Data Encryption
It is important that data transmitted to and from the Origination system be protected from interception, capture, and tampering. Origination protects the flow of data from users PCs to the Baker Hill application servers via 128-bit secured-socket layer (SSL) data encryption. The 128-bit encryption is the strongest permitted by U.S. law, and requires the use of the High Encryption Pack version of Microsoft Internet Explorer 5.50 or higher to access the Origination site.

HTTPS is used for all connections between the Internet and Origination. Additionally, the SSL-based network security includes a VeriSign Server ID, also known as a digital certificate. The VeriSign certificate assures customers that their data is fully shielded from access in transit. Also based on 128-bit encryption, a VeriSign digital certificate is the industry standard, and can be neither forged nor decoded with current or foreseeable
technology. For more information on SSL and VeriSign, please visit http://www.verisign.com.

Physical Security
Baker Hill has chosen n|Frame for the co-location site for Origination. n|Frame, located just a couple of miles from Baker Hills Carmel office, is a leading provider of high-end Internet backbone and co-location for businesses in the Midwest. With direct optical connections to major exchanges and network providers, n|Frame delivers premium services and technology along with the experienced staff necessary to maintain critical data connections.

n|Frame was designed as a state-of-the-art communication infrastructure consisting of 40,000 square feet, with the capacity to expand up to 100,000 square feet. The highest levels of security and safety are in place, including redundant systems for power, climate control, security and FM200 fire suppression. Raised floors were implemented to allow for superior ventilation, as well as flood protection. Baker Hill has 24/7 access to the space, which is monitored by multiple surveillance cameras.

User Authentication
Origination enforces user authentication to securely control access to the financial institutions site. Users enter a unique username and password, which are then sent over a secure connection and matched with the appropriate fields in the financial institutions user table within SQL Server. Passwords are stored in an encrypted state to further ensure the privacy of each password; they are not stored on a clients PC. Origination provides each financial institution with further username and password protection by allowing each Origination Administrator to define several specific parameters regarding username length, password length, password uniqueness, age, characteristics, auto-account lockout, auto-account disabling, and a password hint scheme.