Upload
dodiep
View
214
Download
0
Embed Size (px)
Citation preview
Copyright © 2013 Intesi Group S.p.A Milano, 19 marzo 2013 | Slide N. 1
Time4Mind … Time4You!
Powered by Intesi Group SpA © 2012
Time4Mind the cloud solution for people in mobility
Giuseppe Damiano│ CTO B.U. Products Intesi Group │ [email protected]
Barcelo
na,
14
thM
arch
20
13
–E
TS
I E
SI W
orksh
op
-S
ign
atu
res in
th
e C
lou
d
Copyright © 2013 Intesi Group S.p.A Milano, 19 marzo 2013 | Slide N. 2
Time4Mind in “three words”
o Time4Mind is a cloud environment designed and developed by Intesi Group for providing services in the cloud accessible via:
o Smartphone
o Tablet
o Web
o Services are addressed to: individuals and enterprises
o Modular offering
o The "three words" of Time4Mind:
Secure, Simple and Mobile
Copyright © 2013 Intesi Group S.p.A Milano, 19 marzo 2013 | Slide N. 3
Time4Mind for Enterprises
o The cloud platform operates according to the model PaaS (Platform as a Service)
o Time4Mind is equipped with APIs and administration interfacesimmediately integrated with business applications
o Features:
o Qualified Remote Digital Signature platform
o One Time Password Strong Authentication service
o Safe publishing of documents to Internet with strong encryption
o Storage service integrated with business CMS
o High-performance automatic signature service
Copyright © 2013 Intesi Group S.p.A Milano, 19 marzo 2013 | Slide N. 4
Time4Mind for Individuals
o The platform operates on a SaaS model (Software as a Service)
o Gateway to the most common storage providers (DropBox, Google Drive, Alfresco, ...)
o Advanced file system functionalities (multi provider file search, move and copy files between providers and accounts, management of asynchronous operations on large amounts of data)
o Security features (Documents encryption, OTP strong authentication)
o Signature Features (Qualified Remote Digital Signature)
o Multi-device (Smartphone, Tablet, Web)
o Sharing functionalities (multi provider folders sharing, configuring users groups, managing access rights to shared documents)
o Advanced features (client module for synchronization to a local drive, server module for publishing of a private storage, comments and custom metadata management, compressed files management, events and automatic procedures, customizable GUI interfaces)
Copyright © 2013 Intesi Group S.p.A Milano, 19 marzo 2013 | Slide N. 5
InfoCert Qualified Remote Signature Service
QualifiedCertification
AuthorityInternet
Remote Signature
customer
PkBox HSMPkBox Remote
Users
Remote Signature
provider
Copyright © 2013 Intesi Group S.p.A Milano, 19 marzo 2013 | Slide N. 6
o Technical info
o Up to Milions of users
o HSM - Thales nShield Solo F3 PCIe
o Documents and Signatures manager - PkBox Enterpise®
o Up to 1.000 RSA 1024 bits hash signatures per second
o Dual control user authentication: Password and OTP authentication
o Multi OTP provider (SMS, Vasco®, RSA®, Radius, …)
o Web Services
o Remote Java and .Net API
o Communication - SSL with client authentication
o Hash algorithm - SHA 256
o Digital signature - RSA 1024 bits (or more)
o Signature formats - ETSI CAdES, PAdES and XAdES
InfoCert Qualified Remote Signature Service
Copyright © 2013 Intesi Group S.p.A Milano, 19 marzo 2013 | Slide N. 7
Time4StoreSottotitolo della slide
� Time4Store is the Intesi Group proposal for Advanced Cloud Storage
� Not a new Cloud Storage but a new concept for publishing contents
Functionality of sharing, replication, backup
Encryption of files, folders and names
Gateway to cloud (DropBox, GoogleDrive, Box, …) and private storages and CMS (Alfresco,
Sharepoint, Documentum, FileNet)
Qualified Remote Digital Signature
App iOS, Android and WebApp
1/5
Copyright © 2013 Intesi Group S.p.A Milano, 19 marzo 2013 | Slide N. 8
Time4StoreSottotitolo della slide
Data Management features
Documents can be managed both by users and applications
Document sharing, replication, distribution(multi-provider and multi-user)
Optimized space management
2/5
Copyright © 2013 Intesi Group S.p.A Milano, 19 marzo 2013 | Slide N. 9
Time4StoreSottotitolo della slide
Data protection features
Names encryption for a full protection of information
Transparent decryption on user’s device
Encryption of files and folders for a secure storage on external providers
HSM usage for maximum key protection
Standard formats: Encrypted CMS (RFC 3852) and PGP (RFC 2440)
3/5
Copyright © 2013 Intesi Group S.p.A Milano, 19 marzo 2013 | Slide N. 10
Time4StoreSottotitolo della slide
Remote Digital Signature
Qualified Remote Digital Signature on files and folders
Silent OTP integrated within the mobile application for better user experience
Standard signature formats:ETSI CAdES, PAdES and XAdES
4/5
Different OTP authentication mechanisms (Hardware token, Mobile App, SMS)
Copyright © 2013 Intesi Group S.p.A Milano, 19 marzo 2013 | Slide N. 11
Time4StoreSottotitolo della slide
Strengths of Time4Store proposal
High security and data protection regardless of storage provider
Multi provider document sharing
A unified view of all my data, provider independent
Qualified Remote Digital Signature
5/5
Copyright © 2013 Intesi Group S.p.A Milano, 19 marzo 2013 | Slide N. 12
Time4Mind - Technical info
o API - Web Services and JSON RPC 2.0 REST API
o GUI – Javascript Web GUI, iOS and Android native app
o Communication - SSL with client authentication
o DataBase – MySQL with Galera cluster
o Systems management and configuration – Puppet
o Virtualization - VMWare
o Web SSO - Shibboleth
o Two factors user authentication – User Name and Password with OTP
o Encryption - RSA 1024 bits (or more) with AES 256 bits
o Encryption formats: Enveloped CMS (RFC 3852) and Encrypted PGP (RFC 2440)
o Documents and Database encryption with HSM
o HSM - Thales nShield Connect 1500
Copyright © 2013 Intesi Group S.p.A Milano, 19 marzo 2013 | Slide N. 13
Time4Mind … Time4You!
Powered by Intesi Group SpA © 2012
Time4Mind the cloud solution for people in mobility
NB T
radem
ark
s a
nd logos s
how
n h
ere
are
ow
ned b
y t
he c
om
panie
s t
o w
hic
h t
hey r
efe
r
Giuseppe Damiano│ CTO B.U. Products Intesi Group │ [email protected]