Secure authentication is essential in the digital world. Applications, systems and infrastructures require proof that the person interacting with them is actually who they say they are. Hence administering users, identities and their authentication attributes is a subject of increasing significance in the electronic world. Different applications also require different characteristics from authentication mechanisms:
Conventional password-based access procedures are no longer secure following the continuing development of attack technologies such as phishing or Trojans. Certificate-based authentication solutions are of help here, using tokens or smartcards to provide strong authentication mechanisms. A public key infrastructure (PKI) is needed to generate and manage the certificates..
Such public key infrastructures are also used in the secunet SINA product line. SINA is a cryptographic solution for secure storage, processing, transmission and verification of highly-sensitive information. The certificates required for the authentication are generated by a dedicated SINA PKI. SINA is also ideal for setting up a secure virtual private network (VPN) over a potentially insecure network such as the internet. National and international authorities have been using this technology, developed in conjunction with the German Federal Office for Information Security (BSI), for years.
Authentication is not only required for encrypting network connections and storing data. Use of reliable authentication is also required when encrypting emails, so that sensitive content is protected from third-party access.
Identity and access management
Another area for authentication solutions is complex user hierarchies, which can also occur in small companies and organisations. Controlled, secure access for customers, partners and suppliers can quickly become confusing. Identityand access management provides an overview of all access permissions in companies and authorities and helps to control them. The transparency achieved offers protection against data misuse, enables fast response to changes and helps with adherence to legal provisions (compliance).
As identities and their permissions are frequently processed in different locations in a company, such as the HR department, IT or security, it is necessary to ensure consistency for the various identities set up. This is often done manually and harbours the risk of “ID corpses” and obsolete permissions. A permission system using single sign-on overcomes this challenge effortlessly. It provides all the applications being used with the necessary login data following a single, successful primary authentication by the user. To do so, the identity and role of the employee must be set up just once centrally in a master directory, and associated services draw on this directory.
Administrative processes and staff portals also require appropriate, secure access that complies with data protection law - and authega was developed for just such uses. authega is a tried and tested solution for secure authentication in intranet and internet applications in the eGovernment and is based on the same technology as the ELSTER electronic tax return system.