Solutions for data protection within the organization’s processing infrastructure and implementation of security mechanisms that assure a high level of protection:
· Implementation of the organization’s Public Key Infrastructures (PKI) - digital certificate management, real-time certificate validation and time stamping: certSAFE
· Safe user authentication
○ Authentication server: gateSAFE
○ Authentication via mobile devices: mLogin and digitalID
· Non-repudiable electronic mail: emailerSAFE
· Systems to create eIDAS-compliant qualified electronic signature: Paperless
· Cryptographic solutions for systems with special security requirements: Uranus, MSD2005
certSAFE® is a modular application that provides the elements necessary to create a wholesome public key infrastructure (PKI), together with the pertaining security services:
· management of the digital certificates within the organization – certSAFE® CA (Certification Authority);
· implementation of the online validation and verification of the certificate status – certSAFE® OCSP (Online Certificate Status Protocol);
· implementation of its own time stamp service – certSAFE® TS (Time Stamp) - to assure the non-repudiation of the electronic information through time stamping;
· recovery mechanism of the private keys of the encryption certificates – certSAFE® KRM (Key Recovery Module);
· interconnection via cross-certification with the public key infrastructures of other organizations - certSAFE Bridge CA.
certSAFE® is accredited for the protection of classified information at NATO and national level, being included in the NATO Catalogue (NIAPC - NATO Information Assurance Product Catalogue) and in INFOSEC National Catalog with packages, products and protection profiles published by the Romanian National Security Agency (ORNISS).
gateSAFE® is a software product used for web application authentication, authorization and access management. gateSAFE® has a modular architecture that allows the parallel functioning of several servers needed to respond to a large number of connections and provides functionalities for:
· implementation of the users' authentication mechanisms via a single access point (Single Sign On – SSO);
· single authentication for digital certificate-based access to resources for the users of the applications;
· integration with advanced security services: online verification of the authentication digital certificates, of the directory services and of the time stamping services;
· secured connections between the client and the server within unsafe networks (SSL 128 bits);
· management of the access to the services used by the users or the clients;
· monitoring of the connection and of the users' traffic, activity traceability;
· web services securing.
EmailerSAFE SE is a software product used to secure the electronic mail, whose read receipt is legally binding. emailerSAFE® guarantees that an email has been sent by the sender and has been received by the recipient, a fact that cannot be denied afterwards. The messages you exchange with your partners contain critically important information that could influence your business.
emailerSAFE® has mechanisms for:
· guaranteed safe identification of the sender and of the recipient based on a X.509v3 digital certificate;
· guaranteed message integrity, authentication, nonrepudiation and confidentiality;
· sending and receipt proof of the time stamped messages in order to ascertain the moment the message was sent/received;
· visualization, at all times, of the message status.
mLogin is a component used to authenticate users in certSIGN's digital certificate-based authentication and access to mobile devices solution, together with:
· digitalID – used to get the digital certificate on mobile devices
· mSign – application to create electronic signatures via mobile devices
The mLogin application provides the functionalities necessary for users' authentication on workstations, to web application, using a mobile device (where the digital certificate is stored) and digital certificates (issued by the Certification Authority, directly on the mobile device).
Thus, when the user uses the digital certificate stored on the mobile device, a two-factor authentication mechanism is in place:
· what the user owns: the mobile device;
· what the user knows: the password or the PIN-ul to authorize the access to the private key associated with the digital certificate.
The digitalID application is a mature software solution used for the authentication on mobile devices that allows a user to get a x509 digital certificate from a Certification Authority (CA -Certification Authority) directly on a mobile device. It also allows the storing of the keys and of the digital certificate both as software in the operating system of the mobile device and hardware on a secured device attached to the mobile terminal. Consequently, the user's authentication will be performed using the digital certificate stored on the mobile device.
CERTSIGN PAPERLESS - REMOTE SIGNATURE
Paperless is a solution for creating remote electronic signatures and for verifying signatures. Documents electronically signed using Paperless are tie stamped.
The product is accredited as QSCD (Qualified Signature Creation Device) in accordance with EU Regulation no. 910/2014 (eIDAS).
The main advantage of using remote electronic signature, compared to using digital certificates stored on cryptographic tokens, is that it is much easier to use, since certificates can be accessed from any device, without the need for driver installation or USB token connection.
The product allows the application of qualified signatures with personal certificates and the application of electronic seals issued for legal persons, the following types of documents can be signed:
• PDF documents;
• any type of document / file in pkcs7 format;
• hash associated with any type of document.
Authentication and authorization to perform a signature operation is done through a 2-factor authentication mechanism.
Regarding the verification of signatures applied to a document, this is done regardless of the signature format: pkcs7 signature or the signature included in PDF documents.
Paperless flowSIGN is a web solution for multiple document signing flows, which includes both remote signing and local signing with qualified certificates stored on token cryptographic devices.
Paperless flowSIGN allows defining the signature flows, the process of accepting and signing the documents, downloading the signed documents and integrating with other information systems. The product can address both the internal flows of an organization and the signature flows between organizations or between organizations and individuals.
Defining a signature flow is easily accomplished, following the following steps:
• uploading the documents to be signed;
• defining the persons involved in the flow;
• defining the position where a signature will be placed in the PDF file;
• setting notifications;
• launching the flow in the signing process.
In the signing process, the user is notified by e-mail of each new assignment, accesses the application, authenticates and signs the documents. All documents in a stream are signed remotely in one step.
Uranus is a software product for the off-line file encryption that can be installed on PCs that meet the TEMPEST security requirements pertaining to the information they circulate or that are located within rooms that meet the TEMPEST security requirements.
The product components are:
· Uranus K – Complex software application for the management, generation and distribution of encryption keys, as well as the management of the users that operate within a security network. The term security network defines the infrastructure elements, the people needed to operate, as well as the whole array of security rules, measures and elements needed to the protection of critical information;
· Uranus C - Electronic document encryption/decryption application
· guarantees the security (confidentiality and integrity) of the data transmitted via various communications channels, anytime and anywhere, against any vulnerabilities and threats, facilitated by the sophistication of the latest technology (monitoring, storing, analysis etc.)
· provides security solutions that can be customized and implemented on commercial Tempest or ruggedized equipment, according the clients' needs and requests;
· ensures encrypted storing of data (information) and encryption keys;
· ensures an easy man-machine cooperation;
· ensures access to the equipment only for the authorized users, using the two-factor authentication mechanism, i.e. smartcard and access PIN;
· ensures a high level of security by random generation of the keys and through high data and key encryption speed.
MSD 2005 is a hardware and software product for secure data encryption based on OTK and proprietary algorithms, designed to protect highly confidential information (Strict Secret level information), easily customizable depending on the specificity of the activity.
MSD 2005 ensures:
· protection by encryption of highly confidential information;
· generation of encryption keys using a random number generator (white noise);
· the definition and management of one or more cryptographic networks;
· powerful symmetric encryption mechanisms:
○ One-time keys algorithm (OTK),
○ 256 bit key AES algorithm
○ the implementation of proprietary algorithms;
· real-time clock for checking the validity of the system;
· performing the encryption/decryption operations exclusively within the cryptographic module;
· uploading and using encryption keys in a secure way, exclusively within the security hardware module
· separation of management activities from operation activities (red-black separation)
· tamper-proof protection system.
SEND US A MESSAGE!.
For further information about certSIGN's Enterprise Security solutions, please send us a message and our specialists will contact you shortly!