As a growing number of internal and external exchanges (with customers or partners) are computerized, securing electronic transactions and information systems more broadly is a key issue for organizations.
Electronic certificates allow applications to integrate security services such as user authentication, non-repudiation of transactions and the confidentiality of data exchanges and transactions. Bull – a leading European player on IT security – offers comprehensive solutions for creating electronic certificates and manage their lifecycle.
Beyond the management of digital certificates, Bull also offers a wide range of security solutions to meet the needs of applications to include electronic signatureand/or time-stamping functionality to created shared, comprehensive and sustainable trusted infrastructures. Bull supports organizations in implementing these infrastructures, from the initial definition of needs right through to their integration and hosting in our highly secure centers.
Recording, creation and management of secure electronic identities
Metapki from Bull is a complete solution for the creation and lifecycle management of digital certificates. The modularity of metapki – and the way in which it is sold – means it is a flexible and scalable solution, tailored to the needs of the business: management of various certificates types and profiles; management of the certification process; alignment with the company’s organization structure; management of certification authorities’ hierarchies… The solution provides registration and cancellation services for carriers and/or operators, certificate cancellation services, and key escrow and recovery services (for encryption keys).
Metapki is EAL 3+ Common Criteria Certified and is also RGS basic level certified.
Atos supports its customers in implementing PKI infrastructures. On request, Atos can also host the metapki solution at one of its highly secure outsourcing centers.
Creating and verifying secure transactions
Electronic data interchange involves electronically signing documents and verifying the signatures on those documents. Bull offers metasign, an advance and comprehensive solution for generating and verifying electronic signatures in standardized CAdES, XAdES and PAdES formats. Electronic signatures help ensure the integrity of transactions and documents, and identify the signatories.
Metasign can be integrated into any type of business application, because it is available in several forms including as a Java programming interface or applet that can be included in Web applications, as an e-signature server offering Web services.
Metasign is EAL 3+ Common Criteria Certified and RGS basic level qualification.
A reliable time-stamping solution for transactions and archives
Organizations moving to digital exchanges – whether for internal communications or for relationships with partners or customers – may need to demonstrate that certain transactions or actions occurred before a given date and time, especially (but not exclusively) when it comes to electronic signatures.
The use of a time-stamp token (TST), which includes a trusted date and time associated with the document, provides an element of proof. Atos – a leading European player on IT security – offers metatime, a reliable time-stamping service for generating TSTs.
Metatime supports one or more time-stamping units (TSUs), administered by a single time-stamping authority (TSA) and each supporting one time-stamping policy. Metatime uses the time-stamp protocol (TSP) defined in RFC-3161 to deliver the TSTs. Metatime is managed via a Web administration interface, so it can be accessed from any web browser. As well as technical integration, Bull can provide consultancy services to define one or more time-stamping policies, depending to the needs of the organization.
Centralizing the validation of public key certificates
Public Key certificates allow applications to integrate security services such as user authentication, non-repudiation of transactions, and confidentiality of data exchanges.
The validity of these certificates needs to be verified at the time of their use, for non-repudiation and data confidentiality. To answer this need, Atos provides vericert, a complete solution based on customized validation to validate electronic certificates.
To ensure good security, a certificate must be validated before it is used by an application.
In open organizations, validating a certificate can become very complex and sensitive when more and more chains of trust, certification authorities, types of use and security levels are involved.
Atos offers vericert, a complete solution for validating digital certificates, which enables a certificate verification policy to be applied to all applications within the information system. The solution can be administered via a central Web administration interface.
In France, vericert has achieved ANSSI CSPN (first level security certification).