Copyright © 2013 Intesi Group S.p.A Milano, 13 marzo 2013 | Slide N. 1
Time4Mind … Time4You!
Powered by Intesi Group SpA © 2012
Time4Mind the cloud solution for people in mobility Giuseppe Damiano│ CTO B.U. Products Intesi Group │ [email protected]
Bar
celo
na,
14
th M
arch
20
13
– E
TSI
ESI
Wor
ksh
op -
Sig
nat
ure
s in
th
e C
lou
d
Copyright © 2013 Intesi Group S.p.A Milano, 13 marzo 2013 | Slide N. 2
Time4Mind in “three words”
o Time4Mind is a cloud environment designed and developed by Intesi Group for providing services in the cloud accessible via: o Smartphone o Tablet o Web
o Services are addressed to: individuals and enterprises
o Modular offering o The "three words" of Time4Mind:
Secure, Simple and Mobile
Copyright © 2013 Intesi Group S.p.A Milano, 13 marzo 2013 | Slide N. 3
Time4Mind for Enterprises
o The cloud platform operates according to the model PaaS (Platform as a Service)
o Time4Mind is equipped with APIs and administration interfaces immediately integrated with business applications
o Features: o Qualified Remote Digital Signature platform o One Time Password Strong Authentication service o Safe publishing of documents to Internet with strong encryption o Storage service integrated with business CMS o High-performance automatic signature service
Copyright © 2013 Intesi Group S.p.A Milano, 13 marzo 2013 | Slide N. 4
Time4Mind for Individuals
o The platform operates on a SaaS model (Software as a Service) o Gateway to the most common storage providers (DropBox, Google
Drive, Alfresco, ...) o Advanced file system functionalities (multi provider file search,
move and copy files between providers and accounts, management of asynchronous operations on large amounts of data)
o Security features (Documents encryption, OTP strong authentication) o Signature Features (Qualified Remote Digital Signature) o Multi-device (Smartphone, Tablet, Web) o Sharing functionalities (multi provider folders sharing, configuring
users groups, managing access rights to shared documents) o Advanced features (client module for synchronization to a local drive,
server module for publishing of a private storage, comments and custom metadata management, compressed files management, events and automatic procedures, customizable GUI interfaces)
Copyright © 2013 Intesi Group S.p.A Milano, 13 marzo 2013 | Slide N. 5
InfoCert Qualified Remote Signature Service
Qualified Certification
Authority
Internet
Remote Signature customer
PkBox HSM PkBox Remote
Users
Remote Signature provider
Copyright © 2013 Intesi Group S.p.A Milano, 13 marzo 2013 | Slide N. 6
o Technical info o Up to Milions of users o HSM - Thales nShield Solo F3 PCIe o Documents and Signatures manager - PkBox Enterpise®
o Up to 1.000 RSA 1024 bits hash signatures per second o Dual control user authentication: Password and OTP authentication o Multi OTP provider (SMS, Vasco®, RSA®, Radius, …) o Web Services o Remote Java and .Net API o Communication - SSL with client authentication o Hash algorithm - SHA 256 o Digital signature - RSA 1024 bits (or more) o Signature formats - ETSI CAdES, PAdES and XAdES
InfoCert Qualified Remote Signature Service
Copyright © 2013 Intesi Group S.p.A Milano, 13 marzo 2013 | Slide N. 7
Time4Store Sottotitolo della slide
Time4Store is the Intesi Group proposal for Advanced Cloud Storage Not a new Cloud Storage but a new concept for publishing contents
Functionality of sharing, replication, backup
Encryption of files, folders and names
Gateway to cloud (DropBox, GoogleDrive, Box, …) and private storages and CMS (Alfresco,
Sharepoint, Documentum, FileNet)
Qualified Remote Digital Signature
App iOS, Android and WebApp
1/5
Copyright © 2013 Intesi Group S.p.A Milano, 13 marzo 2013 | Slide N. 8
Time4Store Sottotitolo della slide
Data Management features
Documents can be managed both by users and applications
Document sharing, replication, distribution (multi-provider and multi-user)
Optimized space management
2/5
Copyright © 2013 Intesi Group S.p.A Milano, 13 marzo 2013 | Slide N. 9
Time4Store Sottotitolo della slide
Data protection features
Names encryption for a full protection of information
Transparent decryption on user’s device
Encryption of files and folders for a secure storage on external providers
HSM usage for maximum key protection
Standard formats: Encrypted CMS (RFC 3852) and PGP (RFC 2440)
3/5
Copyright © 2013 Intesi Group S.p.A Milano, 13 marzo 2013 | Slide N. 10
Time4Store Sottotitolo della slide
Remote Digital Signature
Qualified Remote Digital Signature on files and folders
Silent OTP integrated within the mobile application for better user experience
Standard signature formats: ETSI CAdES, PAdES and XAdES
4/5
Different OTP authentication mechanisms (Hardware token, Mobile App, SMS)
Copyright © 2013 Intesi Group S.p.A Milano, 13 marzo 2013 | Slide N. 11
Time4Store Sottotitolo della slide
Strengths of Time4Store proposal
High security and data protection regardless of storage provider
Multi provider document sharing
A unified view of all my data, provider independent
Qualified Remote Digital Signature
5/5
Copyright © 2013 Intesi Group S.p.A Milano, 13 marzo 2013 | Slide N. 12
Time4Mind - Technical info
o API - Web Services and JSON RPC 2.0 REST API o GUI – Javascript Web GUI, iOS and Android native app o Communication - SSL with client authentication o DataBase – MySQL with Galera cluster o Systems management and configuration – Puppet o Virtualization - VMWare o Web SSO - Shibboleth o Two factors user authentication – User Name and Password with OTP o Encryption - RSA 1024 bits (or more) with AES 256 bits o Encryption formats: Enveloped CMS (RFC 3852) and Encrypted PGP
(RFC 2440) o Documents and Database encryption with HSM o HSM - Thales nShield Connect 1500
Copyright © 2013 Intesi Group S.p.A Milano, 13 marzo 2013 | Slide N. 13
Time4Mind … Time4You!
Powered by Intesi Group SpA © 2012
Time4Mind the cloud solution for people in mobility
NB T
rade
mar
ks a
nd lo
gos
show
n he
re a
re o
wne
d by
the
com
pani
es t
o w
hich
the
y re
fer
Giuseppe Damiano│ CTO B.U. Products Intesi Group │ [email protected]
Top Related