Red Seguridad (Magazine) / IoT opinion / Pages: 48-49 / Second quarter 2017
The Internet of Everything (IoT) is the intelligent connection of devices, people, applications and information over the Internet.
In the same way that among people intelligence alone does not create trustworthy communication, organizations need digital identities for their devices and applications that guarantee security in their connections for the exchange of sensitive information.
Based on an extensive know-how in digital certificate management and user authentication, vintegrisTECH has developed nebulaSUITE, a global solution that ensures digital identities and manages access on the Internet of Everything and therefore, provide peace of mind to both companies and organizations as well as users, when it comes to exchanging information with devices or applications.
The vintegrisTECH proposal is based on the creation of the digital identity of devices and applications through the digital device label (digital certificate associated with a device or application). Basing the identity of a device or application on a digital certificate, we will have gained access to services for things – Internet of Things (IoT) -, offering a robust level of security.
From this perspective, vintegrisTECH has created nebulaSUITE, which consists of a PKI platform, a digital certificate management module, an access management module and a document signature module. In this way, organizations can have, in a single product, a solution to create and manage digital identities for their devices and applications, ensure secure access to the system and validate documents with identity assurance from any location.
Identity creation and management
These operations are performed using a PKI platform integrated with the digital certificate management module. The nebulaSUITE PKI platform empowers organizations to issue qualified digital certificates and use them to identify people and devices. The platform has been developed in a way that is fully aligned with the requirements and levels of security that is provided by Regulation (EU) No. 910/2014 of The European Parliament and of the Council of July 23rd, 2014, concerning electronic identification and services of trust for electronic transactions in the internal market.
The nebulaSUITE PKI allows you to generate the following types of digital certificates:
· Certificate of Natural Person Linked to an Organization in DSCF.
· Certificate of Natural Person Linked to a Software Organization.
· Certificate of Natural Person Representative of an Organization at DSCF.
· Certificate of Natural Person Representative of a Software Organization.
· Certificate of Natural Person Public Employee of high level.
· Certificate of Natural Person Public Employee of medium level.
· High-level body seal certificate for Public Administration.
· Mid-level body seal certificate for Public Administration.
· Certificate of Electronic Seal of Legal Person in DSCF.
· Certificate of Electronic Seal of Legal Person in Software.
· Certificate of Seal Device (IoT).
The certificate management module allows you to manage certificates and control your lifecycle “on-premise” or “on-the-cloud”. In this way, it guarantees the identity of the people and devices that interact within the system, the use made of their digital identities and the availability of the operations.
The robustness of the environment lies in the fact that the certificates are not installed on the workstations: they are encrypted on a server or an HSM, so that they are fully protected, which drastically reduces the possibility of subtracting the certificates.
The remote management module of digital certificates allows you to define strict usage policies on certificates by user / group usage permissions of the active directory, time and date, source IP, invoking program, access URL, web browsing whitelists for URLs, ability to notify the use of a certificate in the signature process and reference request capability in the signature process.
The system performs a real-time monitoring of all operations with its audit functionality, which allows you to know in real time the use of your organization’s certificates: what certificates have been used, who has used them, when they have been used.
It also allows you to inventory locally installed certificates on workstations and servers, saving time and resources in manual monitoring. The monitoring system also provides control over the life-cycle of certificates through the functionality of renewal notifications, eliminating the risk of expiration of certificates.
The access management module guarantees the identity of each of the users through adaptive multifactor dynamic authentication technology, both for access to systems and for authorization of operations. The system allows each user to choose the method of authentication most closely related to their needs, the risk levels of their data and the budget of the corporation.
With this component, it is possible to protect the corporate operative without harming the access to the authorized users, offering multiple options of robust authentication of simple use for the users, both from its workstation and in mobility. It allows each user to choose the method of authentication most closely related to their needs, the risk levels of their data and the budget of the corporation, among the following:
· Digital certificate.
· OTP (One-Time Password) by SMS, e-mail or coordinate card.
· CAPTCHA translation token.
· Token software in mobile application with four OATH authentication systems.
· OTP based on time.
· OTP based on events.
· OTP challenge and numerical response.
· OTP challenge and response based on QR.
· Token hardware with electronic device.
· FIDO U2F Security Key.
The management web of this module allows comfortable management of all the authentication environment thanks to its wide range of functionalities and authentication abilities.
Signing and approval
The digital signature module in the cloud allows the qualified signature of documents by mobile users, providing the ability to sign and approve documents from the computer, smartphone or tablet through digital certificate and handwritten signature with control Biometric. In this way, it allows the authorization of operations and validation of documents with guarantee of identity for internal users (employees) or external (customers, suppliers, etc.).
The application has a high level of compatibility allowing access from the Internet or corporate Intranet and offers a very convenient distribution based on BYOD to facilitate the mobility of users. The digital signature component simplifies the operations of document approval by several signatories thanks to its workflow capability, also allows easy tracking of the process through e-mail notifications at each step. The signature processes are completely adaptable and permits, among other benefits, the realization of co-signatures.
The set of integrated modules in nebulaSUITE provides a comprehensive solution for managing digital identities of people and devices that interact in the system, controlling access to the assets of organizations and streamline processes firm, all, flexibly and from any location. It also guarantees organizations compliance with the European eIDAS directive of electronic signature and seal in their digital transactions, facilitating business both within the EU and between organizations in the EU and the rest of the world.
Pere Barba, IT Solutions Consultant of VíntegrisTECH