www.redseguridad.com / ICT Specialties_Identity and Access / 25/05/2017
Pere Barba. IT Solutions Consultant of VintegrisTECH
VíntegrisTECH launches a proposal based on the creation of the digital identity of devices and applications through the digital device seal. Basing the identity of a device or application on a digital certificate, we will have gained access to services for things, offering a robust level of security.
The Internet of Everything (IoE) is the intelligent connection through the Internet of devices, applications and information as well as of people.
Just as among people, intelligence alone does not create trustworthy communication, organizations need digital identities for their devices and applications to ensure security in their connections for the exchange of sensitive information.
Based on our extensive know-how in managing digital certificates and user authentication, vintegrisTECH has developed nebulaSUITE, a global solution that ensures digital identities and therefore, provides peace of mind for both companies and organizations as well as users when it comes to exchanging information with devices or applications.
Digital certificates associated with devices and applications: key to guaranteeing digital identity
The VíntegrisTECH proposal is based on the creation of the digital identity of devices and applications through the device digital seal (digital certificate associated with a device or application). By basing the identity of a device or application on a digital certificate, we will have gained access to services for things – Internet of Things (IoT) -, offering a robust level of security.
From this perspective, VíntegrisTECH has created nebulaSUITE, which is composed of a PKI platform, a digital certificate management module, an access management module and a document signature module. In this way, organizations can have, in a single product, a solution to create and manage digital identities for their devices and applications, guarantee secure access to the system and validate identity documents from any location.
Creation and management of digital identities
These operations are performed using a PKI platform integrated with the digital certificate management module. The nebulaSUITE PKI platform empowers organizations to issue qualified digital certificates and use them to identify people and devices and has been developed in a way that is fully aligned with the requirements and levels of security provided by Regulation (EU) No. 910/2014 of the European Parliament and the European Council on the 23rd July 2014, concerning to electronic identification and trust services for electronic transactions in the internal market.
The nebulaSUITE PKI allows you to generate the following types of digital certificates:Certificate of Natural Person Linked to an Organization in DSCF.
. Certificate of Natural Person Linked to a Software Organization.
. Certificate of Natural Person Representative of an Organization at DSCF.
. Certificate of Natural Person Representative of a Software Organization.
. Certificate of Natural Person Public Employee of high level.
. Certificate of Natural Person Public Employee of medium level.
. Certificate of Organ Seal for a high level Public Administration.
. Certificate of Organ Seal for a Public Administration of medium level.
. Certificate of Electronic Seal of Legal Person in DSCF.
. Certificate of Electronic Seal of Legal Person in Software.
. Certificate of Seal Device (IoT).
The certificate management module allows you to manage the certificates and control their lifecycle in the cloud or on premise. It ensures the identity of the people and devices that interact in the system, the use they make of their digital identities and the availability of operations.
The robustness of the environment lies in the fact that the certificates are not installed on the workstations: they are encrypted on a server or an HSM, so they are fully protected, which drastically reduces the possibility of subtracting the certificates.
The remote management module of digital certificates allows to define a strict policy of use on the certificates with use permissions, on the basis of user/group of the active directory, time and date, source IP, invoking program, access URL, white navigation web lists for URLs, ability to notify the use of a certificate in the signature process, and reference request capability in the signature process.
The system performs a real-time monitoring of all the operations with its audit functionality, which allows you to know in real time which certificates have been used, who has used them, when and for what they have been used. It also allows you to inventory locally installed certificates on workstations and servers, saving time and resources in manual monitoring. The monitoring system also guarantees the control of the life cycle of the certificates through the functionality of renewal notifications, which eliminates the risk of expiration of the certificates.
The access management module guarantees the identity of each of its users through adaptive multi-factor dynamic authentication technology, both for access to systems and for authorization of operations.
With this component, you can protect your corporate operations without hindering access to authorized users, offering multiple robust authentication options that are easy to use for users, both from their workstation and in mobility. It allows each user to choose the method most closely related to their needs, the risk levels of their data and the budget of their corporation, among the following:
. Digital certificate.
. OTP (One-Time Password) by SMS, e-mail or coordinate card.
. CAPTCHA translation token.
. Token software in mobile application with four OATH authentication systems.
. OTP based on time.
. OTP based on events.
. OTP challenge and numerical response.
. OTP challenge and response based on QR.
. Token hardware with electronic device.
. FIDO U2F Security Key.
The management web site of the module access allows you to comfortably manage your entire authentication environment thanks to a wide range of functionality and automation capabilities.
Signing of documents and approval of operations
The digital signature module in the cloud allows the qualified signature of documents by mobile users, providing the ability to sign and approve documents from the computer, smartphone or tablet through digital certificate and handwritten signature with biometric control. In this way, it enables the authorization of transactions and validation of identity documents for internal users (employees) or external (customers, suppliers, etc.).
The application has a high level of compatibility and allows access from the internet or the corporate intranet with a very convenient distribution based on BYOD (Bring Your Own Device) to facilitate the mobility of users.
The digital signature component simplifies multi-party document approval operations thanks to its workflow capability and enables easy tracking of the process through e-mail notifications at each step. The signature processes are completely customizable and allow among others to include the reasons for rejection in the case of denial of a signature or make co-signatures.
A global solution
The nebulaSUITE integrated suite is a global solution to manage the digital identities of people and devices interacting in the system, control access to the assets of organizations and streamline signature processes, all in a flexible way at any location, and ensures that organizations comply with the European eIDAS directive of electronic signature and seal in their digital transactions, facilitating business both within the EU and between organizations in the EU and the rest of the world.
Pere Barba. IT Solutions Consultant of VintegrisTECH