SIC Magazine / Nº 125 / Page: 114 / June 2017
nebulaSUITE: Global solution to manage the Digital Identity and the Internet access of Everything.
nebulaSUITE is a global security solution for the Internet of Everything developed from the approach of associating digital certificates to devices and applications with the aim of providing them with a digital identity, so that the exchange of data with them becomes reliable. In this objective, the comprehensive solution comprises a PKI platform that, integrated in a certificate management module, allows the issuance of qualified digital certificates and use them to identify people and devices, as well as an access management module and a digital signature platform. The solution is aligned with the European eIDAS directive of electronic signature and seal.
The Internet of Everything or, what is the same, the intelligent connection of devices, people, applications and information over the internet, makes it necessary to establish a reliable communication that guarantees the identity of all transmitters and receivers of data, whether these are people or devices. In response to this need, and based on an extensive know-how in digital certificate management and user authentication, vintegrisTECH has developed nebulaSUITE, a global solution that ensures digital identities and manages access on the Internet of Everything and therefore, provide peace of mind to both companies and organizations as well as users, when it comes to exchanging information with devices or applications.
The vision of vintegrisTECH: digital certificates associated with devices and applications
The vintegrisTECH solution is based on the following approach: to ensure the security and correct use of the services consumed by a device, it is necessary to create the digital identity of devices and application. The digital device seal (or, as is the same, a digital certificate associated with a device or application) is the safest way to guarantee that identity.
Therefore, if we base the identity of a device or application on a digital certificate, we will have gained access to services of things (Internet of Things) offering a level of robust security.
From this perspective, vintegrisTECH has developed the nebulaSUITE global solution, which consists of four parts: a PKI platform, a digital certificate management module, an access management module and a document signature module.
Secure management of digital identities through digital certificates
nebulaSUITE has a PKI platform that empowers organizations to issue qualified digital certificates, and use them to identify people and devices. The platform has been developed in a way that is fully aligned with the requirements and levels of security regulated by The European Parliament and of the Council Regulation (EU) No. 910/2014 of July 23rd 2014, concerning electronic identification and services of trust for electronic transactions in the internal market.
The nebulaSUITE PKI platform integrates with the certificate management module and allows the generation of eleven types of digital certificates, including Certificate of a natural person representative of an organization, Certificate of natural person public employee, Certificate of organ seal for a public administration, Certificate of electronic seal of legal person and Certificate of device seal.
The certificate management module allows you to manage certificates and control your lifecycle “on-premise” or “on-the-cloud”. In this way, it guarantees the identity of the people and devices that interact within the system, the use made of their digital identities and the availability of the operations. To do this, it allows you to define strict usage policies on certificates by user / group usage permissions of the active directory, time and date, source IP, invoking program, access URL, web browsing whitelists for URLs , ability to notify the use of a certificate in the signature process and reference request capability in the signature process.
The system performs a real-time monitoring of all operations with its audit functionality, which allows you to know in real time the use of your organization’s certificates: what certificates have been used, who has used them, when they have been used and for what purpose they have been employed. The monitoring system also provides control over the life-cycle of certificates through the functionality of renewal notifications, eliminating the risk of expiration of certificates.
The access management module guarantees the identity of each of the users through adaptive multi-factor dynamic authentication technology, both for access to systems and for authorization of operations. The system allows each user to choose the method of authentication most closely related to their needs, the risk levels of their data and the budget of the corporation.
With this component, it is possible to protect the corporate operative without harming the access to the authorized users, offering multiple options of robust authentication of simple use for the users, both from its workstation and in mobility: digital certificate; OTP (One-time-Password) by SMS, e-mail or coordinate card; CAPTCHA translation token; Token software in mobile application with four OATH authentication systems; Token hardware with electronic device and FIDO U2F Security Key, among others.
The management web of this module allows comfortable management of all the authentication environment thanks to its wide range of functionalities and authentication abilities.
Digital Signature Management
The digital signature module in the cloud guarantees the security of the document signing operations by mobile users, providing the ability to sign and approve documents from the computer, smartphone or tablet by digital certificate, handwritten signature with control Biometric and/or OTP validation. In this way, it allows the authorization of operations and validation of identity documents for internal users (employees) or external users (clients, providers, etc.)
The application has a high level of compatibility allowing access from the Internet or corporate Intranet and offers a very convenient distribution based on BYOD to facilitate the mobility of users. The digital signature component simplifies the operations of document approval by several signatories thanks to its workflow capability, also allows easy tracking of the process through e-mail notifications at each step. The signature processes are completely adaptable and permits, among other benefits, the realization of co-signatures.
The nebulaSUITE integrated suite is a global solution to manage the digital identities of people and devices interacting within the system, control access to the assets of organizations and streamline signature processes, all in a flexible way and from any location, with the maximum guarantees of legal compliance.
Pere Barba, IT Solutions Consultant of VíntegrisTECH