Secure Communication
About
The exchange of confidential and mission critical digital information between partners in the automotive industry relies on complete protection from unauthorised access and malicious attacks, whether by unscrupulous competitors or general hackers.
There is widespread misconception that small businesses are unlikely targets for this sort of attack, but data thieves often search out the path of least resistance making it essential that all supply chain actors, large and small, have the necessary tools in place to safeguard their data.
Odette therefore provides a complete toolbox for secure data exchange that is robust enough to provide the total security the industry needs but flexible enough to be used by all sizes of company.
OFTP
The main file transfer mechanism in use today in the automotive industry is the Odette File Transfer Protocol (OFTP). Developed and maintained by Odette, OFTP has been used across the industry since the mid 1980’s and almost all vehicle manufacturers and their suppliers use this protocol to exchange mission critical data with their business partners.
In the early days, OFTP was used via VPNs and over ISDN but the growing availability and capability of the internet made this an increasingly attractive and cost-effective option for the exchange of large volumes of data. Security was, however, still an issue so Odette brought industry experts together to develop an OFTP that could be used over the internet and OFTP2 was introduced to the automotive market in 2010.
Designed from the outset to be used across the internet, OFTP2 offers secure exchange of data using state-of-the-art encryption with PKI infrastructure based on certificates issued by trusted Certification Authorities (CA- see also Trust Service). OFTP2 also allows extremely large confidential files such as CAD drawings to be exchanged with ease and incorporates an automatic restart function in the case of any disruption in transmission.
OdetteSecure
To securely exchange files over the internet using OFTP2, companies must be able to identify themselves uniquely and unambiguously and also be confident that they are communicating with the correct partner.
Odette has developed the OdetteSecure service, as a one-stop shop for the provision of ID Codes and Digital Certificates which ensure secure data exchange across the world.
The OdetteSecure service is trusted by over 5000 companies in more than 70 countries whose users appreciate its high level of flexibility and the availability of multilingual expert support tailored to the needs of all types of automotive company, from OEM to SME.
Trust Service
To work successfully, secure file transfer with OFTP2 relies on an over-arching Trust Service. Odette operates as a Trust Agency according to standards set by the European Telecommunications Standards Institute (ETSI) and provides an essential service helping companies in the automotive industry to meet the challenges of cybersecurity and enabling large scale implementation of secure exchanges of mission critical and confidential data over the public internet.
The Odette Trust Service Status List (TSL) lists those Certification Authorities (CAs) whose Certificate Policy and Certificate Practice Statement are deemed to satisfy the stringent security requirements of the automotive industry. It is automatically accessed thousands of times a day by OFTP2 installations across the world to authenticate the digital certificates used for secure file transfer.
Resources
Security Features to consider when developing APIs
Provides guidelines on how to address security features when developing and implementing APIs. It is not intended as a complete and detailed catalogue of measures but should give interested pares hints and best pracce recommendaons on this topic.
OFTP2 Implementation Guideline
The ODETTE File Transfer Protocol 2 (OFTP2) has become one of the most widely used and trusted protocols for secure information exchange over the internet.
This publication contains comprehensive technical guidelines on implementing and operating OFTP2, including use of digital certificates, archiving and integrating into existing IT infrastructures.
Developer guidelines are included for software vendors who wish to add OFTP2 functionality to their products.
Also includes Recommendation for OFTP2 Partner Data Exchange using XML.
(corrections 2024-02)
OFTP2 Interoperability Testing Service
Test Cases
Odette tests OFTP2 software products against established Test Cases to ensure that the software complies with the OFTP2 specification (RFC5024) and inter-operates successfully with reference implementations of OFTP2.
This document describes the tests that an OFTP2 software must successfully pass in order to obtain the certificate of "OFTP2 Tested Software" from Odette.
Includes OFTP2 Partner Data XML Exchange - Functionality Tests
Security Certificate Exchange (SCX)
This publication details Odette recommendations on establishing trust between business partners by enabling the automated exchange and renewal of digital Security Certificates and the use of a Trust Service Status List (TSL). These recommendations cover processes, interfaces and protocols for certificate exchange, trust and verification and for achieving the security levels required by business partners for data exchange processes in their commercial and product development relationships.
Security and Risk Reduction (S2R)
This publication defines common security policies, measures and techniques to be implemented between partners with regards to security certificate use. The recommendations cover roles and responsibilities, common risk schema and classification of data, basic security requirements, password policies and data privacy considerations for business partners across the supply chain.