Wk online trust solutions overview january 2012

The World Internet Security Company

Confidential

WISekey SA Copyright © 2011


Welcome to WISeKey

2

Online Trust Solutions

Secure Messaging (across devices & platforms)

Data Leakage Prevention

SSL & PKI

Paper Reduction Solutions (dematerialization)

Digital Brand Protection

WISeAuthentic

Certified Branded Web Presence

Mobile Solutions

WISeID (Secure Data Storage)

ekey+ (Secure USB)

WISePhone (Secure Voice)

WISeSMS (Secure SMS)

WISePay (Mobile Payments)


Online Trust Solutions Brief

Enterprise Data Security •CertifyID DLP: Data Leakage Prevention Solution

•Secure Enterprise Identity : Secure access, confidentiality, data integrity and authenticity

•Enterprise Mobile Security: Comprehensive security on the move (see below)

•Paper Reduction: Go digital across your operations legally and securely

Enterprise Mobile Security •WISePhone+: Encrypted Voice Calls for Enterprise Groups

•WISeID Enterprise: Encrypted enterprise data and identity console on your mobile

•Secure Messaging+: Encrypted messaging across devices and platforms (email, SMS, Chat, Facebook, Twitter)

•Secure Mobile Identity Credentials: One Time Password (RSA Replacement) and Digital Certificates

Web Site Security •Web Server Certification Services (SSL) : Secure your Web presence (Web site, Webmail, Secure Web access, sites.)

•Website Access Control: Establish secure and easy access mechanisms to publicly facing web sites.

Paper Reduction Solutions •e-Diploma: Enable academic diplomas to be validated in seconds

•Compliant Paper-Digitalization: e-Notary, Timestamping, e-invoicing, e-contracting, etc.

(ROADMAP) Enterprise Cloud Security • Cloud Secure Identity Services

• Cloud Enterprise Data Security

• Cloud Enterprise Mobile Security

• Government Data Sovereignty Services


Is There an Increasing Threat?

• Activity on the Internet and in the Cloud is

increasing at an accelerated pace.

• New security needs become apparent and

never-before-considered issues of privacy rights emerge.

• More reasons to be online and more data stored & transferred

means that the ramifications of a security

breach are enormous and growing.

• Source: Gartner


The Loss is Real & Growing

Financial

Annual cost of global cybercrime:

$114 billion.

Value of time lost due to cybercrime experiences:

$274 billion.

Cybercrime costs the world significantly more than the

global black market in marijuana, cocaine and heroin

combined annually.

Personal

431 million adults victims globally.

14 adults become a victim of cybercrime every

second, over 1 million every day.

More than 69% of adults online have been a victim of

cybercrime.

Of adults online, 10% have experienced cybercrime on

their mobile phones.

Source: 2011 Norton study

Mounting Threats

Reports of mobile operating system

vulnerabilities increased 42% in 2010, up 163 from

115 in 2009 – a sign cybercriminals have shifted their

focus to the mobile space.

Increased use of social networks and a lack of

protection are likely to be some of the main culprits

behind the growing number of cybercrime victims.

Source: Symantec Internet Security Threat Report


Security Breaches Making Headlines

6

“Hacking in Netherlands Points to Weak Spot in Web Security.” The New York Times. September 12, 2011. http://www.nytimes.com/2011/09/13/technology/hacking-in-

netherlands-points-to-weak-spot-in-web-security.html?scp=1&sq=hacking-in-netherland&st=cse

“Hackers accessed Citigroup customer data.” CNet. June 8, 2011. http://news.cnet.com/8301-1009_3-20070244-83/report-hackers-accessed-citigroup-customer-data/

“PlayStation Hack to Cost Sony $171M.” PCMag.com. May 23, 2011. http://www.pcmag.com/article2/0,2817,2385790,00.asp

“RSA Blames Phishing Attack for March Security Breach.” PCMag.com. April 5, 2011. http://www.pcmag.com/article2/0,2817,2383080,00.asp

“WikiLeaks supporters attack MasterCard site.” CNet. December 8, 2010. http://news.cnet.com/8301-13578_3-20024966-38.html

“Gmail Also Nailed by Phishing

Attacks, Google Says.” PCMag.com. Oct 6, 2009. http://www.pcmag.com/article2/0,2817,2353820,00.asp


The Information Security Landscape is Evolving Quickly: Pain / Solutions


Key Competitive Edge

Unique Trust Model

• The OISTE Foundation is a non-profit

organization for promoting international

standards to secure electronic

transactions.

• WISeKey is the trusted operator of the

OISTE Common Root.

• OISTE provides Common Root for

Certification Authorities worldwide that

comply with the OISTE Trust Model.

• Swiss Neutrality, Security , and privacy

laws allow operation without geo-

political or governmental constraints,

offering an alternative when U.S.-based

certificate sources are under attack.


Enterprise Data & Mobility Security Suite


SECURE ELECTRONIC IDENTITY INFRASTRUCTURES

Infrastructure & Operations E-Security Services


In-House Secure Identity Infrastructures

Web Site Security

Certificates (Server

Certificates)

Managed Certification

Services


CertifyID TrustCenter Architecture

High Security Centers

• Geneva Tier 4,

biometric, 24 hour

video surveillance,

meets SAS, ANSI

standards

Flexible Delivery Models

• Software & Tech

Licenses

• Consulting and

Delivery

• Bespoke solutons

• Managed Services

(Software as a

Service)

Multiple Accreditations

• WebTrust for CA

• Certified for Windows

Server 2003 & 2008

WS

Universal

Registration Authority

Offline

Root CA

Internet

Back-End

Public DMZProtected DMZ

HSM

NLB

ClusterLB on FE App

NLB

NLB

HSM

NLB

NLB

Storage Area Netowrk Channel

NLB

Cluster

NLB

Issuing CAs

Real time backup service

WebService interface

HSM Offline

Policy CAHSM

Timestamping

ServerOCSP ServerCertifyID

Guardian DB

Directory

Servers

Domain

Controllers

with OCSP Clients

ISA

CertifyID Trust

Center Root

Edition

CRL Management

OCSP Front End (proxy)

System Center

Operations Manager

Administration

Console

Registration

TerminalFederated

e-ServicesUsers

https://cert.webtrust.org/ViewSeal?id=643


CertifyID™ SSL Digital Certificates

Standard SSL

Protects a server identified under a specific domain

name (i.e. https://www.domain.com). Those are the certificates most frequently needed to

protect Web Servers.

From 168,- CHF

One license per server and DNS name

Wildcard SSL

Convenient when the customer needs to protect a Web server offering several

subdomains or virtual servers (i.e. serving URLs as

https://www.domain.com, https://intranet.domain.com

and https://partners.domain.com,

all from the same web server).

From 371,- CHF

Unlimited subdomains on one

Web Server

Unified Communications

Used to protect Microsoft Communication and

Exchange servers (among others). These servers

require special certificates and Standard Certificates

cannot be used (excepting if the customer needs only to

protect his Exchange Webmail service).

From 210,- CHF

Includes 3 SAN. Additional SAN can be added for

45CHF each.


CertifyID™ SSL Digital Certificates

How to purchase a CertifyID™ SSL Digital Certificates

• Direct purchases. Customers can buy on-line or contacting their assigned Account

Manager. Customers purchasing high volumes can use our “CertifyID™ SSL Portal”.

• Indirect purchases. Resellers will place the orders for their customers using the

“CertifyID™ SSL Portal”. Customers linked to Resellers can also order their certificates

through the Portal.

Once an order is accepted, WISeKey will process the request and issue the certificate

following the successful validation procedure according to the SSL Certificate Policy.

Licensing policy

• Server Licenses. By purchasing one SSL Certificate the customer is entitled to protect a

single physical server. To protect additional servers with the same domain name (i.e.

redundant servers), customers must purchase additional “server licenses” for each

physical server. This policy applies to all certificates.

• Subject Alternative Names. SAN are only provided on UC SSL Certificates, which

include a license for 3 SAN (additional SAN can be purchased if required).


CertifyID™ Personal Certificates

Standard (Class 1)

Basic level of security. The subscriber’s identity is not verified. Suitable for e-mail

and other non critical usages. Not recommended

for legally binding digital signatures.

FREE!

Users only are required to register a CertifyID Account

Standard (Class 1+)

Medium level of security. The identity of the subscriber is

verified by checking the ownership of the e-mail address. Valid for digital

signatures, e-mail and other usages in corporate or

closed groups where e-mail accounts are given to known

persons.

From 15,- CHF

Price for first year. Renewals are charged at

50% annually.

Advanced (Class 2)

High level of security. The identity of the subscriber is

always verified “face-to-face” before issuing the certificate.

Recommended for digital signatures and other usages where sensitive information

must be protected.

From 26,- CHF

Price for first year. Renewals are charged at

50% annually.


CertifyID™ Personal Certificates

How to purchase a CertifyID™ Personal Certificates

• Direct purchases. Customers can buy on-line or contacting their assigned

Account Manager.

• Managed services (MPKI). Resellers or customers interested in managing the

certificates for a user comunity (i.e. a corporate environment) can benefit of

our MPKI offering. WISeKey’s CertifyID™ MPKI provides all the necessary

tools for issuing and managing worldwide trusted digital certificates for

employees or customers, for a fraction of the cost of establishing a dedicated

infrastructure.

Licensing policy

• User Licenses. The user certificates are licensed “per user”. The user license

is paid by an initial fee and an annual renewal and allows to issue an

unlimited number of certificates per user.

• MPKI Service. MPKI Service is offered with or without dedicated Certification

Authority. A dedicated Certification authority allows the organization to issue

“branded” certificates, not appearing as issued by WISeKey.


CertifyID Managed PKI

• Generate certificates for your

Employees

Clients

Partners

• Universally trusted digital certificates allow you to:

Sign documents electronically

Sign email

Encrypt Email

Secure access to applications and subsequent communication challenges (using strong authentication)

Protect web servers (SSL)

Managed via a secure web interface

Minimize infrastructure costs.

User friendly and easy to use

Securely managed in WISeKey secure DC

Centralized or decentralized management


Managed PKI Benefits

Quick deployment

• No inhouse systems need to be setup or deployed. The service can be

immediately used via the secure online web interface.

Secure Service

• Service is provided from WISeKey’s secure data centers, and customer data is

protected by contract and Swiss law.

Decentralised management

• Managed PKI allows flexible groups and templates, allowing administrators from

anywhere in the world to flexibly manage the system. This is ideal for

organisations that are geographically dispersed, and where remote branches are

not part of the internal IT network.

Lower costs for smaller deployments

• Managed PKI is often a more cost effective option for small groups of users in the

tens or low hundreds


Multi-Device & Multi-Platform Secure Messaging

Secure Messaging +


Multi-Platform Secure Messaging

WISeKey enables secure messaging on private and public

messaging systems:

• Private Messaging: Email, SMS,

What’sapp, iMessage, etc..

• Public Messaging: Facebook, twitter,

Google+,etc.


Multi-Device Secure Messaging

• With CertifyID Personal Certificats WISeKey enables

secure messaging on:

• Mobile: iOS, Android, RIM

• Desktop/Laptop: Windows, MAC OSX

• Servers: Network integrated backend Cryptographic Key-

Management Solution

• Users can send/receive – encrypt/decrypt messages on

any device

• Users can digitally sign messages and documents on any

device

• WISeKey completes this offer with added value products

that enable security on widely used channels as SMS,

Social Networks and Voice Communications


DATA LEAKAGE PROTECTION Infrastructure & Operations E-Security Services


Data Leakage Protection


Typical data security risks

Employees can send confidential data out unintentionally or

maliciously.


WISeKey’s DLPSolution Two types of running programs


WISeKey DLP Solution Cross-program data exchange


WISEPHONE+

Multi-Platform Secure VoIP Communications

(Cloud-Based or In-House)

27


WISePhone+

Available for:

• iPhone

• iPad

• Android

• PC (Windows, MacOS, Linux)

• Blackberry* (modelos 8520, 8900,

9000 y 9700)

* OS Versions between 4.6 and 5.0.0.540, and 7


Architecture


WISePhone+ Features

• Background Support

• WISePhone+ and Native Dialer Support

• Call over Wi-Fi or 3G Data

• Automatic CODEC selection

• 2 Active Calls & Transfer Call

• Attended and Unattended

• Swap Between Calls & Conference

• Mute/Unmute

• Generate DTMF

• Speakerphone/Handset

• Contact Pane

• Call History Pane

• Dialed Calls, Answered Calls, Missed Calls,

Favorites

• Delete Entry/Entries, Filter by Entry Type

• Voicemail Pane

• Call Voicemail

• WISePhoneGo (The Managed WISePhone

Service) offers a series of features to the end

users:

• Secure user to user calling and messaging

• Intergroup Calling - with the approval of the

other WisePhoneGo group

• Real time Presence (iPhone, iPad, Desktop

and Android only)

• Group Messaging within own business group

• MeetMe Style Conference calls

• Music on Hold

• SkypeIn Integration to a specific number, or

group of numbers (optional, non secure

service with additional costs)

• PSTN Breakout - This is subject to no

regulatory issues and will have additional on-

going charges


PAPER REDUCTION SERVICES Infrastructure & Operations E-Security Services


Paper Reduction Services

Our business line of products & services

related to document integrity and

authenticity:

• e-Compliance Services: Legally compliant paper

digitalization.

• WISe-Notary Services: Legally-binding Trusted 3rd

party archival

• e-Diploma: Certification and academic credential

digitalization and online validation.


Timestamp Service

WISeSign PDF calls on timestamp services by

WISeKey or an accredited local 3rd party

timestamp service, when required by

regulations.

Mass e-Signing Service

Based on the destination, the certificates and

cryptographic keys are used to digitally sign

files in multiple signature formats, and can be

securely archived or delivered electronically.

Certified Hardware Security

Module

To comply with some local regulations, digital

certificates and cryptographic keys can be

issued by accredited Certification Authorities.

e-Compliance Services

Locally Accredited

3rd party (TSA)

Timestamp Authority

WISeKey (TSA)

Timestamp Authority

BULK DELIVERY

OF DIGITALLY SIGNED

AND TIMESTAMPED

FILES

BATCH OF FILES

INTERNET

Files are securely archived

for retrieval or delivered to an

Internet or email address.


WISe-Notary Services

“Trusted Third Party”

• WISeKey can manage the legal aspects

involved in supply chain de-materialization

(e.g. model interchange agreements).

Encrypted Storage Database

• WISeKey will securely record and store the

timestamped files exchanged in the supply

chain, including contracts and other legally-

binding documents.

All parties are issued a secure e-ID ensuring

strong authentication and access to the

system, which includes queries by authorized

persons as per a defined protocol.

WISeKey can report, by request, on this

exchange history which holds strong

evidentiary weight, is forensically reliable and

can be accepted by courts in most jurisdictions.

E-mail Server

TimeStampsRepository

TimeStampingAuthority (TSA)

E-mail TimeStamping Service

Reliable Time Sources

POP3S

SQL TS over HTTP

GPSNTPLW

SMTP

Archive


e-Diploma

Step 1: e-Diploma Generation

• Digital file version of diplomas are

generated in a user-friendly format.

Step 2: Digital Signature &

Timestamp

• The authenticity of the e-Diploma is

guaranteed by a digital signature

generated by the institution and is

timestamped for validation.

Step 3: Repository Storage

• Digital diplomas are stored in a

repository managed by the institution

(in-house) or by WISeKey (managed),

equipped with unique access codes.

DIPLOMA GENERATED

AS DIGITAL FILE

MANAGED

REPOSITORY

IN-HOUSE

REPOSITORY

Delivery of digitally

signed & timestamped

e-Diploma.

http://upload.wikimedia.org/wikipedia/commons/2/20/Diploma_Messina_1672.jpg



e-Diploma Validation Service

Job Candidate: William Smith

DIGITALLY SIGNED & VALIDATED DIPLOMA

SECURED ACCESS SYSTEM


e-Diploma Revenue

e-Diploma for Students

• Students can choose the e-Diploma

service, valid for a pre-selected

duration.

e-Diploma for Alumni

• Alumni can request archived diplomas

to be digitized and benefit from the

same advantages as the standard e-

Diploma service.

e-Diploma Service Renewal

• Renewed or extended access to the

digital file can always be granted.

Continual revenue stream for

Universities



e-Diploma for other Certifications

• Professional certifications (e.g. specialized accreditation for

doctors, lawyers, psychologists, engineers, etc…).

• Technical training certifications in the IT industry (e.g. Cisco

Certified Engineer, Microsoft Certified Security Professional,

etc...).

• Airport fast-track “trusted traveler” programs.

• Official recognition of staff achievements in large organizations.

• Professional endorsements or recommendations.


WISEID ENTERPRISE Enterprise Mobile Community Security


About WISeID

40

• WISeID is the innovative solution from

WISeKey for personal data protection

• Using the WISeID Application

(available for most smarphones and

desktop environments) the users can: • Store confidential personal information in an

encrypted vault

• Store access credential for their most used on-

line services (webmail, on-line banking, social

networks…) and use WISeID as a convenient

“single sign on” solution for accessing those

services

• Get a trusted identity (a CertifyID™ Personal

Certificates) and improve the security of their

on-line interactions. This identity can be used

to encrypt and sign e-mails sent from the

mobile phone


WISeID Enterprise

Fully customized and branded, including features such as:

• Profile management

• Digital ID integration into the corporate system

• Signed email

• Encrypted items

• addition/modification of base categories,

• Geo-Location

• Backup & restore

• Wallpaper & Videos

• Compilation and posting to customer App Store enterprise account

• Support and maintenance


Questions?

Wk online trust solutions overview january 2012

Technology

Transcript of Wk online trust solutions overview january 2012