Web Identity - Netfusion

Web-Identity is the system based on the hardware key that, once inserted in the USB port of the PC, enables recognizing the user of a Web-based application univocally and establishing protected and encrypted transactions on Internet, Intranet and Extranet networks. Web-Identity solves any management and replicability problems of user-name and password-based systems simply and functionally.

The unique authentication and the security of the transactions are based on the features of the device, which has its own microprocessor and has been specially implemented for security functions, and on private key encryption algorithms which are time variable.

Thanks to the standard interface and USB plug&play and to a set of ActiveX components and Client and Server Plug-ins, Web-Identity has proved to be the best solution, not only in terms of security but also from the point of view of simplicity and seamlessness. The features of the token make it the ideal tool for saving passwords, electronic certificates, electronic shopping bag features and any other information relating to the user or to the service being used which could be considered worthy of saving inside the device.

How it works

Web-Identity is the ultimate solution to the problems of controlled distribution of information over the Internet.

Whoever needs to protect and check access to web pages, services, databases or more generally, specific areas of an Internet site, will only have to give authorized users of the Internet service a properly initialized Web-Identity token.

Thereafter, the user will simply plug Web-Identity into the USB (Universal Serial Bus) port of the computer without going through any installation procedures at all.

The Server application will take care of setting up secure communications with the token in order to authenticate the user. User identification is carried out on the basis of information resident in the device and in combination optionally with the user supplied password (two factor authentication).

When the Client has been identified and the user authorization checked, Web-Identity sends the custom, private information to the user, encrypting the content with the Blowfish 256 bit algorithm and the time variable key which is linked to the secret value in token.

The information can be either HTML pages, database information with web interfaces, forms, download areas etc. The transaction of this information over the web is encrypted both from the server to the Client and vice versa.

Web-Identity is supplied with a SDK (Software Development Kit) which lets you integrate with ActiveX Server components and ActiveX Client Plug-Ins which can be integrated during the setting up of protected sites and downloaded and executed automatically and seamlessly in the Client by the user when he first connects to the site.

Controlled access to restricted Internet sites
Storage of digital certificates and electronic signatures
User identification for remote Internet/Intranet access
User identification for Virtual Private Networks (VPN)
Sales of services over the Internet
Remote management of sales networks
Management of consumer services over the Internet
Controlled distribution of information over Internet or Intranet
Sales of software and information services over Internet
User identification for handling web-based database access rights and authorizations

Publishing: on-line sales of newspaper and magazine subscriptions
The on-line sales of newspapers and magazines must take into account those security features which a login & password can’t provide but must also be flexible when it comes to a user-friendly interface. web-identity is the ideal solution for the sales of newspaper and magazine subscriptions on-line: it provides for identification of the user based on the identification of WEB-IDENTITY, encryption and decryption of information on the fly through the use of time-dependent algorithms known to the web-identity Server and the web-identity Token, availability of writeable memory in which information can be saved (information regarding the period of the subscription, the type of magazine, the customers etc.) and a standard interface on every PC all add up to a safe and flexible solution for on-line sales of magazines:

The user of the service can connect and “read the newspaper” on-line using any personal computer equipped with a USB or Parallel port: the utmost in PC standards.
The web-identity Device is transparent to any other hardware or software device.
Its use does not require additional hardware or software over and above web-identity .
Information regarding the customer, the expiry date of the service and details of the subscription can be stored within the Device: such information is protected by a 16 + 16 byte access code.

Thanks to web-identity other services can be made available to the user such as access to past editions of the on-line magazine (or the chance to download old issues of the magazine: this could be a service aimed in particular at schools and universities etc.): with web-identity it is actually possible to provide selective access to information relying on the data protected and saved in web-identity , the secure token because it cannot be cloned.

Software-houses: support services and upgrades on-line
Those Software-Houses which have begun distributing upgrades and supplying supplementary service over internet to their registered customers have found in web-identity the optimum solution to the problem: every legally purchased copy of the software will be associated with a single web-identity key which will allow access to the protected site from which upgrades can be downloaded, where technical support is available through mailboxes or protected forms: offering customers these services over internet means totally automating the work of the technical support staff as well as the task of getting upgrades out to customers.

The advantage of supplying services over internet (rather than the widely used direct, remote connection via modem for example) means first of all lower costs (internet is always available at the cost of a local telephone call), moreover, when it comes to customer fidelity, a service offered over internet is perceived as being significant added value. To be able to use technical support and other services over internet means considerable savings for both the client and for the software house.

Territorial sales force automation
web-identity is the ultimate solution for the automation of a distributed sales network: large companies which have a distributed sales organization can use web-identity to automate it: up till now this type of solution was normally found in applications and tools which tended to be very expensive, less flexible and more difficult than Internet, but nevertheless offering greater security.

Leveraging the potential offered by web-identity, it is possible to create internet tools for the protected exchange of information between agents and the company Web-Server. All the company has to do is to build Web-based applications which satisfy its needs and solves the problems in question. When the applications are installed on a web-identity protected Web Server, selective access will be guaranteed (linked to parameters and restrictions relative to every single user) only to those equipped with a properly initialized web-identity programmed with the features of the various users of the system.

For example, the problem could be keeping the network of sales people supplied with up to date information: price lists, availability of goods, special offers, marketing support material etc.

Up till now, problems of this type were usually solved through the use of a direct connection via modem between the remote client (normally the portable PC of the sales person) and the Server in order to update the archives (often using Lotus Notes).

web-identity allows you to use a different approach to the problem: the sales Agent who has web-identity doesn’t have the problem of updating his archives: without taking anything with him he can go to the customer carrying web-identity in his pocket or attached to a key-ring, and complete his negotiations. At the time of taking the order and by way of checking on availability or price variations, the Agent could show this information to his client and print it if necessary, knowing without a doubt that once he leaves the client’s office there is no way the client can access that restricted information.

It goes without saying that the automatic handling of such issues will undoubtedly convey a professional feeling to the client in question.

Access by top-management to restricted information
Within a company Intranet/Extranet it may be necessary to guarantee the confidentiality of information relative to the financial or administrative areas by making it accessible only to Top Management. web-identity allows you to grant access rights in a distinct and selective way to the various owners of web-identity and related to the service in question: for example, it’s possible to give selective access to this restricted information: thus authorization could be based on cost centers or operating divisions within the company etc.

This way we would be able to authorize access to the protected information regardless of wherever the client requesting access to it be physically located.Top Management can then examine the information it is authorized to access from the workplace, home or airport etc.

The security and the flexibility of the solution make it the ideal tool for handling any process of user authentication (related to the resulting restrictions) within the company networks: Intranet, Extranet, VPNs, Internet.

Moreover, the same web-identity can be used to guarantee access to more than one database (within the same service): this way it could be possible to use the same token to access different company databases with a web interface.

Home banking and remote banking
For every application in the area of home-banking web-identity represents a highly secure and unambiguous solution compared to other solutions used nowadays in this sector (at most based on logins & passwords): the device cannot be cloned, the encryption process is time-dependent on-the-fly and the flexibility of the hardware token make it possible to carry out secure financial transactions and at the same time maintain flexibility; this way the user of the service will always have the certainty that the operations carried out will be totally confidential. Moreover, he can communicate interactively with his bank regardless of his physical location whether it be his office or from any personal computer with internet access: from home, the airport or his workplace etc.

Another positive element of the web-identity based solution is the fact that internet is always available at the cost of a local telephone call regardless of geographic location of our user. Direct connection via modem, which is widely used nowadays, while offering greater guarantees in terms of security and confidentiality compared to the use of logins and passwords over internet, is certainly not the best solution in terms of cost of ownership.

web-identity takes internet to such levels of security so as to allow the use of this resource for the handling and controlled distribution of delicate and non-disclosable information.

Building and management of distributed competence centers
Let’s consider the case of an organization working within a territory and having a series of Competence Centers which have the aim of promoting products and services to users as well as supplying technical assistance and managing warranty agreements etc. Internet could be a solution for the complete automation of distributed Competence Centers within the territory.

All the company would have to do is to build Web-Based applications which address the needs and solve the relative company problems. Once the applications are installed on a web-identity protected Web Server, selective access will be guaranteed (linked to parameters and restrictions relative to each individual user) only to those equipped with a properly initialized web-identity key programmed with the features of the various users of the system.

With this system, each individual user can be given just the information which is of close interest to him (prices and/or customized discount tables, maintenance reports, order scheduling and handling, without going into to the power of internet in terms of the speed of distribution of a wide variety of information: new product launches and promotional campaigns. Moreover, Competence Centers can place orders directly, check on availability of goods or shipping conditions etc. completely independently which makes it an ideal tool for the reduction of the workload inside the organization, favoring new business opportunities.

Handling the distribution of information and the interaction between the head office and branch offices or remote sites with web-identity means providing a solution which is secure, efficient, cost effective for the supplier of the service, easy, flexible and true Plug & Play for the user of the service.

Associations: safe and easy communication among members
Ever more frequently, in striving towards greater synergy and market force, independent organizations are uniting through global agreements or associations. Usually the reasons for opting for this type of solution can be found in the achievement of greater buying power, negotiating ability and financing. However, once agreements have been reached, the problem of how to distribute information quickly and in a secure fashion regarding the new association, comes into play: new terms of purchasing, benefits, promotional campaigns etc.

When the applications are installed on a web-identity protected Web Server, selective access will be guaranteed (linked to parameters and restrictions relative to every single user) only to those equipped with a properly initialized web-identity key programmed with the features of the various users of the system. Thus, only those who possess a properly initialized web-identity device can access confidential information resident on the Web-Server (in the form of Databases, HTML Pages, etc.)

It could be that an association or a chain of resellers could access, through web-identity, available material on a web-identity protected web-server: updated price lists, availability of goods, marketing material, brochures, campaigns. From a Management and operational point of view, web-identity makes it easy to customize parameters tailored to each individual user of the protected internet service: this way customized access can be handled on the basis of the user profile, such as restrictions on specific areas of the web site containing different price lists.

A further use could be that of handling secure communications at a high level, for example with the top-management of the different associations, letting them access managerial and administrative information: targets reached, turnover, forecasts, company policies and/or marketing activities etc.

The transparency and the portability of web-identity will allow the different users to benefit from the service both from home or from the office or even while vacationing by using a portable computer and a PCMCIA modem. All with a view to increasing customer fidelity.

Stock exchanges and financial services
web-identity is an excellent solution for the handling of simple and secure transactions in the financial world. The broker or manager of financial services is able to identify with certainty the user that is ordering the purchase or sale of stocks or shares and will thus automatically be sure of the reliability of the information. At the same time, the Client or the user is able to certify his credentials simply by using internet and plugging in his properly initialized web-identity device to any personal computer with an internet connection (which could be anywhere from the stock exchange to his home or the airport).

The reliability and the confidentiality of the information in transit over the net is guaranteed by powerful, bi-directional encryption algorithms (from server to client and vice versa – thanks to ActiveX and Plug-In components which allow transparent use of a web browser) based on a time-dependent private key algorithm.

Identification of the user is through a search on the user information held within the web-identity token which has 416 bytes of writeable memory protected with a double access code of 16 + 16 bytes. The special features of the hardware device make it impossible to clone. Among the parameters used for the generation of the PIN (which is fundamental for identification by the web-identity Web-Server) there is one which is tied to the hardware code of the ASIC chip on which it is based.

The fact that user identification is carried out not only by means of the device but also through a password check is an extra safeguard against theft or loss of the token itself.

web-identity offers thus a really secure solution, while maintaining its simplicity and transparency, for the handling of financial transactions and for the purchase and sale of stocks and bonds.

Franchising chains
Franchising chains are gaining ground thanks to the importance of the sales and marketing efforts that they are able to generate. At the same time they have the problem of how to distribute information in a timely manner regarding the organization of the infrastructure: purchase conditions, benefits, promotional campaigns etc.

Problems of this kind can be solved using tools and applications which are more expensive, less flexible and more complicated than Internet solutions but, at the same time, they offer greater security. Using to the utmost the potential of web-identity, tools can be built for the protected exchange of information between agents and company Web-Servers using internet. All the organization has to do is to build Web-based applications which satisfy its needs and solves the problems in question. When the applications are installed on a web-identity protected Web Server, selective access will be guaranteed (linked to parameters and restrictions relative to every single user) only to those equipped with a properly initialized web-identity key programmed with the features of the various users of the system. Thus, only those who possess a properly initialized web-identity device can access confidential information resident on the Web-Server (in the form of Databases, HTML Pages, etc.)

So it could be that a chain of resellers could access, through web-identity, material available on a web-identity protected web-server: updated price lists, product availability, marketing material, brochures and special promotional campaigns. From a management and operational point of view web-identity makes it easy to customize parameters tailored to each individual user of the protected internet service: this way customized access can be handled on the basis of the user profile, such as restrictions on specific areas of the web site containing different price lists.

A further use could be that of handling secure communications at a high level, for example with the top-management of the different franchisees, letting them access managerial and administrative information: targets reached, turnover, forecasts, company policies and/or marketing activities etc.