Message Security Sample Clauses

The Message Security clause establishes requirements and protocols to protect the confidentiality, integrity, and authenticity of messages exchanged between parties. Typically, this involves specifying encryption standards, authentication methods, and procedures for handling sensitive information transmitted via email, messaging platforms, or other electronic means. By setting these standards, the clause helps prevent unauthorized access, data breaches, and tampering, thereby ensuring secure communication and reducing the risk of information compromise.
Message Security. The <MessageSecurity> tag provides the security specifications for the document exchange function. It may be omitted if message security will not be used for this TPA. Message security may be either nonrepudiation or digital envelope or both. Message security applies to all messages in both directions for actions for which message security is enabled. See the discussion of <ServiceSecurity> and <ActionSecurity> below. For each party which is represented by a role parameter in a prototype TPA, the corresponding tags under <Party> must be given values when the role parameter is replaced by an actual name. This must be done under <NonRepudiation> and <DigitalEnvelope>. Nonrepudiation both proves who sent a message and prevents later repudiation of the contents of the message. Digital envelope is an encryption procedure in which the message is encrypted by a secret key and the secret key is sent to the message recipient encrypted with the recipient's public key. The <NonRepudiation> and <DigitalEnvelope> tags are optional. Each must be supplied only if the particular mode will be used. For nonrepudiation, the protocol (e.g. DigitalSignature), protocol version (optional), hash function (e.g. SHA1, MD5) encryption algorithm (see above), signature algorithm (e.g. DSA), and certificate type (see above) must be specified. A public key certificate must be supplied for each party (see below). The <Certificate> tag provides the parameters needed to define the certificates. The <CertType> tag identifies the type of certificate. Examples are X.509V1, X.509V2, and X.509V3. The <KeyLength> tag gives the key length in bits (e.g. 512). All parties must agree on the certificate type and key length. However different type and length may be specified for nonrepudiation and digital envelope. To support nonrepudiation and digital envelope, the TPA must reference the public-key certificate for each party including the arbitrator. Separate certificates can be defined for nonrepudiation and digital envelope. The <Party> tag defines the party-specific parameters. There must be one <Party> subtree for each party. <OrgName> contains an ID reference attribute that points to the corresponding <PartyName> tag. <OrgCertSource> is optional. If present, it provides the URL of a certificate issued by the party itself. <OrgCertSource> can be used only for digital envelope. The <IssuerOrgName> tag under <Party> identifies the certificate issuer, a recognized certificate authority. The value of...
View Source

Related to Message Security

  • STATE SECURITY 4.01 Nothing in this Agreement shall be construed as requiring the Employer to do or refrain from doing anything contrary to any instruction, direction or regulations given or made by or on behalf of the Government of Canada in the interest of the safety or security of Canada or any state allied or associated with Canada.

  • Site Security While providing services at a DSHS location, the Contractor, its agents, employees, or Subcontractors shall conform in all respects with physical, fire, or other security regulations specific to the DSHS location.

  • E7 Security The Authority shall be responsible for maintaining the security of the Authority premises in accordance with its standard security requirements. The Contractor shall comply with all security requirements of the Authority while on the Authority premises, and shall ensure that all Staff comply with such requirements.

  • Portfolio Security Portfolio Security will mean any security owned by the Fund.

  • System Security (a) If any party hereto is given access to the other party’s computer systems or software (collectively, the “Systems”) in connection with the Services, the party given access (the “Availed Party”) shall comply with all of the other party’s system security policies, procedures and requirements that have been provided to the Availed Party in advance and in writing (collectively, “Security Regulations”), and shall not tamper with, compromise or circumvent any security or audit measures employed by such other party. The Availed Party shall access and use only those Systems of the other party for which it has been granted the right to access and use. (b) Each party hereto shall use commercially reasonable efforts to ensure that only those of its personnel who are specifically authorized to have access to the Systems of the other party gain such access, and use commercially reasonable efforts to prevent unauthorized access, use, destruction, alteration or loss of information contained therein, including notifying its personnel of the restrictions set forth in this Agreement and of the Security Regulations. (c) If, at any time, the Availed Party determines that any of its personnel has sought to circumvent, or has circumvented, the Security Regulations, that any unauthorized Availed Party personnel has accessed the Systems, or that any of its personnel has engaged in activities that may lead to the unauthorized access, use, destruction, alteration or loss of data, information or software of the other party hereto, the Availed Party shall promptly terminate any such person’s access to the Systems and immediately notify the other party hereto. In addition, such other party hereto shall have the right to deny personnel of the Availed Party access to its Systems upon notice to the Availed Party in the event that the other party hereto reasonably believes that such personnel have engaged in any of the activities set forth above in this Section 9.2(c) or otherwise pose a security concern. The Availed Party shall use commercially reasonable efforts to cooperate with the other party hereto in investigating any apparent unauthorized access to such other party’s Systems.