SIC Magazine / November 2018
The Spanish company vintegrisTECH has presented the latest version of nebulaSUITE, in which it has incorporated new components that make it an “all in one” solution, oriented to the cloud, for the complete business management cycle of secure digital identities. Among the innovations that this suite incorporates, it is worth mentioning the capabilities to discover and generate inventories of digital certificates (nebulaDISCOVER) and manage telematic administrative notifications (nebulaSNE), the achievement of Common Criteria EAL4 + certification, the consolidation of vintegrisTECH as a Qualified Electronics Trust Service Provider under eIDAS, and the availability of nebulaSUITE in Microsoft Azure.
In a global, interconnected and complex world, taking into consideration legal aspects and providing maximum levels of trust and security when managing digital identities is a challenge for organisations.
nebulaSUITE, by vintegrisTECH, is the all-in-one digital identity solution for organisations, which offers much more than digital signatures. This platform, based in the cloud, allows complete management for the life cycle of the digital identity from the workplace or in mobility, providing the entire infrastructure for digital certificates (issuance, renewal, discovery, inventory, centralised management and audit of use), qualified digital signatures and dynamic multi-factor authentication.
Among the innovations of this suite, it is worth highlighting its capabilities to discover and generate inventories of digital certificates (nebulaDISCOVER) and manage administrative telematic notifications (nebulaSNE), the achievement of Common Criteria EAL4 + certification, the consolidation of vintegrisTECH as a Qualified Electronics trust Service provider under eIDAS, and the availability of nebulaSUITE in Microsoft Azure.
Much more than Digital Signatures
Designed for desktop and mobile devices, nebulaSUITE includes:
- A PKI platform and a Certification Authority (vinCAsign).
- A solution for issuance, renewal, discovery, inventory, centralised management and certified digital use audit (nebulaCERT).
- A SaaS platform for discovery and inventory of certificates (nebulaDISCOVER).
- A centralised management system for administrative telematic notifications (nebulaSNE).
- A solution for legally binding digital signatures (nebulaSIGN).
- A solution to manage access to the systems of an organisation (nebulaACCESS).
Certification Authority
vinCAsign, Certification Authority of vintegrisTECH, allows companies organisations to issue their qualified digital certificates with a maximum guarantee of legal compliance, to provide customers, employees and suppliers with digital identities, streamlining business from anywhere.
Management of digital certificates
The nebulaCERT digital certificate management platform allows issuing, renewal, discover, inventory, to centrally manage and audit the use of digital certificates without relying on third parties, and help organisations to have absolute control over their digital certificate ecosystem and avoid economic loss due to expired certificates.
Inventory of certificates
nebulaDISCOVER, one of the additions of nebulaSUITE, is a SaaS platform for inventories for the discovery and monitoring of digital certificates. With this solution, it is possible to discover, audit and monitor all digital certificates and service of an organisation, to give order and save time over manual monitoring.
This capability not only allows identifying the status of the service certificates themselves but also those of third parties that use SaaS to provide communication and B2B services. With an exhaustive control of the status of digital certificates and TLS connections, it will know when a certificate is about to or has expired and if the level of transport is allowing unsafe encryption or protocols, minimalising service failure situations due to a lack of information or control over these aspects.
– nebulaDISCOVER –
Administrative Telematic Notifications System
The centralised management system for telematic administrative notifications nebulaSNE, available only in Spain, is another of the new additions to this suite.
With this solution, it is possible to centralise administrative notifications and comply more efficiently with deadlines.
It is responsible for carrying out inspections and periodic compilations of electronic notifications from the different administrations. Take advantage of the safekeeping of digital certificates in nebulaCERT to automate these verifications and actively warn the people responsible for the latest news and the detected changes.
Legally binding digital signatures
nebulaSIGN allows issuing a legally binding digital signature, based on qualified digital certificates, to accelerate sales cycles and increase the number of transactions. It also supports generating simple, complex and personalised signature workflows, and signing in batch. All these characteristics offer a remarkable saving of time and a reduction of costs for the organisation, especially those related to the paperwork. The signatures comply with the legal regulations eIDAS, ESIGN Act and UETA.
Dynamic multi-factor authentication
Through nebulaACCESS, it is possible to control access to the assets of an organisation, protecting the entire system with double factor authentication and offering a robust level of security (Adaptive MFA). It allows choosing the most suitable method for each user, according to the risk of the data involved and the budget of each corporation.
One of the ideas of using nebulaACCESS is its use as an additional element of the second factor for corporations when it comes to federated authentications in third-party cloud services, such as Google, Office 365, Salesforce, and so forth, taking advantage of SAML integration capabilities.
Nebula engine available as API functions
All of nebulaSUITE’s operations are based on a broad set of functions available in API mode that can be used beyond the tools and applications that compose the suite. The quest for vintegrisTECH is to provide customers with this security framework around digital certificates and robust authentication, so that they can take full advantage of nebulaSUITE’s capabilities for their systems and applications, through a safe and effective operation and simple integration.
– nebulaSUITE Components –
Benefits of a suite for the complete digital identity cycle
The advantages that nebulaSUITE provides to organisations are multiple:
- Efficiency: nebulaSUITE is a unique product that is easy to implement and use. Optimises signature workflows to maximise the effectiveness of a company.
- Improved connections: allows issuing and managing digital certificates with certified security.
- Flexibility: offers the right capabilities to meet your specific challenges in a comprehensive suite. Moreover, it has features that it will need in the future.
- Comfort: the nebulaSUITE functions can be used anywhere, at any time, at work or in mobility.
- Compliance: nebulaSUITE incorporates features to ensure regulatory compliance, such as the eIDAS Regulation, to facilitate organisations’ business with the EU. Plus, it allows compliance with the USA regulations ESIGN Act and UETA.
Full Legal recognition in Europe and USA
The nebulaSUITE platform allows compliance with regulations such as eIDAS (European Union), ESIGN Act and UETA (USA).
In the European Union, Regulation (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market (eIDAS), establishes a common legal framework on the electronic signature for member states through standardisation, contributing to the achievement of a single digital market. Allows the recognition of digital identities and signatures in all EU states, avoiding repudiation and helping to streamline business throughout the Union.
nebulaSUITE offers qualified electronic signatures, based on qualified digital certificates and issued by its Certification Authority, vinCAsign, accredited by the relevant EU authorities. Of all the types of electronic signature recognised by eIDAS, a qualified signature is the only one that acts as a legal equivalent of the “handwritten” signature. Besides, víntegrisTECH has been recognised as a Qualified Provider of Electronic Trust Services, by obtaining the Common Criteria EAL4 + certification (ALC_FLR.2), granted by the National Cryptological Center.
nebulaSUITE complies with ESIGN and UETA, and its digital signature is, therefore, legally valid in the United States.
Recognition of the common criteria EAL4+ certification
The vinCERTcore product, a fundamental part of nebulaSUITE, has been recognised this year with the Common Criteria EAL4 + certification (ALC_FLR.2), awarded by the National Cryptological Center. This certificate has allowed the company to be approved as a qualified provider of trusted electronic services under eIDAS.
The CC level EAL4 + identifies the solutions designed, tested and methodically reviewed rigorously and independently. Since vintegrisTECH was approved in 2016 as a trusted service provider, achieving this certification was the goal to reach to go one step further and establish itself under eIDAS as a qualified provider of trusted electronic services.
See original article (only in Spanish) “vintegrisTECH nebulaSUITE, the all-in-one digital identity platform for organisations“