CSE498, Collaborative Design, Fall 2017
Computer Science and Engineering
Michigan State University

Symantec Corporation is a global leader in the cybersecurity industry, unifying cloud and on-premises security to protect users, information, messaging and the web.

As companies move their critical data from behind their own firewalls to running in the cloud, they must add additional layers of security to protect their data. One layer added is that of Symantec’s VIP, which is a popular multi-factor authentication tool used during the login process.

When a company purchases VIP, they are given access to a web interface that enables the company to integrate and secure their services. To access the VIP web interface, software developers currently must form web requests—that is, messages sent over the internet—using a traditional web messaging protocol called Simple Object Access Protocol (SOAP).

Our Secure Application Layer API Proxy simplifies access to the existing SOAP web interface by introducing a more modern one. We leverage a more efficient, flexible and easier to use protocol called Representational State Transfer (REST). Our proxy accepts REST-style web requests and converts them to a SOAP format for VIP. Once the proxy receives a SOAP response back from Symantec's already existing systems, it sends that response back to the user in a REST format. Most importantly, our service preserves the superior level of security that VIP guarantees its customers throughout this process.

Our Secure Application Layer API Proxy is written in C# using the .NET framework and uses signed JSON Web Tokens (JWT) for secure communication between the proxy and end user.