Safelayer Secure Communications' results during the “Security and Trust in the Information Society” project, also known as Segur@, which has been partially funded by the Spanish Centre for the Development of Industrial Technology's CENIT programme (reference CENIT-2007 2004).
2. Safelayer: research in the Segur@ Project
• Safelayer’s research in the Segur@ Project focused on:
‒ The electronic passport
‒ User-centric identity management
‒ Innovative authentication mechanisms
‒ Semantic technologies for enhancing trust
‒ Electronic evidence management
• Most important results:
‒ Prototype implementation of innovative applications, available at
sandbox.safelayer.com.
‒ Integration of diverse technologies.
‒ Direct contribution to international standards, including interoperability tests with
other developers.
• The Universitat Politècnica de Catalunya (Technical University of Catalonia)
collaborated in the research.
I+D / June 2011 WWW.SAFELAYER.COM 2
3. Electronic Passport
• Safelayer actively participated in the definition of the PKI architecture that
will support the deployment of the second generation electronic passport
in the following tasks:
‒ Specification of the communication protocol that allows the key exchange
among member states.
‒ Implementation and testing of the PKI for the card verifiable certificates
contained in the passport.
‒ Study of the implications of the deploying of national public key directories that
are managed by the governments and handle the material required to validate
the passport certification chains.
‒ Design of an inspection system prototype.
‒ Implementation of a centralized directory prototype for the distribution of
cryptographic material to the inspection systems.
• This work was undertaken at an international level as an extension of the
Brussels Interoperability Group’s efforts.
I+D / June 2011 WWW.SAFELAYER.COM 3
4. User-centric identity management
• Safelayer developed an experimental identity provider that integrates
several user-centric identity management technologies:
‒ Authentication with managed information cards.
‒ Identity data import from digital certificates (national ID card), RDF documents
and OpenID providers with source verification: the information that comes
from trusted sources is recognized and evaluated.
‒ Dynamic identity attributes.
• A FOAF document editor was also designed and implemented. It can
intelligently merge identity profiles stored on different social networks.
• To simplify the handling of FOAF documents and minimize the need to
use specific RDF tools, Safelayer published foaf4j API under GPL
license.
• All the experimental applications are available at sandbox.safelayer.com.
I+D / June 2011 WWW.SAFELAYER.COM 4
5. Innovative authentication mechanisms
• In order to improve authentication processes, innovative mechanisms
were designed that, while still being user-friendly, provide a level of
security that is proportional to the risk.
‒ One time passwords, which are more secure.
‒ Graphical passwords, which are easier to remember.
‒ Mutual authentication of client and server.
• Two innovative and ergonomic strong multifactor authentication
experimental systems were designed and validated:
‒ gOTP generator for iPhone, available at App Store.
‒ QR-Scan OTP for Android, available at Android Market.
‒ Both applications can be used as authentication mechanisms for
sandbox.safelayer.com.
• Safelayer applied this knowledge in its contributions to the ISO/IEC
standards on identity, authentication and access control management.
I+D / June 2011 WWW.SAFELAYER.COM 5
6. Semantic technologies for enhancing trust
• Safelayer worked with semantic languages and tools to:
‒ Integrate identity and security information.
‒ Infer new information that is not explicitly stored in knowledge bases.
‒ Facilitate application interoperability and service discovery.
• Ontologies and solutions that improve security and trust applications were
proposed, focusing on and validating the following use cases:
‒ Digital Rights Management: Prototype of the semantic authorizer to protect
resources.
‒ Semantic digital signature: Provides integrity and authenticity to fragments of
information that are endorsed by different trust sources without compromising the
whole document as current standard signature formats do.
‒ Authentication mechanisms: Dynamic assessment of their level of assurance.
‒ Trust: Assessment of the factors that influence the PKI keys life-cycle and usage
environment.
‒ Access control: XACML policy validation and proposal of a semantic schema for
better exploiting information on resources.
I+D / June 2011 WWW.SAFELAYER.COM 6
7. Electronic evidence management
• To enhance the security information management systems, Safelayer
worked on the creation and management of electronic evidences.
• A system that provides technical and legal validity to the security
information that is gathered and processed by the cooperative information
management system was proposed and tested.
‒ The system supports creating, storing and accessing electronic evidences
associated to events that need to be stored over the long-term.
• A service that endorses the participation in electronic transactions was
designed and validated to enhance the cooperative information
management system security with electronic evidences of all information
exchanges.
• With regard to the management of information that might be required in
the long term:
‒ The implications of long-term information storage was studied in terms of
access, interpretation and trustworthiness.
‒ The feasibility of using ontologies to structure security information events was
studied.
I+D / June 2011 WWW.SAFELAYER.COM 7