innovative technology services
Security
Secure websites
In theory, a third party could intercept sensitive information (e.g usernames, passwords, etc) at some point on the network when it is transmitted across the Internet from the users web browser to the server. To prevent this, some form of encryption can be used so that even if someone intercepts the data they cannot decode it back to the original username and password. The standard encryption system for the Web is SSL (Secure Socket Layer). SSL (developed by Netscape) uses a form of public key encryption, where the information which can can be encoded by the browser.
The Athens Access Management Service uses 128 bit encryption to ensure that information is virtually impossible to read for anyone unless they have the relevant 'key' or password.
A server certificate is a piece of digitally-encrypted information that lets the browser know what organisation it is accessing. To prevent people just making up certificates and pretending to be official organisations, certificates can be obtained from a certificate authority, who use their position as a third-party to verify that the organisation using the certificate is who they say they are.
Various certificate authorities can be used but unless they are recognised by the browser manufacturers they will either be rejected when a user tries to connect or the user will be given a long sequence of warning screens.
Athens uses SSL to protect the information recorded in the database, and is registered with Thawte, a recognised certificate authority.
Use of Athens accounts in multiple countries
As part of the Eduserv Athens security infrastructure, Athens user accounts that are being used in more than one country are monitored to detect potential cases of misuse. An Athens account is automatically disabled if:
- it has been used in three or more countries within a twenty four hour period
- it is detected being used in more than one country on ten or more separate occasions
Athens administrators controlling these accounts are e-mailed with the following information:
- account username(s)
- date and time of each login
- IP address or hostname used
- country that IP address or hostname is considered to be in
The unauthorised usage of Athens-protected resources contravenes:
- the Athens user terms and conditions
- any similar policies for your organisation
- the licence conditions of each resource that the Athens account has access to. In certain circumstances, misuse of an Athens account could lead to a data service provider withdrawing access to their service(s) for all users at an organisation.
Please read our additional information about the monitoring of use of Athens accounts in multiple countries.