Technology
The risk of digital carelessness
The media report regularly on large data theft scandals and network attacks. For years, business and individuals have been warned by experts and politicians to better protect themselves and their data. Yet the number of reasons and excuses to avoid taking precautions is large: a naivety which has already been the downfall of many businesses and individuals in the past. The media reports are merely the tip of the iceberg so don’t waste any time in improving your IT security!
Identity theft and abuse
With enough information, anyone can pose as your employee in your company network and obtain access to your confidential data!
Unambiguous identities are the basis for secure transactions in the digital world
The solution achieves unambiguous online authentication of the players with whom you come into virtual contact.
With truedentity, you can have faith in the true identity of employees, customers and online service providers and therefore reliably protect your internal and external systems and data from unauthorized access.
Scalable security
Two-factor authentication for trust and security
truedentity guarantees mutual unambiguous identification of user and service. Based on two-factor authentication, the unique identity of all persons or machines concerned is checked before communication takes place. For this purpose, a truedentity server, as an independent link between the concerned parties, verifies the genuineness of both parties and then grants access to the secured data. The subsequent communication is encrypted and follows the BSI’s security standards for the new German ID card (nPA).
Decide yourself
The secure authentication technology can be deployed flexibly, thereby offering need-oriented solutions with scalable protection levels. Examples of possible components for two-factor authentication (ownership component and knowledge component) include:
Physical token (mobile phone / computer / USB stick / chip card) and PIN
Physical token and one-time passwords (TAN list, mTAN, TAN generator)
Physical token and biometrics (iris, fingerprints, hand vein pattern)
Caution!
One-factor authentication (user name and password) provides an attractive attack surface for identity theft. Even complicated passwords can be cracked with special programs and should therefore be considered very insecure.
- Replaces user name and password
- Two-factor authentication
- Forgery-proof through multi-step verification process via truedentity server
- High-level encryption of data and communication channels
- Combination of hardware and software security
Added value
With the increasing rate of abuse of confidential data and information, the need for greater security on the internet is constantly increasing. truedentity enables unambiguous identification of the players with whom you will come into contact, thereby offering many advantages for service providers and users.
Advantages for service providers:
- Reliable identity verification as a foundation for your business processes
- Securing of the core business by minimizing risks
- Secure identification of stakeholders outside one’s own company infrastructure
- Audit-proof, seamless processes with external communication partners
- Adherence to compliance and data protection requirements
- Harmonization of existing identification methods
- Increased access security for your cloud services and applications
- Better image by increasing your customers’ trust in your services
- Extending the possible uses for your customer loyalty cards, membership IDs, employee ID cards, etc.
- Immediate revocation of identities or access authorizations in the event of loss or theft
Advantages for users:
- Security through modern authentication and encryption of the identity
- Protection against phishing attacks and data theft
- The service provider’s trustworthiness is confirmed by way of a certificate
- Control over data that is read out or transferred
- Can be used on PCs, tablets, smart phones, USB sticks, chip cards and lots more besides
- Intuitive and easy to use
Product features
The truedentity client and server technology (technology stack) was developed in accordance with the BSI’s technical guidelines for the new German ID card (nPA). At the heart of the security technology is the interplay between application software (truedentity client), an independent eID server (truedentity server) and the electronic identity (truedentity ID).
Electronic certificates ensure the authenticity of the communication and of the identity data exchanged, while cryptographic methods ensure confidentiality and protection against forgery. In this way, truedentity reliably ensures that identity data is only exchanged with trustworthy, authorized communication partners.
truedentity Client
The truedentity client is the connection between the user’s electronic identity and a program used for authentication vis-à-vis the service provider.
- Intuitive and easy to use
- Identity data is only transferred after being released by the user
- Can be used on PCs, tablets or smart phones
truedentity ID
- Securing the electronic identity through signature and encryption
- Varied identity media (USB stick and chip card to name but two)
truedentity-Server
The truedentity server is the link between the truedentity client (user) and service provider and therefore constitutes the trust-creating entity in the identification process.
- Independent entity for unambiguous authentication of user and service
- Secure and authentic reading out of the identity data
- Retrieval of authorization certificates and revocation lists
- Open server administration interfaces
- Modular structure
- Multi-client and cluster-capable
- SOAP and SAML connection
- J2EE-compliant solution
- Based on the BSI’s eCard API Framework
Registration & authentication
Creating a truedentity identity
Before a user can authenticate himself via truedentity, his identity must be prepared. The user will receive an activation code to complete the registration process. His or her identity will be stored only on the desired identity medium.
Authentication & login
In order to obtain access via truedentity to a secure area, the user must authenticate himself unambiguously. For this purpose, he uses his identity medium as well as a PIN / a biometric identification feature.
The eID service now verifies the identities of the user and the service provider as well as the latter’s authorization to read the data. If the mutual authentication is successful, the user will obtain access to the secure system.
truedentity is connected via standard interfaces to the service provider’s rights management system. In this way, each user can be authorized or blocked for individual access.
Authentication involves communication between:
- Identity provider (eID service)
- Identity consumer (service provider)
- truedentity client (end-user)
Solution partners
Secure solutions with strong partners
With the aim of optimally deploying the innovative truedentity authentication technology, we work closely with our customers and with leading companies from the IT sector. By exchanging expertise and knowledge within our strong partner network, new business areas regularly open up, expanding the range of products available to our customers and offering genuine added value through innovation.
Become a partner
The innovative truedentity technology can be connected with a wide variety of additional services, thereby making a significant contribution to IT security in business processes.
Would you like to be kept up to date on interesting partnership opportunities? Then send an e-mail to partner[at]openlimit.com or call us on +49 30 400 3510 20.
Our team is there for you!
Solution examples
Web-based forms with electronic identity and signature
By connecting truedentity and the cit intelliForm, new prospects are opening up for the use of web-based forms. With due consideration of all legal and security-relevant aspects, you can quickly and easily create web-based forms, including electronic signatures.
Security through biometrics
The new product FUJITSU PalmSecure truedentity allows companies of every size to optimally protect their physical and virtual access procedures as well as their data and payment processes.
The multi-factor authentication solution combines truedentity with the Fujitsu vein scan technology, thereby offering a very high level of protection against identity misuse.
CIT
Web-based forms with electronic identity and signature
Regardless of whether you’re talking of contracts, orders, applications, protocols or check lists – modern businesses are increasingly switching their customer communications and internal procedures to paperless format, thereby saving time and money and protecting the environment.
By connecting truedentity and the cit intelliForm new prospects are opening up for the use of web-based forms. With due consideration of all legal and security-relevant aspects, you can quickly and easily create web-based forms, including electronic signature. Here, truedentity reliably secures access to the web portal, so that only authorized persons gain access.
For even more effective process optimization, the technology has already been integrated into different specialist applications and can be expanded at will.
Advantages:
- Simple creation and handling of electronic forms
- Entire process is web-based and seamless
- Can be quickly implemented with little training
- Legally valid signature function
- Unambiguous verification of the creator’s identity through access authorizations
- Versatile integration into specialist applications through web service technologies
cit GmbH
cit GmbH is a leading provider of flexible platforms for form management and document-based processes. With the innovative product family cit intelliForm, cit is supporting government authorities and businesses in the web-based implementation of complex application and administrative processes in the e-government and customer service areas. www.cit.deFUJITSU PalmSecure truedentity
Security through biometrics
The new product FUJITSU PalmSecure truedentity allows companies of all sizes to optimally protect their physical and virtual access points as well as their data and payment processes.
The flexible and easy-to-use multi-factor authentication solution combines the Fujitsu vein scan technology PalmSecure with the security technology truedentity and therefore ensures unambiguous authentication of all parties who come into contact with one another via the system. PalmSecure truedentity offers the utmost in protection against identity misuse and boast a high degree of user-friendliness.
Flexible factors for scalable security
The authentication takes place via the matching of authentication factors, including biometric data. Both access data and the user’s biometric hand vein profile are used for this. Depending on the security level, PalmSecure truedentity works with the following application scenarios:
Active Card:
Data and vein pattern are stored on the card and so remain in the possession of the user at all times.
Passive card with memory:
The data are kept in a centralized memory (remote storage), while the vein pattern is stored on the card.
Passive card without memory:
Data and vein pattern are stored remotely, with only a unique identifier being kept on the card (Universally Unique Identifier – UUID).
Cardless:
Data and vein pattern are stored remotely. Instead of using a card as the ownership factor for the authentication, the user enters his or her user name or a personal number.
Product video: FUJITSU PalmSecure truedentity
Authentication process
For authentication purposes, the user is prompted to hold his hand over the vein scanner. The biometric hand vein profile is read and compared with the stored reference patterns. If the data match, the authentication process can be successfully completed. Depending on his authorization, the user will now receive access to the desired physical or virtual space.
Advantages:
- Reliable protection against identity misuse
- Unambiguous identification through biometric hand vein recognition
- Replaces insecure PIN/password entry
- User-friendly and fast authentication process
- High level of user acceptance thanks to the contactless, hygienic surface
- Flexible solution integration for a wide range of application scenarios
- Local storage of identity data and vein patterns on the chip card
