FederationCORE TECHNOLOGY
SigabaNet™Sigaba has developed a revolutionary method for securing data in motion. The foundation for all Sigaba products and solutions is the SigabaNet architecture, a baseline platform of security functions that combines rock-solid message security with the tools that enterprises need to maintain control over one of their most valuable resources - information.
THE PROBLEM
VPNs, SSL/TLS, PKI and A-Symmetric encryption key management technologies do not meet commercial and government organizations needs for securing information sharing as it crosses disparate network domains. Access to information must be based on a users assertion credentials that are presented at the time of access to information. In addition, the release decision for information access must always remain in the control of the sender, even after information has been sent outside of their domain. Furthermore, accurate and up-to-date access information must be available at the moment that a recipient opens secured information in order to meet regulatory reporting requirements.THE SOLUTION
SigabaNet- An authentication-based system that utilizes a symmetric key management system.
- Technology that does not require encryption keys to travel with the secured information
- A system that leverage FIPS and ECC certified cryptographic libraries
- Provides both sender control and end-user access reporting
Confidentiality ensures that only intended recipients can read a message. It may be mandated by government regulations, enforced to ensure customer satisfaction or demanded by the customer. When dealing with data in motion, privacy and confidentiality can be assured through a process of authentication, authorization and encryption.
Integrity ensures that a message has not been tampered with while in transit from sender to recipient. Integrity can be achieved by computing a hash, or mathematical computation, of the text of the message. If someone changes even one bit in the message, a completely different hash is created. Since this hash is different from the one originally calculated at the origin, it flags the message as corrupt. Sigaba uses the SHA-1 hashing algorithm.
Auditing and reporting of key access, enabled by Sigaba’s key exchange technology, can be used to determine when recipients read an email. Time stamps are recorded when keys are retrieved by each recipient. Message keys are associated with the sender’s email address, the subject of the message, the time stamp from when the message was sent and a list of all message recipients. Details include the number of times each recipient has read the message and the number of times each has requested the key for the message.
Authentication is the process of verifying that a client is who or what it claims to be. Sigaba has developed a technology called federated authentication that enables our security products to integrate with all existing and future authentication mechanisms. Sigaba Authentication Adapters integrate with authentication mechanisms and produce digitally-signed, standard XML-based authentication assertions that vouch for the user’s identity. Federated authentication technology works with smart cards, digital certificates, tokens, Personal Identification Numbers, usernames and passwords and many other identity schemes.
Origin authentication ensures that a message actually came from the indicated sender and not from an impostor. This is accomplished by attaching a digital signature to the message to prove the sender’s identity. A digital signature is a value appended or associated with digital data that can easily be confirmed as belonging to only one key of a key pair (the signing key), and incorporates a hash of the document to provide integrity protection.
Encryption modifies text so that the resulting message can be read only with the aid of additional information - usually a key that’s available only to the sender and the intended recipient. Sigaba supports both the Advanced Encryption Standard (AES) and 3DES encryption algorithms in all of its encryption software. Sigaba performs encryption using a key exchange, and has developed an approach to managing key exchanges based on distributed key server architecture. In this approach, the sending email client requests a unique key for each message to be encrypted. The key server generates a new random key, stores it and returns a copy to the sending software to use for encryption. When the recipient receives an encrypted message, the Key Server is contacted to request the key. If the recipient is authorized to read the message, the key is retrieved and the message decrypted.
SIGABANET CORE SERVICES
Based on the SigabaNet architecture, our suite of products is ideally suited for the enterprise: highly scalable, easy to install and administer, transparent to users and positioned for future growth. All services are administered through a management console:KEY SERVICES
Key Services, for managing encryption and sender control of messages, are based on the concept that encryption keys should be managed separately from the content they encrypt. A critical component of the SigabaNet architecture is the Key Server, which lets the rightful owner of information designate the individuals who can view it. Sigaba’s breakthrough, patented distributed Key Server technology is based on the simple but powerful concept that encryption keys should be managed separately from the content they encrypt. This innovative idea makes Sigaba technology the strongest on the market. It also enables Federated Authentication, a unique benefit of Sigaba’s Key Server technology.At the core of the concept is a collection of services that create, store and deliver keys to authenticated and authorized requesters. The Key Server performs its operations according to the strictest security requirements. Because it manages keys and not content, administrative costs are minimal. This enables an organization to build an industrial-strength, efficient service with high availability and scalability. It uses industry-standard protocols, so integration into your existing IT infrastructure is effortless.
Our unique key services solution offers:
- Auditing: The content sender can determine exactly when the key was delivered and to whom. This enables organizations to take action based on receipt or non-receipt of a message within a given timeframe.
- Scalability: The key server is highly scalable, because it stores only the key and not the content of a message.
- Protection of keys: The server protects its keys and their attributes while in transit and storage, using the ESRP protocol or (potentially) a cryptographic hardware module.
- Performance: It generally exerts minimal performance impact in the context of the overall application.
AUTHENTICATION SERVICES
Authentication Services leverage your current authentication methods enabling quick implementation of your existing business relationships. Authentication is most valuable when it forms the basis for enforcing access control rules. Authentication takes place both within an organization and among multiple organizations. Even within an organization, there may be multiple sources. This can mean multiple login credentials for end users, and massive headaches for administrators who need to synchronize authentication databases and constantly deal with password reset requests. Sigaba Authentication Services overcome this problem, making secure communication easy.First, Sigaba’s technology enables an organization to quickly implement its business relationships by leveraging existing identities. Sigaba’s solutions provide an interface to all identity or authentication infrastructures, so there’s no need to change your current identity systems or synchronize multiple databases for secure messaging.
And because it separates key management from authentication, our authentication solution can allow you to create a network of trust among various authentication sources and types, both inside the organization and with business partners.
Our Authentication Services:
- support authentication from different domains, enabling global single sign-on and access control
- integrate seamlessly with any authentication mechanism, protecting your investment in existing mechanisms and permitting seamless integration of future ones
- leverage existing identity management systems to provision users on the fly
- are standards-compliant, promoting interoperability between applications and security systems
- provide a single location for managing credentials, easing administration and enabling the deployment of highly secure systems
FEDERATED AUTHENTICATION
Sigaba’s secure messaging solutions are built for the future. Sigaba’s Federated Authentication capability enables organizations to work securely across internal business units, and with external business partners and other third parties as if they were part of the same security domain.Sigaba helps organizations fully realize the benefits of federation, such as increased security and improved access to cross-domain resources. We enable secure communication to be conducted globally, while authentication takes place locally.
Having designed our software solutions early-on to address standard specifications in federated authentication, Sigaba is the first company to provide federated authentication for secure email. We were also first to introduce a Secure Assertion Markup Language (SAML) compliant solution (a set of specifications for single sign-on and federated authentication), demonstrating this interoperability in July 2002.
Sigaba’s customers include major banking institutions, healthcare organizations, government agencies and corporations that want to enable secure communications among a broad network of customers, business partners, agencies, patients and providers, in a way that affords convenience, efficiency, cost savings and complete privacy protection.
Sigaba’s support for Federated Authentication makes it faster and easier to do business or communicate online, by enabling individuals to conduct online financial transactions, receive statements, communicate with health providers, read secure email and receive online news – all with the same credentials.