecommerce system is. A FormsAssurity secure form just replaces your final checkout form where the user enters their personal details and credit card information. Javascript passes the order information over to the FormsAssurity form so that all of the information entered by the customer (what goods they have ordered, price, etc.) is automatically emailed with the secure form.
Let's say you will have a large form, shown on three pages. Any e-commerce system is in fact a large form, deployed on multiple pages. On this system, only the third page (the payment page) will be using the FormsAssurity form applet.
The user completes whatever procedures (selecting products, options, etc) before entering the FormsAssurity enabled form. In order for the form to correctly fill and submit all the important information, the previous page (the one before the FormsAssurity enabled form) needs to use some javascript that passes the form information to the FormsAssurity page. This will contain whatever fields the administrator wants to include into the form applet submission (except of course for the details that the user will fill directly into the FormsAssurity enabled form). The FormsAssurity applet will look for that information and it will handle the nested data. This way, FormsAssurity can be integrated easilty into any e-commerce / shopping card system. For further information please see the product manual.
Can I use my existing forms or do I have to create new ones using your online form generator ?
You can use your existing forms in .html format by importing them into the FormsAssurity's web form generation application. You then have to re-save them in FormsAssurity so that it can create a secure version of the form (associate public key(s) with the form, create an associated java applet, etc.).
Does the end-user have to do anything in order to encrypt the form ?
No. The public key(s) required to encrypt the form are downloaded to the client along with the applet. The user fills in a FormsAssurity form just like any other form and presses the 'Send' button as normal.
How can you be sure no one has tampered with a form before it reaches the user ?
When a form is created by an administrator it is automatically signed by ArticSoft. When a form is loaded into the user's browser, FormAssurity automatically verifies this signature and checks for any changes to the form. If the form has been tampered with, the user is alerted.
Why is FormsAssurity better than SSL ?
Every known security breach of information has always occurred on the server (where it is most vulnerable to attack) and because SSL only encrypts information whilst it is in transit it is left open to attack in the clear on server. FormsAssurity encrypts information whilst it is in transit and storage (no matter where it is sent or stored). Decryption of information only takes place on the administrator's computer at their request.
In addition, FormsAssurity forms are digitally signed so the user knows they have been tampered with when they receive them. Users can also digitally sign forms so the administrator can verify who signed the information and also if it too has been tampered with.
What is the best way for users to digitally sign forms ?
ArticSoft recommend that users obtain a certificate and key from a Certificate Authority. By doing so, the administrator can automatically verify the certificate/key against a root list of Trusted Authorities in FileAssurity OpenPGP.
Users could choose to generate their own self-signed keys using our free reader software but the recipient of the form would have to take it on trust that the person is who they say they are. This may be fine for internal systems however.
Can I enforce users to digitally sign a form ?
Yes. An option in the secure form designer enforces this. When a user is requested to digitally sign a form they are asked for the location to their private key and it's password.
You can also optionally ask users whether they want to digitally sign your secure forms or alternatively never ask the user (so your secure forms will never by digitally signed).
How do user's upload attachments to a form ?
When you create a form you just insert a standard file browse dialog box (provided as one of the form objects). Users can then upload their files using this dialog box.
How are form contents received by the administrator ?
Form contents and any attachments are emailed to the administrator as a file attachment to an email message in .asc format. Encrypted ascii text format (.asc) is used so that form information and any attachments can travel through the firewall. The form is automatically emailed using the public key(s) attached to the form which were attached when the form was created.
FileAssurity OpenPGP, any OpenPGP product or our free reader software can be used to decrypt the .asc files. If you want to automate the decryption of these files you may want to consider purchasing FAOPGP Command Line Scriptor.
Alternatively, form data can be sent using HTTP Post. This can then be decrypted and processed automatically by purchasing optional scripts from ArticSoft.
Can secure forms be sent to more than one email address ?
Yes. You can specify the email addresses you want the secure forms sent to.
How do I decrypt secure forms ?
For forms that have been emailed to you, you can use any OpenPGP compliant software to decrypt the attachments - e.g. FileAssurity OpenPGP free reader, FileAssurity OpenPGP, PGP, GnuPGP, etc. This requires someone to manually decrypt the email attachments.
For forms that have been posted to your server you can purchase scripts from ArticSoft that automatically decrypt and process the form data.
What software do I have to set up on my server ?
None. Just upload the form and applet (jar file) like any other file. When users view the form in their browser, the applet is automatically downloaded to their computer (this performs integrity checking, encryption, and if required digital signing of information).
|
