Electronic identity, biometry and electronic signature
In today's world, it is increasingly important for a person who uses the internet and electronic services to present themselves in a secure and trusted way. The identity of an individual must be verified by the other party, which may provide its services or products, information or other content on the Internet. These may include charges to accounts or content may be subject to copyright protection. The other party may also be an employer who needs to guarantee that a person entering his system has the right to perform certain tasks or verification that they have fulfilled the required conditions in order to carry out their activity.
The electronic identity of an individual is a set of electronic parameters that clearly and accurately distinguishes one individual from another, especially for accessing information systems or for purposes of electronic communication. The electronic identity of an individual is declared by the person's identification and is verified by the authentication. Prerequisites for authentication of a person are: what person "knows" (password, pin code) what person "has" (smart card, mobile) what person "is" (biometric characteristics, eg facial recognition). The electronic signature ensures originality, integrity and demonstates the validity of the signed data in electronic communication.
Electronic identity tokens
Intelligent chip cards with contact ISO 7816-3 or contactless ISO 14443 interface. Today's chip cards are the means of ensuring the highest level of security in the electronic world. In their protected memory, they can store sensitive cryptographic keys or other sensitive information with the highest degree of protection. Cards are more than just safe storage. Using stored cryptographic data, they can create an electronic signature, encrypt data, or provide cardholder's identity to the remote party in a secure way using state-of-the-art cryptographic algorithms. USB tokens with integrated security chip in the form of a SIM card. These represent a combination of a reader and an integrated chip card. They are an ideal solution for an environment where both a high security level and also a compact form of the security device are required.
Software tokens preserved in the secure storage of a computer or other technical device. Software tokens, like smart cards, can contain cryptographic keys and may also be used for situations such as signing, accessing electronic services, encryption, but the level of their security is significantly lower than with smart cards. Their use is therefore appropriate in environments where there is no possibility or need for the use of hardware tokens (smart cards or other security modules), and where the delivery of at least basic or middle security level for communication or access control is required.
Mobile phone or tablet as an electronic identity carrier. Securing identity through mobile device's own security features / measures without the need for external security elements. Today's mobile devices provide the ability to store cryptographic keys or other sensitive data in a secure manner. In this case, the level of security is somewhat lower than with smart cards, but it may be sufficient depending on the use-case scenarios. The use of mobile devices as electronic identity carriers is therefore appropriate in environments where mobility is important and where security requirements may be less stringent.
Biometric user authentication
Biometric authentication is a method of user identification based on a person's biological parameters. Biological parameters of the person are fingerprint, iris, facial image, walking, speech, palm prints or other. Biometric authentication is used in identity documents, attendance and surveillance systems.
Face Biometry is especially useful for quickly identifying a higher number of persons in real time. Using face identification, this type of biometric identification looks for potential security threats. By controlling access and tracking of people at the company or institution's workplaces, or at various public events, the potential risk to children, event attendees and employees of the company, especially during nighttime operations, is significantly reduced.
Identity access management (IAM)
Providing identity associated with user authentication using different identification tokens, such as smart cards, USB tokens, or an application on a mobile phone. Authentication is provided as a service for relying parties, such as web applications, that leave this task to the identity provider. Using a secure token instead of a domain name and password substantially increases the security of accessing electronic services by employees in enterprise.
Secure identity provision among partners within the federation network. Identity Federation solution reduces partner identity management and also minimizes integration costs by supporting industry standards such as SAML 2.0, OpenID connect, or Kerberos. Web businesses provided through the internet can securely acquire new online customers (online on-boarding) and/or identify existing customers with secure authentication and identity verification.
The Single Sign-On (SSO) principle allows the user to use one single sign-in into multiple information systems simultaneously. The user is authenticated once and other systems trust this authentication.
Management of identities and tokens
Managing user identities end-to-end across all phases of the lifecycle. Support of integration onto enterprise directory services through LDAP. Issuance and management of identification tokens to registered users/identities. Management of the life cycle of identification tokens.
Electronic signature and trust services (PKI)
Securing electronic communication
Securing communications and sensitive data before modification and unauthorized access. Electronic signature and encryption of email or other electronic communications. Integration into an email client through standard CryptoAPI or PKCS#11.
Securing internal documentation
Electronic signing of internal company documentation, protocols, and reports will enable verification of their integrity, authenticity and origin (who signed them) in business processes. By using an electronic signature, internal corporate documents will be protected from unauthorized manipulation, and it will always be possible to identify with the highest degree of certainty and undeniability the individual who signed the document.
Applying electronic stamps to the signed documents allows determination of the time of signing the document during its verification. By using time stamps, it is possible to verify whether the signature of the document was valid at the time it was made. The timestamp format which is used is according to RFC 3161, 5816.
Issuing digital certificates that confirm the ownership of the signature or encryption key by the person to whom the certificate is issued. The use of certificates allows third (relying) parties to verify and trust the electronic signature created by the person holding the certificate. This solution represents a complete PKI infrastructure comprising certificate issuance and management components, management and control of revoked certificates lists and providing this information to third parties for validation (CRL, OCSP). This solution is easily integrable into the target technological environment through standard interfaces such as the Certificate Management Protocol (CMP) acc. to RFC4210 and RFC4211 or the Simple Certificate Enrollment Protocol (SCEP).
Data protection and privacy
RSolutions of the particular products meet the strictest requirements of the EU Regulation no. 2016/679, so-called GDPR General Data Protection Regulation.
Our solutions place strong emphasis on the protection of personal data. Users are clearly and transparently informed about the use of their personal data. The system stores a minimal set of personal data - only the data necessary for its proper function. The data are encrypted and held by the system only for the time neccessary to provide the given services. The data is used only for a dedicated purpose related to the issuance and use of employee cards and issued digital certificates.