Airbus Defence and Space acquired KeyOne PKI Platform from Safelayer to secure European Space Agency’s (ESA) collaborative platform serving the International Space Station (ISS)
Airbus Defence and Space is a division of Airbus Group formed by combining the business activities of Cassidian, Astrium and Airbus Military. In order to assure secure access to a collaborative platform of the International Space Station (ISS), Airbus Defence and Space is using PKI solutions from Safelayer.
The laboratory on board the ESA Columbus Module of the ISS offers extensive scientific research capabilities. Earth-based researchers, together with the station crew, conduct thousands of experiments. The interaction between National Space Agencies’ researchers of countries involved in the ISS program implies sharing highly sensitive information that needs to be protected. For this purpose, PKI technology was the obvious solution to implement digital signature in specific business processes.
Safelayer’s KeyOne PKI was selected by Airbus Defence and Space after a thorough survey and evaluation of available PKI products in the market. A key evaluation criterion was the ability to support Airbus DS’s requirements for the PKI registration workflow. In particular, it was important to find a solution with a user friendly enrollment process where end-users could request and install certificates in just a few easy steps. The solution also had to support multiple end user client platforms (Windows, Mac, Linux and mobile devices).
During the evaluation phase, the Common Criteria EAL4+ certified product Safelayer’s KeyOne was identified as one of the most complete and robust PKI platforms on the market.It was selected by Airbus Defence and Space due its flexible workflow engine that allowed the company to tailor the registration process according to their needs, and easily integrate with existing user databases and other infrastructure components such as Thales nShield high assurance hardware security modules (HSMs). Use of HSMs is a well-accepted best practice to provide strong protection for private keys for critical components of the PKI hierarchy, providing a strong root of trust for the entire certificate issuance system. Several certificate registration processes were designed to issue digital certificates for both staff and devices (mainly SSL server certificates). Safelayer Secure Communications also provided its expertise to customize it. End-users request and install certificates via a cross-platform PKI Certificate Tool. This tool was developed to support Airbus Defence and Space requirements for user friendliness and customized registration process. Integrating the tool with KeyOne was easy and could be done using existing out-of-the box KeyOne functionality and open interfaces.
According to Mr. Heinz-Martin Behrmann, PKI Project leader at Airbus Defence and Space, “Safelayer technology is extremely flexible, and, in consequence, the whole project was able to be implemented in less than 3 months early 2014”. Moreover he also adds that, “another valuable feature of the implemented PKI system is its user-friendly digital certificate enrolment: After a training-on-the-job of 5 days, PKI experts of Airbus Defence and Space in Germany were able to operate Safelayer’s KeyOne in our premises in total autonomy”.
In the opinion of Mr. David Mateos, Safelayer's PKI Product Manager, “After more than 15 year of experience in implementing PKI systems in corporate projects that provide a comprehensive solution for critical eID infrastructures, we achieved one of the most proven, complete and strong solution on the market”. Furthermore, “the solution is also prepared for managing digital ID in mobile devices and it is aimed to be used in Web pages and by native applications”, adds Mateos. The next challenge for Airbus Defence and Space team will be to secure accesses and implement Trust Services on mobile devices.
Founded in 1999, Safelayer Secure Communications S.A. is a leading provider of security software for Public Key Infrastructure (PKI), Multi-Factor Authentication (Identity Federation, Adaptive Authentication and Mobile ID), Electronic Signature, Data Encryption and for the protection of Electronic Transactions. Safelayer’s eID technologies protect, serve and make use of digital identity of people (corporate users or citizens), connected objects (software systems or hardware devices) and promote the adoption of trust services on the Internet and mobile communications.
Safelayer relies on its partners with advanced competencies in cybersecurity to deliver high-end security solutions for vertical markets such as digital banking, telco, energy, e-commerce and e-government.