In Safelayer we believe that it is essential to work for the development, diffusion and expansion of new technologies and open standards. In consequence, from our beginnings, we take part actively in multiple initiatives of work groups both national and international, playing this way an active role in the development and the diffusion of the knowledge in this type of technologies.
Clearly defining the company's culture and value system, every year Safelayer invests a high percentage of total revenues into research, development and innovation (RDI), an area that accounts for 60% of our resources. Our success has been based on RDI and our ability to develop new products and technology lines; new solutions that place us at the forefront of technology.
The most relevant projects where Safelayer participates or has participated are:
DAVID - Distributed cloud-based service Architecture for managing billions of deViceIDs (DAVID)
PKI technology continues to be, from a practical point of view, the most robust and secure technology for developing basic security services for authentication, integrity, confidentiality and non-repudiation. Over the years, this technology has had its highs and lows with regards to its popularity and mass usability. Currently, it's on another high owing mainly to the Internet of Things (IoT) or, more broadly, the Internet of Everything (IoE) and the Internet of Things (devices/machines), Services and People (IoTSP). The "Everything" entails the handling and protecting of not tens, but hundreds or thousands of millions of entities on the Internet.
The Internet has revolutionized how we tackle and meet the challenges of the emerging new society, which is subject to a continual digital transformation. This revolution clearly also affects cybersecurity in general and technologies like PKI in particular. Today it's unimaginable to look for solutions using traditional parameters. We must we consider everything in the new terms of globalization, massive scalability, automation and virtualization. Traditional PKI solutions do not take into account these parameters and are thus condemned to remain in specific niches. They cannot provide an overall solution.
The recent and successful initiative Let’s Encrypt provides an example of an overall PKI solution that is heading in the right direction. Automated and free, it covers the particular case of securing Web services based on the domain name served. However, this initiative overlooks many important cases: the Internet of Things, the Internet of People and all the other service cases not identified via a domain name.
The project put forward here, codenamed "DAVID", aims to definitively popularize and democratize PKI technology based on digital certificates so that this technology is never again seen as an obstacle to the deployment of highly secure and trusted information services. To achieve this, using and applying the new virtualization and Cloud technologies is fundamental.
This project is funded by the Spanish Ministry of Tourism, Energy and the Digital Agenda as part of the Acción Estratégica Economía y Sociedad Digital (AEESD) [Digital Society and Economic Strategic Action] program 2016-2017 (ref. no: TSI-100200-2016-26).
“Plataforma CASeD” Project - Safelayer Continuous Authentication and Security Deployment Platform
This project combines two ideas in one proposal: 1) continuous authentication, i.e., methods that continually capture unique physical and behavioral aspects of a user that can be used to corroborate the user's identity and 2) continuous security, i.e., methods that continually deploy security configurations and software.
Continuous authentication. Current authentication systems are intrusive and require unnatural technical interactions from users. Although environment conditions can change over the course of the user's session (e.g., the session may be taken over by another user), the initial and only authentication is considered valid throughout the session. This proposal entails developing both methods that are more straightforward for the user and also the capture and analysis of the authentication context and user biometrics in different devices for corroborating the identity of users continuously and non-intrusively.
Continuous deployment. Deploying and managing security configurations is highly complex, even more so in Cloud and mobile scenarios. In these times of cyber threats, the best solution is one that ensures a quick, collaborative and continued response to whatever is on its way, even when it is still unknown. We propose new methods based on Cloud technologies for scalably and continuously managing complex security configurations and software that also allow minimizing response time and resolving new security problems in the system.
The aim is to create a new authentication technology platform that incorporates new methods based on capturing and analyzing context data and user biometrics in any device. We want to use Cloud technologies to automate the delivery, deployment, configuration, monitoring and management of the collaborative resolution of security incidents, of the authentication functionality in particular, and of security in general.
Our proposal entails creating an active solution that increases the security in general of the participants (users and applications) while also providing administration usability and ease-of-use through the automating of the solution itself, which has the direct repercussion of greater security. A further aim, via the use of Cloud technologies, is to achieve a very scalable solution that fosters collaboration and the secure and reliable reusing of resources by the participants.
This project is funded by the Spanish Ministry of Industry, Energy and Tourism as part of the Acción Estratégica Economía y Sociedad Digital (AEESD) [Digital Society and Economic Strategic Action] program 2013-2014 (reference number TSI-100201-2013-033).
PATFI - Privacy-aware Accountability for a Trustworthy Future Internet
The PATFI project is focused on the incorporation of privacy and accountability—as essential characteristics to achieving an Internet of trust—in ICT systems with a view to meeting the needs of the Future Internet. The end goal is to balance system security and user protection with user freedoms.
The identity of individuals is sensitive information that is protected by specific laws both in Spain and the European Union and in other countries. Even where personal data is used as part of an authentication or authorization process, special care must be taken not to compromise its confidentiality.
However, service providers that require a high level of security usually ask users to provide information that identifies them in detail before providing them with access to applications. This is an obvious requirement as it must be possible to monitor the use of certain, more or less critical, resources and services so improper behavior or unlawful actions do not go unpunished. In this sense, the concept of accountability enshrines exactly the idea of the duty to accept responsibility for one's own actions and the impossibility of repudiating them.
The PATFI project aims to meet the new challenges posed in continuing to offer security and trust services without infringing upon the rights of users, which is even more relevant given the boom in ubiquitous technologies.
The project is funded by the Spanish Ministry of Industry, Tourism and Trade, within the National Plan for Scientific Research, Development and Technological Innovation 2008-2011 (ref. TSI-020100-2011-165) and is being undertaken in collaboration with the Group of Analysis, Security and Systems of the Complutense University of Madrid.
TaaS - Trust as a Service: Trust Services in and for the Cloud
The aim of the TaaS project is to research the needs of cloud computing services, platforms and infrastructures—which will play a major role in the Future Internet—to provide solutions and adapt security, trust and privacy models and services to the cloud's dynamic and very flexible characteristics. Of the wide range of security services, protections and mechanisms required for implementing trust in cloud systems, the main one is identity and access management (IAM), from which security services such as the provision of identity, authentication, authorization, auditing, key management, electronic signing, data encryption and personal data management are derived.
The first phase of the project consists of identifying the requirements for trust and identity management in the cloud and defining the standards for the new generation of mobile networks. The study is undertaken from two different perspectives: the trust and electronic identification services in the cloud, as an alternative means to the infrastructure itself for accessing the services (TaaS), and the services for the cloud, which will protect the rest of the *aaS (anything as a Services). The result will be a theoretical and practical proposal of solutions specifically designed for this scenario in which interoperability and scalability must take precedence with the aim of protecting assets, business focus and, ultimately, the reputation of the companies that migrate to the cloud.
The project is funded by the Spanish Ministry of Industry, Tourism and Trade, within the National Plan for Scientific Research, Development and Technological Innovation 2008-2011 (ref. TSI-020100-2010-482) and is being undertaken in collaboration with the Group of Analysis, Security and Systems of the Complutense University of Madrid.
SEGUR@ - Security and Trust in the Information Society
The Segur@ project has been selected by the Spanish Centre for the Development of Industrial Technology's CENIT programme (ref. CENIT-2007-2004). Fifteen universities and research centres and twelve companies have taken part in the project. Its aim is to define and develop a framework of trust and security for ICT use in the information society by studying and extending the concepts of "trusted networks" and "robust digital identity", among other activities. Safelayer will contribute by defining ontological models for the different security mechanisms (authentication, authorization, integrity, confidentiality and non-repudiation, centring its research on the new generation of digital signatures) which will describe the security and trust environment, and contribute to the integration and interoperability of different technologies.
SAT2 - Semantic & Ambient Trust Technologies
The goal of the SAT2 project is to incorporate security and trust services in ad hoc networks that adapt better to the requirements of users while being more specific and simpler to use. During the project, we have studied Semantic Web and Ambient Intelligence aspects that apply to authentication and electronic signature, and we have improved autoconfiguration, collaboration and privacy aspects of ad hoc networks. Co-funded by Spanish Ministry of Industry, Tourism and Trade (refs. FIT-360000-2007-48, TSI-020100-2008-365 and TSI-020100-2009-374).
SEGURIDAD 2020 is an industrial research project that involves 14 relevant companies from the security area and emblematic users of the ITC in Spain. The main purpose of the project is to take a global view of the definition and securing of digital territories in intelligent environments, while taking into account various technological, interoperability, standardisation, social and legislative aspects. Co-funded by Spanish Ministry of Industry (ref. FIT-360503-2006-3).
Onom@topic+ (European Smart Card Platform for Citizenship and Mobile Multimedia Applications) is a European project where 27 organizations from 11 countries have the strategic goal of developing a complete hardware and software framework to allow the European Union to massively deploy new services addressed to the Citizenship and Mobile Multimedia Applications. Co-funded by Spanish Ministry of Industry (ref. FIT-360005-2007-15).
CertiVeR (Certificate Validation and Revocation) project arises from the present experience of the European Certification authorities, which based on the IEFT standard OCSP (On-line Status Certification Protocol), has the objective of offering a whole set of digital certificate revocation related services, including the OCSP publication as an outsource to any interested CA.
The aim of eEPoch (eEurope smart card charter Proof of Concept and Holistic solution) is to demonstrate interoperable and secure smart card based digital identification systems, which provide the levels of trust and confidence necessary for citizens to interact digitally with their national and municipal administrations and other European institutions. It will enable cross border electronic signature for legal purposes, offer reliable identification based on data in government databases, as well as ensure secure authentication of cardholder and device on the basis of PIN, biometrics and PKI mutual authentication. The project will establish an action research partnership between a set of national public service EID projects with trial sites in the following countries: France, Ireland, Israel, Italy Spain and United Kingdom.
Founded by EEMA (European Forum for Electronic Business) the PKI Challenge project, has the aim of defining and agreeing interoperability criteria against which PKI products should be tested, in order to build an integrated and heterogeneous PKI technology. The most important PKI vendors, CSP (Certificate Service Providers), consultants, users as well as academic institutions are all involved in the project.
The PERMIS project (PrivilEge and Role Management Infrastructure Standards validation) has the challenge of defining the standards to solve the issues of certification attributes. In this way it will be possible to simplify the authentication and authorisation mechanism, necessary for electronic transactions between the Public Sector and their citizens as well as enterprises and its customers, also known as: G2C, G2B and B2B.
Under the cooperation programs from the EC, Safelayer has collaborated with other European countries on the e-STIO project whose objective is to specify and develop a set of tools to perform the required interoperability tests of the "electronic signature" related products and services in Europe.