1 Introduction *

2 Transaction Security *

3 Network Security (virtual private networks) *

1. Introduction
1. Assumptions

The information provided in this document is based on the assupmtion that the Danish IT Security Council wants to evaluate the availability of end-user solutions for electronic commerce in its broadest sense. We therefor left out information regarding classic PC access control, disk/file encryption solutions or public key infrastructure and focus on solutions for transaction security and network security. We also asume that the reader is familiar with the basic concepts and technology of IT security.

2. Short Overview of our portfolio

1. Transaction Security
1. Turnkey solutions for end users

The security objections against digital signatures no longer exist since the emergence of legal frameworks like the Euorpean Commission’s directive on electronic signatures (30/11/1999) or national laws like the German digital signature act. These initiatives enables trade, industry and the authorities to sign and verify electronic documents in a legally valid manner.

With SafeGuardÒ Sign&Crypt, Utimaco is offering as one of the very first companies a solution for legally recognized digital signatures that is soon to be certified in accordance with ITSEC E2. Electronic data can be signed and verified with SafeGuardÒ Sign&Crypt. In addition to this, the data can be compressed and/or encrypted with very secure algorithms. In the standard applications Word, Exchange/Outlook and Lotus Notes (currently on a project basis only), SafeGuardÒ Sign&Crypt can be integrated through plug-ins. With the help of the Software Development Kit (SDK), all of the signature functions of SafeGuardÒ Sign&Crypt can also be integrated for use with other Windows applications.

Special feature: Thanks to the WYSIWY or "what you see is what you sign" concept, the user sees precisely what he/she is signing irrespective of the parameters of an application. The viewer provides protection against macro manipulation of the signed document.


SafeGuard Sign&Crypt
type of users	private and corporate end users
application	secure e-mail (Outlook, Exchange, Lotus Notes) document security (Word, Excel) secure transactions (can be integrated in other applications via a SDK)
security functions	confidentiality authentication non-repudiation of origin integrity
security level	ITSEC E2 high DES/3DES RSA 1024 bit (2048 bit version available soon)
key storage	encrypted key files RSA smartcards
supported standards	standard algorithms (see higher) X509 v3 certificates CLR v2 certificate revocation LDAP v2 certificate and CRL retrieval protocols S/MIME v2, PKCS#7 and MailTrust
supported platforms	Windows 95 / Windows 98 / Windows NT 4 (Windows 2000 is foreseen)
distribution medium	diskette or CD ROM
price level	approx. 40-120 Euro




 

2. Smartcard solutions for mainstream applications

The cardMan smartcard readers support all relevant smartcard standards and are available as stand-alone devices, integrated devices and PC Card devices for portables.

CardMan smartcard readers
type of users	private and corporate end users
application	all smartcard enabled applications e.g. Netscape Navigator and Messenger, Internet Explorerer, etc.
security level	ITSEC E2
supported standards	ISO 7816 PC/SC PKCS#11 CT-API Home banking Computer Interface interfaces RS232 / USB / PC Card Microsoft label "Designed for Windows 95/98/NT"
software and drivers	PKCS#11 plug-in for Netscape PC/SC IFD for Microsoft Windows CardMan API software development kit proprietary drivers for DOS, Win3x and OS/2
supported platforms	DOS/Windows 3.x/Windows 95 / Windows 98 / Windows NT 4 (Windows 2000 is foreseen) and OS/2
models	external models "desktop" and ‘compact" integrated in a PC keyboard PC Card form factor II (PCMCIA)
price level	approx. 40-100 Euro

 

3. Corporate solutions

The CryptWareÒ Toolkit is an ANSI-C library which provides all necessary cryptographic and administrative functions to build secure electronic transaction systems easily, e.g. e-mail, EDI, telebanking, e-commerce systems and public key infrastructure components. CryptWareÒ Toolkit has an open architecture and is based on fast software implementations of industry approved algorithms i.e. RSA, triple-DES, IDEA, SQUARE, RIPE-MD160, MD5, SHA-1, etc. are all supported. Furthermore, protocols such as X.509, S/MIME, PKCS#7, MailTrust, PKCS#10, etc. are followed very closely. It is also designed to accommodate alternatives (e.g. PEM, PKIX, etc.) and various off-the-shelf hardware options including, RSA smartcard and the CardManÒ Compact reader, CryptWareÒ Board, CryptWareÒ Server, etc.

CryptWare Toolkit
type of users	corporate transaction servers or integrated in corporate client applications
application	automated secure e-mail document security and secure file transfer/archiving secure transactions
security functions	confidentiality authentication non-repudiation of origin integrity
security level	DES/3DES/IDEA/RC2/SQUARE/SHA-1/MD2/MD5/RIPE-MD160 RSA 2048 bit
key storage	encrypted key files RSA smartcards tamper proof hardware boards (own design and 3rd party)
supported standards	standard algorithms (see higher) X509 v3 certificates CLR v2 certificate revocation LDAP v2 certificate and CRL retrieval PKCS#11 protocols S/MIME v2, PKCS#7, and MailTrust (dynamic protocol switching)
supported platforms	Windows 95 / Windows 98 / Windows NT 4 (Windows 2000 is foreseen)/Unix
distribution medium	diskette or CD ROM
price level	approx. 33-10.500 Euro

2. Network Security (virtual private networks)
1. Software based VPN gateways

SafeGuardÒ VPN provides the possibility of setting up a Virtual Private Network in public networks, eliminating typical security deficiencies of such networks with little implementation and maintenance effort. This solution guarantees security when data is transferred between branches and head offices and when the company network is accessed by travelling employees. Access to the Virtual Private Network is protected reliably using a X.509 user certificate which is stored on the user´s smartcard (possession and knowledge). As soon as the user makes a connection between his/her usual application and a protected server, a log-on is carried out in the background with his/her certificate. The security here lies in the process employed, which is based on strong encryption with a 1024 bit-long key. Once the user has been recognized beyond doubt, all of the data that he or she exchanges with this server or a protected network is encrypted (e.g. with IDEA 128bit). The same principles are applied to establish secure site-to-site network connections.

SafeGuard VPN
type of users	private and corporate end users, corporate site-to-site security
application	secure TCP/IP network connections (LAN/WAN/RAS/internet/…)
security functions	confidentiality authentication integrity IP packet filtering end-to-end, site-to-site and end-to-site
security level	DES/3DES RSA 1024 bit
key storage	encrypted key files RSA smartcards
supported standards	standard algorithms (see higher) X509 v3 certificates CRL v2 certificate revocation LDAP v2 certificate and CRL retrieval IPSEC RFC-1825..1829 ESP and AH Generic Security Services API
supported platforms	Windows 95 / Windows 98 / Windows NT 4 (Windows 2000 is foreseen)/UNIX
distribution medium	diskette or CD ROM
price level	approx. 175-1250 Euro

 

3. Hardware based VPN gateways