Wk online trust solutions overview january 2012
-
Upload
carlos-creus-moreira -
Category
Technology
-
view
804 -
download
2
description
Transcript of Wk online trust solutions overview january 2012
The World Internet Security Company
Confidential
WISekey SA Copyright © 2011
The World Internet Security Company
Welcome to WISeKey
2
Online Trust Solutions
Secure Messaging (across devices & platforms)
Data Leakage Prevention
SSL & PKI
Paper Reduction Solutions (dematerialization)
Digital Brand Protection
WISeAuthentic
Certified Branded Web Presence
Mobile Solutions
WISeID (Secure Data Storage)
ekey+ (Secure USB)
WISePhone (Secure Voice)
WISeSMS (Secure SMS)
WISePay (Mobile Payments)
The World Internet Security Company
Online Trust Solutions Brief
Enterprise Data Security •CertifyID DLP: Data Leakage Prevention Solution
•Secure Enterprise Identity : Secure access, confidentiality, data integrity and authenticity
•Enterprise Mobile Security: Comprehensive security on the move (see below)
•Paper Reduction: Go digital across your operations legally and securely
Enterprise Mobile Security •WISePhone+: Encrypted Voice Calls for Enterprise Groups
•WISeID Enterprise: Encrypted enterprise data and identity console on your mobile
•Secure Messaging+: Encrypted messaging across devices and platforms (email, SMS, Chat, Facebook, Twitter)
•Secure Mobile Identity Credentials: One Time Password (RSA Replacement) and Digital Certificates
Web Site Security •Web Server Certification Services (SSL) : Secure your Web presence (Web site, Webmail, Secure Web access, sites.)
•Website Access Control: Establish secure and easy access mechanisms to publicly facing web sites.
Paper Reduction Solutions •e-Diploma: Enable academic diplomas to be validated in seconds
•Compliant Paper-Digitalization: e-Notary, Timestamping, e-invoicing, e-contracting, etc.
(ROADMAP) Enterprise Cloud Security • Cloud Secure Identity Services
• Cloud Enterprise Data Security
• Cloud Enterprise Mobile Security
• Government Data Sovereignty Services
The World Internet Security Company
Is There an Increasing Threat?
• Activity on the Internet and in the Cloud is
increasing at an accelerated pace.
• New security needs become apparent and
never-before-considered issues of privacy rights emerge.
• More reasons to be online and more data stored & transferred
means that the ramifications of a security
breach are enormous and growing.
• Source: Gartner
The World Internet Security Company
The Loss is Real & Growing
Financial
Annual cost of global cybercrime:
$114 billion.
Value of time lost due to cybercrime experiences:
$274 billion.
Cybercrime costs the world significantly more than the
global black market in marijuana, cocaine and heroin
combined annually.
Personal
431 million adults victims globally.
14 adults become a victim of cybercrime every
second, over 1 million every day.
More than 69% of adults online have been a victim of
cybercrime.
Of adults online, 10% have experienced cybercrime on
their mobile phones.
Source: 2011 Norton study
Mounting Threats
Reports of mobile operating system
vulnerabilities increased 42% in 2010, up 163 from
115 in 2009 – a sign cybercriminals have shifted their
focus to the mobile space.
Increased use of social networks and a lack of
protection are likely to be some of the main culprits
behind the growing number of cybercrime victims.
Source: Symantec Internet Security Threat Report
The World Internet Security Company
Security Breaches Making Headlines
6
“Hacking in Netherlands Points to Weak Spot in Web Security.” The New York Times. September 12, 2011. http://www.nytimes.com/2011/09/13/technology/hacking-in-
netherlands-points-to-weak-spot-in-web-security.html?scp=1&sq=hacking-in-netherland&st=cse
“Hackers accessed Citigroup customer data.” CNet. June 8, 2011. http://news.cnet.com/8301-1009_3-20070244-83/report-hackers-accessed-citigroup-customer-data/
“PlayStation Hack to Cost Sony $171M.” PCMag.com. May 23, 2011. http://www.pcmag.com/article2/0,2817,2385790,00.asp
“RSA Blames Phishing Attack for March Security Breach.” PCMag.com. April 5, 2011. http://www.pcmag.com/article2/0,2817,2383080,00.asp
“WikiLeaks supporters attack MasterCard site.” CNet. December 8, 2010. http://news.cnet.com/8301-13578_3-20024966-38.html
“Gmail Also Nailed by Phishing
Attacks, Google Says.” PCMag.com. Oct 6, 2009. http://www.pcmag.com/article2/0,2817,2353820,00.asp
The World Internet Security Company
The Information Security Landscape is Evolving Quickly: Pain / Solutions
The World Internet Security Company
Key Competitive Edge
Unique Trust Model
• The OISTE Foundation is a non-profit
organization for promoting international
standards to secure electronic
transactions.
• WISeKey is the trusted operator of the
OISTE Common Root.
• OISTE provides Common Root for
Certification Authorities worldwide that
comply with the OISTE Trust Model.
• Swiss Neutrality, Security , and privacy
laws allow operation without geo-
political or governmental constraints,
offering an alternative when U.S.-based
certificate sources are under attack.
The World Internet Security Company
Enterprise Data & Mobility Security Suite
The World Internet Security Company
SECURE ELECTRONIC IDENTITY INFRASTRUCTURES
Infrastructure & Operations E-Security Services
The World Internet Security Company
In-House Secure Identity Infrastructures
Web Site Security
Certificates (Server
Certificates)
Managed Certification
Services
The World Internet Security Company
CertifyID TrustCenter Architecture
High Security Centers
• Geneva Tier 4,
biometric, 24 hour
video surveillance,
meets SAS, ANSI
standards
Flexible Delivery Models
• Software & Tech
Licenses
• Consulting and
Delivery
• Bespoke solutons
• Managed Services
(Software as a
Service)
Multiple Accreditations
• WebTrust for CA
• Certified for Windows
Server 2003 & 2008
WS
Universal
Registration Authority
Offline
Root CA
Internet
Back-End
Public DMZProtected DMZ
HSM
NLB
ClusterLB on FE App
NLB
NLB
HSM
NLB
NLB
Storage Area Netowrk Channel
NLB
Cluster
NLB
Issuing CAs
Real time backup service
WebService interface
HSM Offline
Policy CAHSM
Timestamping
ServerOCSP ServerCertifyID
Guardian DB
Directory
Servers
Domain
Controllers
with OCSP Clients
ISA
CertifyID Trust
Center Root
Edition
CRL Management
OCSP Front End (proxy)
System Center
Operations Manager
Administration
Console
Registration
TerminalFederated
e-ServicesUsers
The World Internet Security Company
CertifyID™ SSL Digital Certificates
Standard SSL
Protects a server identified under a specific domain
name (i.e. https://www.domain.com). Those are the certificates most frequently needed to
protect Web Servers.
From 168,- CHF
One license per server and DNS name
Wildcard SSL
Convenient when the customer needs to protect a Web server offering several
subdomains or virtual servers (i.e. serving URLs as
https://www.domain.com, https://intranet.domain.com
and https://partners.domain.com,
all from the same web server).
From 371,- CHF
Unlimited subdomains on one
Web Server
Unified Communications
Used to protect Microsoft Communication and
Exchange servers (among others). These servers
require special certificates and Standard Certificates
cannot be used (excepting if the customer needs only to
protect his Exchange Webmail service).
From 210,- CHF
Includes 3 SAN. Additional SAN can be added for
45CHF each.
The World Internet Security Company
CertifyID™ SSL Digital Certificates
How to purchase a CertifyID™ SSL Digital Certificates
• Direct purchases. Customers can buy on-line or contacting their assigned Account
Manager. Customers purchasing high volumes can use our “CertifyID™ SSL Portal”.
• Indirect purchases. Resellers will place the orders for their customers using the
“CertifyID™ SSL Portal”. Customers linked to Resellers can also order their certificates
through the Portal.
Once an order is accepted, WISeKey will process the request and issue the certificate
following the successful validation procedure according to the SSL Certificate Policy.
Licensing policy
• Server Licenses. By purchasing one SSL Certificate the customer is entitled to protect a
single physical server. To protect additional servers with the same domain name (i.e.
redundant servers), customers must purchase additional “server licenses” for each
physical server. This policy applies to all certificates.
• Subject Alternative Names. SAN are only provided on UC SSL Certificates, which
include a license for 3 SAN (additional SAN can be purchased if required).
The World Internet Security Company
CertifyID™ Personal Certificates
Standard (Class 1)
Basic level of security. The subscriber’s identity is not verified. Suitable for e-mail
and other non critical usages. Not recommended
for legally binding digital signatures.
FREE!
Users only are required to register a CertifyID Account
Standard (Class 1+)
Medium level of security. The identity of the subscriber is
verified by checking the ownership of the e-mail address. Valid for digital
signatures, e-mail and other usages in corporate or
closed groups where e-mail accounts are given to known
persons.
From 15,- CHF
Price for first year. Renewals are charged at
50% annually.
Advanced (Class 2)
High level of security. The identity of the subscriber is
always verified “face-to-face” before issuing the certificate.
Recommended for digital signatures and other usages where sensitive information
must be protected.
From 26,- CHF
Price for first year. Renewals are charged at
50% annually.
The World Internet Security Company
CertifyID™ Personal Certificates
How to purchase a CertifyID™ Personal Certificates
• Direct purchases. Customers can buy on-line or contacting their assigned
Account Manager.
• Managed services (MPKI). Resellers or customers interested in managing the
certificates for a user comunity (i.e. a corporate environment) can benefit of
our MPKI offering. WISeKey’s CertifyID™ MPKI provides all the necessary
tools for issuing and managing worldwide trusted digital certificates for
employees or customers, for a fraction of the cost of establishing a dedicated
infrastructure.
Licensing policy
• User Licenses. The user certificates are licensed “per user”. The user license
is paid by an initial fee and an annual renewal and allows to issue an
unlimited number of certificates per user.
• MPKI Service. MPKI Service is offered with or without dedicated Certification
Authority. A dedicated Certification authority allows the organization to issue
“branded” certificates, not appearing as issued by WISeKey.
The World Internet Security Company
CertifyID Managed PKI
• Generate certificates for your
Employees
Clients
Partners
• Universally trusted digital certificates allow you to:
Sign documents electronically
Sign email
Encrypt Email
Secure access to applications and subsequent communication challenges (using strong authentication)
Protect web servers (SSL)
Managed via a secure web interface
Minimize infrastructure costs.
User friendly and easy to use
Securely managed in WISeKey secure DC
Centralized or decentralized management
The World Internet Security Company
Managed PKI Benefits
Quick deployment
• No inhouse systems need to be setup or deployed. The service can be
immediately used via the secure online web interface.
Secure Service
• Service is provided from WISeKey’s secure data centers, and customer data is
protected by contract and Swiss law.
Decentralised management
• Managed PKI allows flexible groups and templates, allowing administrators from
anywhere in the world to flexibly manage the system. This is ideal for
organisations that are geographically dispersed, and where remote branches are
not part of the internal IT network.
Lower costs for smaller deployments
• Managed PKI is often a more cost effective option for small groups of users in the
tens or low hundreds
The World Internet Security Company
Multi-Device & Multi-Platform Secure Messaging
Secure Messaging +
The World Internet Security Company
Multi-Platform Secure Messaging
WISeKey enables secure messaging on private and public
messaging systems:
• Private Messaging: Email, SMS,
What’sapp, iMessage, etc..
• Public Messaging: Facebook, twitter,
Google+,etc.
The World Internet Security Company
Multi-Device Secure Messaging
• With CertifyID Personal Certificats WISeKey enables
secure messaging on:
• Mobile: iOS, Android, RIM
• Desktop/Laptop: Windows, MAC OSX
• Servers: Network integrated backend Cryptographic Key-
Management Solution
• Users can send/receive – encrypt/decrypt messages on
any device
• Users can digitally sign messages and documents on any
device
• WISeKey completes this offer with added value products
that enable security on widely used channels as SMS,
Social Networks and Voice Communications
The World Internet Security Company
DATA LEAKAGE PROTECTION Infrastructure & Operations E-Security Services
The World Internet Security Company
Data Leakage Protection
The World Internet Security Company
Typical data security risks
Employees can send confidential data out unintentionally or
maliciously.
The World Internet Security Company
WISeKey’s DLPSolution Two types of running programs
The World Internet Security Company
WISeKey DLP Solution Cross-program data exchange
The World Internet Security Company
WISEPHONE+
Multi-Platform Secure VoIP Communications
(Cloud-Based or In-House)
27
The World Internet Security Company
WISePhone+
Available for:
• iPhone
• iPad
• Android
• PC (Windows, MacOS, Linux)
• Blackberry* (modelos 8520, 8900,
9000 y 9700)
* OS Versions between 4.6 and 5.0.0.540, and 7
The World Internet Security Company
Architecture
The World Internet Security Company
WISePhone+ Features
• Background Support
• WISePhone+ and Native Dialer Support
• Call over Wi-Fi or 3G Data
• Automatic CODEC selection
• 2 Active Calls & Transfer Call
• Attended and Unattended
• Swap Between Calls & Conference
• Mute/Unmute
• Generate DTMF
• Speakerphone/Handset
• Contact Pane
• Call History Pane
• Dialed Calls, Answered Calls, Missed Calls,
Favorites
• Delete Entry/Entries, Filter by Entry Type
• Voicemail Pane
• Call Voicemail
• WISePhoneGo (The Managed WISePhone
Service) offers a series of features to the end
users:
• Secure user to user calling and messaging
• Intergroup Calling - with the approval of the
other WisePhoneGo group
• Real time Presence (iPhone, iPad, Desktop
and Android only)
• Group Messaging within own business group
• MeetMe Style Conference calls
• Music on Hold
• SkypeIn Integration to a specific number, or
group of numbers (optional, non secure
service with additional costs)
• PSTN Breakout - This is subject to no
regulatory issues and will have additional on-
going charges
The World Internet Security Company
PAPER REDUCTION SERVICES Infrastructure & Operations E-Security Services
The World Internet Security Company
Paper Reduction Services
Our business line of products & services
related to document integrity and
authenticity:
• e-Compliance Services: Legally compliant paper
digitalization.
• WISe-Notary Services: Legally-binding Trusted 3rd
party archival
• e-Diploma: Certification and academic credential
digitalization and online validation.
The World Internet Security Company
Timestamp Service
WISeSign PDF calls on timestamp services by
WISeKey or an accredited local 3rd party
timestamp service, when required by
regulations.
Mass e-Signing Service
Based on the destination, the certificates and
cryptographic keys are used to digitally sign
files in multiple signature formats, and can be
securely archived or delivered electronically.
Certified Hardware Security
Module
To comply with some local regulations, digital
certificates and cryptographic keys can be
issued by accredited Certification Authorities.
e-Compliance Services
Locally Accredited
3rd party (TSA)
Timestamp Authority
WISeKey (TSA)
Timestamp Authority
BULK DELIVERY
OF DIGITALLY SIGNED
AND TIMESTAMPED
FILES
BATCH OF FILES
INTERNET
Files are securely archived
for retrieval or delivered to an
Internet or email address.
The World Internet Security Company
WISe-Notary Services
“Trusted Third Party”
• WISeKey can manage the legal aspects
involved in supply chain de-materialization
(e.g. model interchange agreements).
Encrypted Storage Database
• WISeKey will securely record and store the
timestamped files exchanged in the supply
chain, including contracts and other legally-
binding documents.
All parties are issued a secure e-ID ensuring
strong authentication and access to the
system, which includes queries by authorized
persons as per a defined protocol.
WISeKey can report, by request, on this
exchange history which holds strong
evidentiary weight, is forensically reliable and
can be accepted by courts in most jurisdictions.
E-mail Server
TimeStampsRepository
TimeStampingAuthority (TSA)
E-mail TimeStamping Service
Reliable Time Sources
POP3S
SQL TS over HTTP
GPSNTPLW
SMTP
Archive
The World Internet Security Company
e-Diploma
Step 1: e-Diploma Generation
• Digital file version of diplomas are
generated in a user-friendly format.
Step 2: Digital Signature &
Timestamp
• The authenticity of the e-Diploma is
guaranteed by a digital signature
generated by the institution and is
timestamped for validation.
Step 3: Repository Storage
• Digital diplomas are stored in a
repository managed by the institution
(in-house) or by WISeKey (managed),
equipped with unique access codes.
DIPLOMA GENERATED
AS DIGITAL FILE
MANAGED
REPOSITORY
IN-HOUSE
REPOSITORY
Delivery of digitally
signed & timestamped
e-Diploma.
The World Internet Security Company
e-Diploma Validation Service
Job Candidate: William Smith
DIGITALLY SIGNED & VALIDATED DIPLOMA
SECURED ACCESS SYSTEM
The World Internet Security Company
e-Diploma Revenue
e-Diploma for Students
• Students can choose the e-Diploma
service, valid for a pre-selected
duration.
e-Diploma for Alumni
• Alumni can request archived diplomas
to be digitized and benefit from the
same advantages as the standard e-
Diploma service.
e-Diploma Service Renewal
• Renewed or extended access to the
digital file can always be granted.
Continual revenue stream for
Universities
The World Internet Security Company
e-Diploma for other Certifications
• Professional certifications (e.g. specialized accreditation for
doctors, lawyers, psychologists, engineers, etc…).
• Technical training certifications in the IT industry (e.g. Cisco
Certified Engineer, Microsoft Certified Security Professional,
etc...).
• Airport fast-track “trusted traveler” programs.
• Official recognition of staff achievements in large organizations.
• Professional endorsements or recommendations.
The World Internet Security Company
WISEID ENTERPRISE Enterprise Mobile Community Security
The World Internet Security Company
About WISeID
40
• WISeID is the innovative solution from
WISeKey for personal data protection
• Using the WISeID Application
(available for most smarphones and
desktop environments) the users can: • Store confidential personal information in an
encrypted vault
• Store access credential for their most used on-
line services (webmail, on-line banking, social
networks…) and use WISeID as a convenient
“single sign on” solution for accessing those
services
• Get a trusted identity (a CertifyID™ Personal
Certificates) and improve the security of their
on-line interactions. This identity can be used
to encrypt and sign e-mails sent from the
mobile phone
The World Internet Security Company
WISeID Enterprise
Fully customized and branded, including features such as:
• Profile management
• Digital ID integration into the corporate system
• Signed email
• Encrypted items
• addition/modification of base categories,
• Geo-Location
• Backup & restore
• Wallpaper & Videos
• Compilation and posting to customer App Store enterprise account
• Support and maintenance
The World Internet Security Company
Questions?