PASSPORT SSL Telnet Client

Telnet secured using SSL can be critical for those organizations that use TN3270E or TN5250E across the Internet to access sensitive data on corporate mainframes.

Download PASSPORT for SSL Telnet

Transport layer security (TLS) is another cryptographic protocol that can be used to secure transmissions between the TN5250 server and client. TLS is based on SSL version 3, and the two protocols are decidedly similar. PASSPORT supports both SSL and TLS.

Establishing an Encrypted Connection

When establishing an SSL or TLS secure session, the following steps occur:

1. Authenticate the server to the client.
2. Allow the client and server to select the cryptographic algorithms, or ciphers, that they both support.
3. Optionally authenticate the client to the server.
4. Use public-key encryption techniques to generate shared secrets.

Server authentication allows a user to confirm a server's identity. SSL and TLS-enabled client software can use standard techniques of public-key cryptography to check that a server's certificate and public ID are valid and have been issued by a certificate authority (CA) listed in the client's list of trusted CAs. This confirmation might be important if the user, for example, is sending a credit card number over the network and wants to check the receiving server's identity.

The client encrypts the premaster secret with the server's public key. Only the corresponding private key can correctly decrypt the secret, so the client has some assurance that the identity associated with the public key is in fact the server with which the client is connected. Otherwise, the server cannot decrypt the premaster secret and cannot generate the symmetric keys required for the session, and the session will be terminated.

Public Key Cryptography

Public key cryptography assures private and secure data transmission through two processes: authentication and encryption. Authentication ensures that the data sender is exactly who or what it claims to be. Encryption, the most effective way to achieve data security, is the process of translating data into a secret code.

Public and Private Keys

Authentication and encryption use digital codes called "keys" - a public and a private key. The public key is used to encrypt messages, and the corresponding private key is used to decrypt them. It is important to note, however, that despite their symbiotic association, it is virtually impossible to infer the private key if you know the public key.

The public key has two major functions: validation and data encryption. As its name suggests, the public key is openly published to any party requesting one of these two functions.

The private key on the other hand, is necessary for encrypting data (also called signing) and for decrypting. Unlike the public key, this key is closely guarded.

Digital Certificates

Digital certificates are a standard way of binding a public key to a name. In order to provide a digital certificate, the data sender must apply for a digital certificate from a Certificate Authority (CA) such as VeriSign. This way, the CA acts as a neutral third party that verifies the data sender is who or what they claim to be. Once this information is verified, the CA can issue a public key certificate for that party to use. The most commonly used standard for digital certificates is X.509. A universal standard of this sort is necessary because in order to send encrypted data, you must know the recipient's public key.

PASSPORT SSL Telnet Client Options

There are actually two PASSPORT SSL telnet client suites, each offering a different method of deployment.

PASSPORT PC to Host® is a desktop-based SSL telnet client that includes TN3270E and TN5250E SSL clients, as well as VT/100, VT/220, SCO ANSI and FTP clients. This product is similar to other desktop-based Windows programs. PASSPORT is installed with a Windows setup program. It can also be deployed using SMS, MSI, Citrix or Microsoft Terminal Server.

PASSPORT Web to Host® is a web-based SSL telnet client that includes TN3270E and TN5250E SSL clients, as well as VT/100, VT/220, SCO ANSI and FTP clients that are deployed from a web server. The SSL telnet client is installed on a web server and provides an administrator program for centralized configuration and administration. All software and configuration files reside on the web server. When the terminal emulator is run, an ActiveX applet is downloaded from the web server to the client desktop and run inside of Internet Explorer. The ActiveX component is only downloaded the first time a session is launched, or whenever the server version of the ActiveX component changes to a newer version. The ActiveX client running inside Internet Explorer makes a direct connection to the DEC, UNIX®, or other host system.

Quicktrial or Download Options

There are two ways to evaluate the PASSPORT SSL telnet client for secure host access: either download a copy of the software or do a Quicktrial of the PASSPORT Web to Host® application. With Quicktrial, there is no server installation, you simply download the client from our web server. This is a fast and easy way to look at the PASSPORT Web to Host® software. For those that want to install the PASSPORT Web to Host® software on their own web server, you can download the full working copy of the software and complete a full evaluation.