SOLUTIONS

Secure Access & Identity Management

  • Secure Web Access using Smart Tokens
  • Secure Web Access using OTP Tokens
  • Secure VPN Access
  • Applications Single Sign On SSO

Data Security

  • Documents Security
  • Email Security



Storage Encryption

  • Virtual Drive Encryption
  • Physical Drive Encryption
  • Secure Flash
  • Software Protection & DRM

Secure Access & Identity Management

This solution is intended to provide a hardware authentication technique to web sites and web applications. In this solution, Softlock Smart Token is used to store the user certificate that will be the user credentials to access the website.

The Secure Web Authentication uses SSL certificate installed on web server, and signed certificates installed on Smart token to establish a Secure Internet connection between web browser and web site. In this case, the website uses https connection which is more secure a reliable than normal http connection.

As shown in the figure, each user can connect to the web server and access the website/web application if and if only the user has smart token connected to the PC. This smart token is a secure storage for the user certificate which is signed from the same web server issuer. The user who doesn’t hold the smart token or has a token with wrong certificate is unauthorized. The server identifies itself to the callers through the SSL certificate. The SSL protocol requires user certificate from client side. These certificate will be verified at server side through integrity check and CRL validation.

One-Time Password Today is one of simplest and most popular forms of two-factor authentication for securing network access. For example, in large organizations and enterprises, a VPN or a website access often requires One-Time Password tokens for user authentication. One-Time Passwords are often preferred because an air-gap device does not require the installation of any client desktop software drivers on the user machine, and therefore allowing them to support multiple machines including home computers, kiosks, and personal digital assistants.

OTPMS system provides solution for user authentication using the one time password OTP method with the back end system at the server side. It allows the end user to perform his authentication through one click.

The user requests an access to a service, the system then sends an authentication request to the OTP server through the RADIUS/SOAP protocol. The OTP server responses with success or failure. Finally, the web application service permits the user to access it or prevents him.

 

For enterprises with remote users that tend to use network resources through Virtual Private Network (VPN), it is very risky to depend on the static username/password.

AS VPN provides access to critical and important resources related to organization, there is a need for high security credentials to authenticate users as only authorized users can make use of company resources and documents.

Using username and password is called single factor authentication so in order to provide secure access solution we need multi factor authentication.
Softlock Secure VPN Access Solution provides a hardware based Authentication method. Softlock Secure VPN Access provides extra security with two and Three Factors Authentication based on Softlock Smart Token or OnePass OTP token.
With Softlock VPN solution only User token, know token Pin and enroll his fingerprint (if use biometric version) will be able to access VPN.

The secure VPN access solution has two alternatives:

  1. Secure PKI VPN Access.
  2. Secure OTP VPN Access.

Single-sign-on is one of the key features of the Identity Server introduced by Softlock that enables users to provide their credentials once and obtain access to multiple applications. The users are not prompted for their credentials when accessing each application until their session is terminated. Additionally, the user can access all these applications without having to log into each and every one of them individually. So, if users log into application A, for example, they would automatically have access to application B as well for the duration of that session without having to re-enter their credentials.

The Identity Server can act as the identity provider of a single sign-on system with minimal configurations.

Data Security

Documents Security

Many applications used in documents generation and publishing uses Encryption and Digital Signature for securing the documents, though depending on a password as the key to the security will lead to one factor authentication which can be easily broken.

Documents security mainly depends on two approaches, Document Encryption and Digital Signature.
Softlock Document Security solution provides a secure approach for document security exchange based on Softlock Smart Token or Softlock Smartcards. Softlock Smart token libraries are tested and have been used with different applications.

Softlock Document Security solution can be easily integrated with any application compliant with PKCS or CSP standards, like: Word, Excel or PowerPoint documents, Autodesk AutoCAD maps and drawings' documents and more.

Email Security

Softlock Email Security Solution is a straight forward solution, based on different technology standards. The solution provides the security by providing Email Encryption and Digital Signature. Email encryption can secure all confidential data transferred via emails, while Email Digital Signature can provide identity verification and non-repudiation.

In order to reach the maximum security level, Softlock provides Softlock Smart Token Integration within the Email Security solution. Softlock Smart Token provides different cryptographic functionalities conforming to technology standards and compatible with different third party applications.

The previous figure illustrates the Secure Email Environment, where the Recipient can verify the sender identity and decrypt the Email contents, while Un Authorized intruder fails to decrypt the Email contents.

Storage Encryption

Virtual drives is a digital security solution for securing the data. By creating a virtual drive, the contents of this drive or the secure area is totally secured and protected from any access by illegal or unauthenticated users.

Secure Virtual Drive Solution provides the user with the ability to store his data secured on the PC. The user is able to create many secure virtual drives as necessary and with the required space providing that the necessary space is available on his physical hard disk. The virtual drive appears to the user as an ordinary hard disk in ‘My Computer’ area, while it maps to a fully secured encrypted file on the physical hard disk.

The security device can be Softlock Smart Token which will be used to open the secure virtual drive as this drive is totally protected by the certificate which is generated and stored in the Smart token.

This solution is very similar to the previous Secure Virtual Drive Solution, the main difference is that the drive here not virtual, it is visible but protected not accessible without authentication. The solution depends on the new BitLocker Microsoft Windows Tool.

BitLocker drives can be encrypted with 128 bit or 256 bit encryption, this is plenty strong to protect your data in the event the computer is lost or stolen. BitLocker protects a hard drive from offline attacks. This is the type of attack where a malicious user will take the hard drive from your mobile machine and connect it to another machine so they can harvest your data.

BitLocker also protects the data if a malicious user boots from an alternate Operating System. With either attack method, BitLocker encrypts the hard drive so that when someone has physical access to the drive, the drive is unreadable. Now if you are a network admin and you need to harvest data from a hard drive when a machine fails, BitLocker tools include the functionality to prompt the admin for the recovery key so the hard drive can be accessed.

Softlock Smart Token integrates with the BitLocker as a Smart Card, in order to provide a two/three factor hardware authentication over the secure Drive (partition).

The SaFlash Drive eliminates all the vulnerabilities within the common USB Flash storage. Also, the highest security level is introduced based on biometric user authentication of the owner. Along with the fingerprint authentication, there is password authentication and memory encryption to secure the memory chip against hardware attacks.

SaFlash consists of 3 modules Fingerprint Module: a fingerprint thermal sensor along with the matching module, Security Processor: to perform the encryption operation on the written data before storing it to memory, and decrypt this data before read it from memory.
SaFlash Memory Chip this chip is the storage media that contains the user data. This memory is being managed from the security module.

The SaFlash USB Drive can be used as multiple drive exactly as hard disk. Each drive permissions can be easily changed to be read only or read/write. Public and Private storage: meaning public storage require no authentication.

Software Protection & DRM

Software Systems suffer from piracy, weak security implementation and insufficient access control. Non secure software may lead to:

  • Financial losses
  • Intellectual property losses
  • Privacy losses

Software Piracy attacks any type of Software Systems. It provides public users with un-protected version of the Software (Cracked Software). Users share and exchange the unprotected Software internally or globally through the internet. Millions of cracks are available in the internet for many software applications and versions. Also, expert and non-expert cracking tools are available to internet users.

Usually piracy is used to unprotect the software, however sometimes it is used to remove the limitation of functionality and the number of users from the protected programs.

Furthermore, sometimes competitor companies uses cracking tools to apply the reverse engineering and unprotect the data files, the software libraries and understand the complicated software algorithms. Those items can be used to develop another software with similar or better features.

Software piracy may lead to serious financial problems, whenever the software is cracked there is no way to stop users from using the un-protected version.

Recent studies recommend using hardware authentication devices to protect user access to any software service; also they recommend using hardware encryption to protect data files and sensitive information. Even an internal or external hardware devices prevent any malware program from spying or emulating or stopping the hardware activity.

Figure 1-Enterprise software distribution

figure1 illustrates an example of an enterprise software distribution process. Where the software vendor needs to sell his software protected and controllable, without consuming much effort on the software development side or on the customer side.

Figure 2-Desktop distribution process

Softlock introduces P-Studio to automate the software protection process. The protection is characterized as multi-layered protection that can be customized to meet the software vendor requirement. The challenging security in this solution is that it is based on hardware protection as mentioned in the previous figures, which resists all piracy operations.

The previous figure illustrates the main protection stages. Softlock Protection process can be divided into three major stages:

  1. Protection: Software Protection of executable and data files.
  2. Licensing: License editing and issuing.
  3. Authentication: Authentication mechanism preparation.

As shown in figure2, it illustrates an example of a desktop software distribution process. Where the software vendor needs to protect his intellectual property and his copyright as well. He also needs to enforce different protection conditions for each software release like trials and expiration date.

The example displays two effective techniques for the software protection via:

  • Hardware authentication device.
  • Online Machine authentication.

PRODUCTS

Softlock Smart Token

Softlock Smart Token is a security hardware device based on ATMEL AT91SAM7S256 processor and UPIC TouchStrip® Sensor TCS4C. It provides the digital signature and data encryption services. Softlock Smart Token is offered in two hardware models, standard and biometric.
Softlock Smart Token protected by two and three factor authentication. Beside mandatory password authentication, it uniquely supported with accurate and reliable fingerprint identification system.

  • Email Signing and Encryption
  • Document Signing and Encryption
  • Secure Network Login
  • Secure Web Login
  • Secure VPN Login
  • Secure Hard drives and Partitions

APPLICATIONS/ APPLETS

Softlock provide smart card applications as per solution requirement. Below are main applets that in focus as the market demands:
  • e-ID
  • e-Passport
  • e-Purse
  • EMV
  • e-Health

SOFTLOCK SMART CARD OPERATING SYSTEM (SLSCOS)

Softlock has built an Operating System that intends to manage the smart card resources (i.e. microcontroller processing time, RAM memory, EEPROM storage). The system provides the primary features according to international standards along with an optimization feature to help provide a better performance.

SLCOS is a principle component in the security chain; it protects the personal identity and provides the required security services to the citizens. It also allows third party vendors to build embedded applications and applets without affecting the security.

Softlock P-Studio

Softlock Software P-Studio is the latest product release for Softlock Software Copy Protection solution. The P-Studio provides a comprehensive solution for protecting Software and Data for software vendors and data publishers and distribution. It provides different protection techniques and license schemes to control software and data distribution.

Software Copy Protection is the process of protecting software against Piracy, Cracking and Reverse Engineering. Software Copy Protection protects software vendor Intellectual Property, Copyrights and raises software sales.

Data Copy Protection is the process of protecting data against Piracy and illegal distribution. Data publishers need this process to protect their content, their Copyrights and taking control over data using Digital Rights Management (DRM).

Softlock Personal Protector

Softlock Personal Protector protects provides the ultimate protection alternatives for individuals and Enterprises. This software product is provided with Softlock Smart Token hardware devices. It provides Secure Access, Data Protection, Trusted and Secure Data Exchange.

Personal Protector provides the Secure Access to both local or domain windows accounts, it completely replaces normal windows login.

Softlock Personal Protector creates secure storage areas inside user computer, those areas called the Secure Virtual Drives (SVD). Secure Virtual Drive is treated as any computer drive. Secure Virtual Drive is completely encrypted all the time even while normal use. User must authenticate using the correct security device.

Softlock Smart Token and PKI standards

"this software can be the suitable approach for any organization to reach the benefits of files and e-documents exchange within its system."

  • Secure and trusted system for data exchange
  • Establishes data integrity and trust within any organization

Allows the user to Encrypt & Sign any existing files

Targeting a specific user/users with or without group/groups. The Sender uses his private certificate that already burned on the smart token to sign the file.

The encryption will be done using a random key that will be generated from the Smart Token or from Software if the Smart Token doesn’t support this feature. The generated file must hold both public certificates of sender and receiver.

The generated Key will be also added in the generated file but after wrapping it with public certificate of the receiver.

Allows the receiver to Verify & Decrypt a file

A file that has been previously signed and encrypted. The system will do the following:

  • Decrypts the file contents using the key wrapped inside the received file.
  • Verifies the signature using sender’s public certificate which exists inside the encrypted file.

Softlock OTP Authentication Server provides a user friendly web management interface that facilitates the system admin or the security officer work. Furthermore, the Application is cross-browsers i.e. client can use it on:

  • Google Chrome
  • Mozilla Firefox
  • Internet Explorer

Softlock OTP Authentication Server

OTP Authentication server provides solution for user authentication using the one time password OTP method with the back end system at the server side. It allows the end user to perform his authentication through one click.

The OTP Authentication server provides high performance authentication processes via secure communication protocols, the RADIUS and SOAP protocols. The OTP server receives users’ credentials, communicates with the Database/LDAP server to authenticate the user. And finally, it responds to the web server with accept or reject for the user access request.

Softlock SaFlash

The SaFlash USB Drive introduced by Softlock eliminates all the vulnerabilities within the common USB Flash storage. Also, the highest security level is introduced, based on biometric user authentication of the owner. Along with the fingerprint authentication, there is password authentication and memory encryption to secure the memory chip against hardware attacks.

The SaFlash USB Drive can be used as multiple drive exactly as hard disk. Each drive permissions can be easily changed to be read only or read/write with Public and Private storages, public storage require no authentication.

Softlock IDP system can be integrated with different service providers written in (java, .Net or PHP) to give centralized authentication. This can be done in an easy way supporting REST APIs and different SPs to use any identity credential or authentication factor.

SP integration involves passing the identity attributes from the IDP to the target SP application, The SP application uses this information to set a valid session or other security context for the user represented by the identity attributes.

Softlock IDP System

Softlock IDP project is a centralized authentication solution that creates, maintains and manages Identity information and authorization parameters for service providers. It achieves authentication services, customized user data, Single Sign-On and multi-factor authentication.

Softlock Identity Provider can be described as a Service Provider for storing identity profiles and offering incentives to other Service Providers with the aim of federating user identities. It should be noted however that Identity Providers can also provide services beyond those related to the storage of identity profiles.
Softlock IDP System provides a user friendly web interface that facilitates the system modules management for the admin or the security officer.

TOP