SlideShare uma empresa Scribd logo
1 de 16
DigiFLAK
2013
FLAK Technologies
DIGIFLAK PROJECT
DigiFLAK
2013
CONTENTS
DIGIFLAK PROJECT
1. SeOS – SecuritOS
2. FLiC – FLAK Licensee
3. LogME
4. FLAKmobile
5. FLAKstream
6. FLAKnet
…build total digital safety zone
…care for your values
…login with NO passwords
…be protected everywhere
…prevent viruses and malware
…connect to each other
HOW TO…
SeOS. Main Technology Principles
DigiFLAK
2013
SeOS (SecuritOS)
SeOS is an embedded Operating System for FLAK devices which performs high-speed
cryptographic calculations on big data arrays running within the FLAK Secure Core
 Decryption and sign check of applications before
every start
 Allocation of separate secured address space to
applications
 Provision of special API to high-speed
cryptographic accelerators to applications: DES,
3DES, AES, SHA1, SHA128, SHA256, MD5 and
others
 PCSC#11 standard support
 Multilevel key management system – key ladder
with all level keys protection from illegal access
 Asymmetric algorithms ECC and RSA support
 High-speed data filtering according to various
criteria
 License management technology (FLiC) support
 SeOS API functions support for multi application
environment
Main Functions
DIGIFLAK PROJECT
Apps
SeOS
API
API
Linux
Main Core
Secure Core
SeOS
FLiC. Main Technology Principles
DigiFLAK
2013
* Secuter (Eng. Security Computer ) – a dedicated device, minicomputer with secure cores inside
FLiC (FLAK Licensee Control)
DigiFlak proprietary flexible and high-capacity mechanism for processing and
management of license rights to any digital data such as video, audio, software,
eBooks, etc.
License processing takes place in isolated and secured
environment which guarantees no illegal access to the keys
and prevents license rights interference. With FLiC
technology it is possible to re-encrypt data in real time
which means that
technology supports
DRM (CAS)  DTCP-IP
and DRM (CAS)  HDCP
bridges.
Smart, fast and secured
DIGIFLAK PROJECT
Easy to trust and integrate
FLiC is fully consistent with the FLAK basic concept on
simple and convenient usage of information security
technologies. FLiC can both be used as a standalone
DRM-solution (with its own software for the server
side), and provide
a "safe" framework for
third-party CAS and DRM
solutions. DRM and CAS
support
With FLic it is
possible to make easy
integration to with all
well-known DRM and
CAS solutions
extending its their
security
Based on the
FLAK platform the FLiC
technology provides a
totally safe license
management and
mechanism to control
access to all digital entities
Unique content
security
FLAK secuter processes DRM-protected content and
encrypts output data either according to DTCP-IP
specification or to HDMI standard. In the first instance
the output content can be played by a PC (a built-in
player with DTCP-IP support) or transmitted to
connected home devices such as TVs or tablets. The
second case can be applied to the FLAK devices with
HDMI interface which guarantees maximum level of
protection to exclusive content. All content goes from
the secuter to HDMI and can be received by any device
with an HDMI support.
How it works
DigiFLAK
2013
DRM (CAS) -> DTCP-IP or HDCP
BRIDGE
HIGHEST LEVEL OF PROTECTION FOR VALUABLE
CONTENT WITH A “CONTENT PROVIDER – USER
SCREEN” SCHEME!!!
DIGIFLAK PROJECT
Isolated trusted environmentTablet
Content provider
DRM protected
content
HDCP iDTV with HDMI
PC with a DTCP player
DTCP-IP encryption
In most cases a license for commercial software looks
like a file with different parameters used: permissions
/ restrictions of operations, license duration, number
of users, etc. The license file which is unique to each
copy of software is stored within a protected memory
of FLAK secuter and can never be extracted outside. All
transactions with licenses
(installation, control, update, review) are executed in
an isolated environment of the secuter with either a
FLiC software module or software developers’
module.
!NB Developers can move part of the basic software
functionality into the secuter which is strongly
recommended !!!
How it works
DigiFLAK
2013
SOFTWARE PROTECTION
FORGET THE PROBLEM OF YOUR SW
ILLEGAL DISTRIBUTION OR USAGE!!!
Isolated trusted environment
Software running on PC
License server
SW License providing
PC-Secuter
protected session
License storage
DIGIFLAK PROJECT
LogME. Threats and Recommendations
 Use only “rules to
follow” passwords
 Limit number of wrong
password entries
 Don’t save passwords on PC
 Don’t login via keyboard
 Check source of WEB login
form
 Don’t store passwords
on WEB servers
 Use open/public keys
and certificates methods
for authentication
 Provide maximum
security to the email
account itself
Password lexical
algorithms’ match
Password theft from
user PC (imitation, key
loggers, browser cash
analyzers)
Password theft from
WEB service servers
All user accounts are
dependent on email
account security
DigiFLAK
2013
DIGIFLAK PROJECT
Are you really able to follow all these mazy rules???
 No less than 20 random symbols’ auto-password generated by hardware
facilities of the FLAK secuter;
 Password is unique for every user account;
 User doesn’t know the password;
 Password never comes out of the device
 secured internal core in unencrypted form;
 Could not be simpler and securer.
Password based and certificate based solutions are provided:
LogME. Main Technology Principles
DigiFLAK
2013
DigiFlak proprietary chrysalis intended for safe and easy
authentication procedure on remote WEB sites
DIGIFLAK PROJECT
(password based)
During initial registration on a remote WEB site the
secuter acquires an SSL certificate from the server.
Then it initiates its own SSL session with the WEB
browser (with a FLAK certificate), gets the login name
from the user and generates a random password
according to certain security rules. After that the
secuter gets login name from the browser, encrypts
both the login name and generated password and
sends it to the remote WEB site. Simultaneously, the
server certificate, login name and generated key are
stored in a secure file system of the secuter.
Initial registration
Login procedure
1. SSL certificate
acquisition
2. Login
request
3. Login
dispatch
6. Encrypted login name
and password sending
4. Password generation
5. Certificate and login/password
pair safekeeping
SSL server
SSL client
SSL client
SSL server
DigiFLAK
2013
At the next login the secuter authenticates the server
with the stored certificate and if it is a success both the
login name and password are sent to the server in SSL
session. The user communicates with the site via the
secuter certificate which is a guarantor of safe
c o n n e c t i o n .
Positive
Advantages
Following proven technology principles like secure login/password storage and easy
registration/login procedures this approach allows implementation with no
expenses on the server side since all sites now support password authentication.
NO SERVER MODIFICATION REQUIRED!!!
DIGIFLAK PROJECT
(certificate based)
The approach is based on mutual SSL authentication with
a client-authenticated TLS handshake. The client
certificate authenticates the user and instead of a
password, a private key is stored in the secuter. In this
case there are only public keys on the server side and
their theft will not work to potential attackers.
DigiFLAK
2013
This approach solves security problems with the account
data stored on the server. It also doesn’t require upgrade
of the server and can be activated on the server side with a
s y s t e m s e t u p .
1. SSL certificate
acquisition
2. Login
request
3. Login
dispatch
5. SSL client certificate
sending
4. Certificate
generation and safekeeping
SSL server
SSL client
SSL client
SSL server
Authentication
Advantages
TOTAL SECURITY PROVIDED!!!
DIGIFLAK PROJECT
DigiFLAK
2013
FLAK server site
Home
Your backup FLAKYour FLAK
Everywhere
LogME. Useful features
Data sync
With Data Sync approach you can forget
about your fear to forget!
Afraid to forget your device?
in bar, taxi, friend’s home, old suit..
OR
Backup with FLAK servers will allow you
to enjoy mobile security as well!
Android or iOS LogME app
Your FLAK
DIGIFLAK PROJECT
FLAKstream. Main Principles
DigiFLAK
2013
FLAKstream
FLAK proprietary technology of high throughput real-time network traffic scanning
and analysis powered by Kaspersky SafeStream
HOW IT WORKS
DIGIFLAK PROJECT
FLAKstream technology allows for filtering incoming and
outgoing IP packets based on specified criteria and signature
analysis according to given ​​URL values. This technology
efficiently implements functions of streaming antivirus,
firewall, parental control, Data Leakage Prevention, etc. All
incoming and outgoing IP traffic to/from the host PC is
intercepted by the secuter, where all data is filtered and
scanned by the FLAK engine employing dedicated hardware
accelerators. After detecting a potential or real threat the
secuter blocks the infected object and warns the user of a
possible danger.
NO NEGATIVE INFLUENCE ON HOST PERFORMANCE.
TREATS, VIRUSES AND MALWARE ARE BLOCKED
BEFORE GETTING INTO PC.
FLAK Device
Internet
Untrusted Internet data
Verified internet to the user Redirect to FLAK
Firewall
Stream antivirus
Parental control
DLP
FREE WIFI
Business dinner
FLAK mobile
FLAKnet. Main Principles
DigiFLAK
2013
FLAKnet
With FLAKnet proprietary technology you can create secure virtual networks with no
specific knowledge or surplus cost
HOW IT WORKS
DIGIFLAK PROJECT
With FLAKnet technology the FLAK secuter users can integrate their
personal computers and mobile devices in a secure virtual network
without complicated settings and profound knowledge. It is just
enough to enter flak-ID of the device to be connected to the network
and get a mutual confirmation on the connection. A virtual network
can be based on any physical connections to Internet. The secuter will
automatically determine and configure all connection settings. To
compare flak-id and the current IP address of the device FLAKnet sync
server is used. After setting up a connection the secuter sends
information about its current IP address to the sync server and gets
back information about the IP address of the connected device.
Connections and network management are supported by open source
software, like openVPN.
CREATE A SECURE VIRTUAL NET?
FLAK MAKES IT EASY!!!
Company Headquarters
Secured Network
FLAK PRO
Business trip
FREE WIFI
FLAK Classic
FLAKmobile. Main Principles
DigiFLAK
2013
FLAKmobile
DigiFlak proprietary solution, applying FLAK platform and technologies like
FLiC, LogMe, FLAKstream, FLAKnet, etc. to mobile domain
Solution for USB OTG devices
DIGIFLAK PROJECT
The solution assumes FLAK mobile secuter connection to microUSB interfaces of mobile devices.
The Flak Mobile (as FLAK Classic (non mobile) does) supports USB 2.0 and NFC interfaces as well
as basic FLAK applications including Firewall and VPN. It doesn’t have external network interface
– the FLAK driver on Host intercepts all incoming and outgoing traffic and forwards it to the
secuter via a microUSB.
 SMALL DIMENTIONS 1x2cm
 LOW CONSUMPTION
 microUSB INTERFACE
microUSB
NFC
FLAK Mobile. Main Principles
DigiFLAK
2013
DIGIFLAK PROJECT
This solution consists of SeOS implementation for ARM TrustZone and
LogMe, FLiC, FLAKNet, FLAKstream technologies as applications for Android/IOS/Windows
OS. Thus, if a mobile device supports TrustZone, then SeOS is installed as a complementary
OS. The FLAK technologies are implemented as SW applications for the primary OS.
Solution for devices with ARM TrustZone or Intel TxT support
NO EXTERNAL DEVICE
USAGE OF WELL-RECOMMENDED TECHNOLOGIES
FLAK APPS IN ANDROID PLAY MARKET AND IOS APP STORE
Secure OS
Within this approach the FLAK secuter
is required for primary personalization
of the mobile device and sync or
backup of confidential information and
licenses. The same approach is
applicable for mobile devices with Intel
Trusted eXecution Technology (Intel
TxT) support
Thank you for your attention!
www.digiFLAK.com
DigiFLAK
2013
DIGIFLAK PROJECT

Mais conteúdo relacionado

Mais procurados

Flak general v2 5
Flak general v2 5Flak general v2 5
Flak general v2 5
digiflak
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT security
Julien Vermillard
 
Two factor authentication presentation mcit
Two factor authentication presentation mcitTwo factor authentication presentation mcit
Two factor authentication presentation mcit
mmubashirkhan
 
Axessor_Brochure_US_04-16
Axessor_Brochure_US_04-16Axessor_Brochure_US_04-16
Axessor_Brochure_US_04-16
Axel de Blok
 

Mais procurados (20)

Flak general v2 5
Flak general v2 5Flak general v2 5
Flak general v2 5
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture
 
Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor Authentication
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT security
 
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted SubjectsHow to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5   session 2 - st dev con 2016 - security iot best practicesTrack 5   session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practices
 
Two factor authentication presentation mcit
Two factor authentication presentation mcitTwo factor authentication presentation mcit
Two factor authentication presentation mcit
 
Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...
 
e-Xpert Gate / Reverse Proxy - WAF 1ere génération
e-Xpert Gate / Reverse Proxy - WAF 1ere génératione-Xpert Gate / Reverse Proxy - WAF 1ere génération
e-Xpert Gate / Reverse Proxy - WAF 1ere génération
 
RSA SecurID Access
RSA SecurID AccessRSA SecurID Access
RSA SecurID Access
 
Safenet Authentication Service, SAS
Safenet Authentication Service, SASSafenet Authentication Service, SAS
Safenet Authentication Service, SAS
 
Identify and mitigate high risk port vulnerabilities
Identify and mitigate high risk port vulnerabilitiesIdentify and mitigate high risk port vulnerabilities
Identify and mitigate high risk port vulnerabilities
 
Genian NAC Datasheet
Genian NAC Datasheet Genian NAC Datasheet
Genian NAC Datasheet
 
SkypeShield - Securing Skype for Business
SkypeShield - Securing Skype for BusinessSkypeShield - Securing Skype for Business
SkypeShield - Securing Skype for Business
 
What we learned from MISA Ontario 2020 Infosec
What we learned from MISA Ontario 2020 InfosecWhat we learned from MISA Ontario 2020 Infosec
What we learned from MISA Ontario 2020 Infosec
 
Genian NAC Overview
Genian NAC Overview Genian NAC Overview
Genian NAC Overview
 
Axessor_Brochure_US_04-16
Axessor_Brochure_US_04-16Axessor_Brochure_US_04-16
Axessor_Brochure_US_04-16
 
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
 
Check Point NGFW
Check Point NGFWCheck Point NGFW
Check Point NGFW
 
Remote Access Security
Remote Access SecurityRemote Access Security
Remote Access Security
 

Destaque

Презентация вчителя
Презентация вчителяПрезентация вчителя
Презентация вчителя
missisnazarenko2012
 

Destaque (20)

Fiber Reinforced Concrete (FRC)
Fiber Reinforced Concrete (FRC)Fiber Reinforced Concrete (FRC)
Fiber Reinforced Concrete (FRC)
 
my update resume
my update resumemy update resume
my update resume
 
Focus T25 Workout Results
Focus T25 Workout ResultsFocus T25 Workout Results
Focus T25 Workout Results
 
Universal login
Universal loginUniversal login
Universal login
 
Electrical ciircuit&mechine
Electrical ciircuit&mechineElectrical ciircuit&mechine
Electrical ciircuit&mechine
 
A Review on Wireless Sensor Network Protocol for Disaster Management
A Review on Wireless Sensor Network Protocol for Disaster ManagementA Review on Wireless Sensor Network Protocol for Disaster Management
A Review on Wireless Sensor Network Protocol for Disaster Management
 
my update resume
my update resumemy update resume
my update resume
 
Local area prediction based mobile target tracking in wireless sensor networks
Local area prediction based mobile target tracking in wireless sensor networksLocal area prediction based mobile target tracking in wireless sensor networks
Local area prediction based mobile target tracking in wireless sensor networks
 
Implementing OAuth
Implementing OAuthImplementing OAuth
Implementing OAuth
 
IEEE 802 standards
IEEE 802 standardsIEEE 802 standards
IEEE 802 standards
 
Universal Medicom Services
Universal Medicom ServicesUniversal Medicom Services
Universal Medicom Services
 
Gesture recognition adi
Gesture recognition adiGesture recognition adi
Gesture recognition adi
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for Beginners
 
Wireless sensor network system for inclination measurement using spirit level
Wireless sensor network system for inclination measurement using spirit levelWireless sensor network system for inclination measurement using spirit level
Wireless sensor network system for inclination measurement using spirit level
 
wireless network IEEE 802.11
 wireless network IEEE 802.11 wireless network IEEE 802.11
wireless network IEEE 802.11
 
Password Cracking
Password Cracking Password Cracking
Password Cracking
 
WIRELES NETWORK
WIRELES NETWORKWIRELES NETWORK
WIRELES NETWORK
 
IEEE 802.11
IEEE 802.11IEEE 802.11
IEEE 802.11
 
Презентация вчителя
Презентация вчителяПрезентация вчителя
Презентация вчителя
 
Wireless Sensor Networks
Wireless Sensor NetworksWireless Sensor Networks
Wireless Sensor Networks
 

Semelhante a Flak+technologies

Narrative of digital signature technology and moving forward
Narrative of digital signature technology and moving forwardNarrative of digital signature technology and moving forward
Narrative of digital signature technology and moving forward
Conference Papers
 

Semelhante a Flak+technologies (20)

Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016
 
SphereShield for Skype for Business - Compliance and Security
SphereShield for Skype for Business - Compliance and SecuritySphereShield for Skype for Business - Compliance and Security
SphereShield for Skype for Business - Compliance and Security
 
Security Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemSecurity Best Practices for Your Ignition System
Security Best Practices for Your Ignition System
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommuters
 
Secure containers for trustworthy cloud services: business opportunities
 Secure containers for trustworthy cloud services: business opportunities Secure containers for trustworthy cloud services: business opportunities
Secure containers for trustworthy cloud services: business opportunities
 
Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?
 
FlexNet Publisher Licensing Security
FlexNet Publisher Licensing SecurityFlexNet Publisher Licensing Security
FlexNet Publisher Licensing Security
 
IoT Security: Cases and Methods
IoT Security: Cases and MethodsIoT Security: Cases and Methods
IoT Security: Cases and Methods
 
Sangfor SSL VPN Datasheet
Sangfor SSL VPN DatasheetSangfor SSL VPN Datasheet
Sangfor SSL VPN Datasheet
 
SphereShield For Skype - Presentation
SphereShield For Skype - PresentationSphereShield For Skype - Presentation
SphereShield For Skype - Presentation
 
How Endpoint Security works ?
How Endpoint Security works ?How Endpoint Security works ?
How Endpoint Security works ?
 
Chapter 2 System Security.pptx
Chapter 2 System Security.pptxChapter 2 System Security.pptx
Chapter 2 System Security.pptx
 
[Codientu.org] design of a microcontroller based circuit for software protection
[Codientu.org] design of a microcontroller based circuit for software protection[Codientu.org] design of a microcontroller based circuit for software protection
[Codientu.org] design of a microcontroller based circuit for software protection
 
Information Security Whitepaper
Information Security WhitepaperInformation Security Whitepaper
Information Security Whitepaper
 
Securing Source Code on Endpoints
Securing Source Code on EndpointsSecuring Source Code on Endpoints
Securing Source Code on Endpoints
 
Information Security Lesson 6 - Web Security - Eric Vanderburg
Information Security Lesson 6 - Web Security - Eric VanderburgInformation Security Lesson 6 - Web Security - Eric Vanderburg
Information Security Lesson 6 - Web Security - Eric Vanderburg
 
10 server security hacks to secure your web servers
10 server security hacks to secure your web servers10 server security hacks to secure your web servers
10 server security hacks to secure your web servers
 
Code Signing Certificate
Code Signing CertificateCode Signing Certificate
Code Signing Certificate
 
Narrative of digital signature technology and moving forward
Narrative of digital signature technology and moving forwardNarrative of digital signature technology and moving forward
Narrative of digital signature technology and moving forward
 
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CDPKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
 

Último

CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online  ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online  ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
anilsa9823
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Health
 

Último (20)

Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online  ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online  ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 

Flak+technologies

  • 2. DigiFLAK 2013 CONTENTS DIGIFLAK PROJECT 1. SeOS – SecuritOS 2. FLiC – FLAK Licensee 3. LogME 4. FLAKmobile 5. FLAKstream 6. FLAKnet …build total digital safety zone …care for your values …login with NO passwords …be protected everywhere …prevent viruses and malware …connect to each other HOW TO…
  • 3. SeOS. Main Technology Principles DigiFLAK 2013 SeOS (SecuritOS) SeOS is an embedded Operating System for FLAK devices which performs high-speed cryptographic calculations on big data arrays running within the FLAK Secure Core  Decryption and sign check of applications before every start  Allocation of separate secured address space to applications  Provision of special API to high-speed cryptographic accelerators to applications: DES, 3DES, AES, SHA1, SHA128, SHA256, MD5 and others  PCSC#11 standard support  Multilevel key management system – key ladder with all level keys protection from illegal access  Asymmetric algorithms ECC and RSA support  High-speed data filtering according to various criteria  License management technology (FLiC) support  SeOS API functions support for multi application environment Main Functions DIGIFLAK PROJECT Apps SeOS API API Linux Main Core Secure Core SeOS
  • 4. FLiC. Main Technology Principles DigiFLAK 2013 * Secuter (Eng. Security Computer ) – a dedicated device, minicomputer with secure cores inside FLiC (FLAK Licensee Control) DigiFlak proprietary flexible and high-capacity mechanism for processing and management of license rights to any digital data such as video, audio, software, eBooks, etc. License processing takes place in isolated and secured environment which guarantees no illegal access to the keys and prevents license rights interference. With FLiC technology it is possible to re-encrypt data in real time which means that technology supports DRM (CAS)  DTCP-IP and DRM (CAS)  HDCP bridges. Smart, fast and secured DIGIFLAK PROJECT Easy to trust and integrate FLiC is fully consistent with the FLAK basic concept on simple and convenient usage of information security technologies. FLiC can both be used as a standalone DRM-solution (with its own software for the server side), and provide a "safe" framework for third-party CAS and DRM solutions. DRM and CAS support With FLic it is possible to make easy integration to with all well-known DRM and CAS solutions extending its their security Based on the FLAK platform the FLiC technology provides a totally safe license management and mechanism to control access to all digital entities Unique content security
  • 5. FLAK secuter processes DRM-protected content and encrypts output data either according to DTCP-IP specification or to HDMI standard. In the first instance the output content can be played by a PC (a built-in player with DTCP-IP support) or transmitted to connected home devices such as TVs or tablets. The second case can be applied to the FLAK devices with HDMI interface which guarantees maximum level of protection to exclusive content. All content goes from the secuter to HDMI and can be received by any device with an HDMI support. How it works DigiFLAK 2013 DRM (CAS) -> DTCP-IP or HDCP BRIDGE HIGHEST LEVEL OF PROTECTION FOR VALUABLE CONTENT WITH A “CONTENT PROVIDER – USER SCREEN” SCHEME!!! DIGIFLAK PROJECT Isolated trusted environmentTablet Content provider DRM protected content HDCP iDTV with HDMI PC with a DTCP player DTCP-IP encryption
  • 6. In most cases a license for commercial software looks like a file with different parameters used: permissions / restrictions of operations, license duration, number of users, etc. The license file which is unique to each copy of software is stored within a protected memory of FLAK secuter and can never be extracted outside. All transactions with licenses (installation, control, update, review) are executed in an isolated environment of the secuter with either a FLiC software module or software developers’ module. !NB Developers can move part of the basic software functionality into the secuter which is strongly recommended !!! How it works DigiFLAK 2013 SOFTWARE PROTECTION FORGET THE PROBLEM OF YOUR SW ILLEGAL DISTRIBUTION OR USAGE!!! Isolated trusted environment Software running on PC License server SW License providing PC-Secuter protected session License storage DIGIFLAK PROJECT
  • 7. LogME. Threats and Recommendations  Use only “rules to follow” passwords  Limit number of wrong password entries  Don’t save passwords on PC  Don’t login via keyboard  Check source of WEB login form  Don’t store passwords on WEB servers  Use open/public keys and certificates methods for authentication  Provide maximum security to the email account itself Password lexical algorithms’ match Password theft from user PC (imitation, key loggers, browser cash analyzers) Password theft from WEB service servers All user accounts are dependent on email account security DigiFLAK 2013 DIGIFLAK PROJECT Are you really able to follow all these mazy rules???
  • 8.  No less than 20 random symbols’ auto-password generated by hardware facilities of the FLAK secuter;  Password is unique for every user account;  User doesn’t know the password;  Password never comes out of the device  secured internal core in unencrypted form;  Could not be simpler and securer. Password based and certificate based solutions are provided: LogME. Main Technology Principles DigiFLAK 2013 DigiFlak proprietary chrysalis intended for safe and easy authentication procedure on remote WEB sites DIGIFLAK PROJECT
  • 9. (password based) During initial registration on a remote WEB site the secuter acquires an SSL certificate from the server. Then it initiates its own SSL session with the WEB browser (with a FLAK certificate), gets the login name from the user and generates a random password according to certain security rules. After that the secuter gets login name from the browser, encrypts both the login name and generated password and sends it to the remote WEB site. Simultaneously, the server certificate, login name and generated key are stored in a secure file system of the secuter. Initial registration Login procedure 1. SSL certificate acquisition 2. Login request 3. Login dispatch 6. Encrypted login name and password sending 4. Password generation 5. Certificate and login/password pair safekeeping SSL server SSL client SSL client SSL server DigiFLAK 2013 At the next login the secuter authenticates the server with the stored certificate and if it is a success both the login name and password are sent to the server in SSL session. The user communicates with the site via the secuter certificate which is a guarantor of safe c o n n e c t i o n . Positive Advantages Following proven technology principles like secure login/password storage and easy registration/login procedures this approach allows implementation with no expenses on the server side since all sites now support password authentication. NO SERVER MODIFICATION REQUIRED!!! DIGIFLAK PROJECT
  • 10. (certificate based) The approach is based on mutual SSL authentication with a client-authenticated TLS handshake. The client certificate authenticates the user and instead of a password, a private key is stored in the secuter. In this case there are only public keys on the server side and their theft will not work to potential attackers. DigiFLAK 2013 This approach solves security problems with the account data stored on the server. It also doesn’t require upgrade of the server and can be activated on the server side with a s y s t e m s e t u p . 1. SSL certificate acquisition 2. Login request 3. Login dispatch 5. SSL client certificate sending 4. Certificate generation and safekeeping SSL server SSL client SSL client SSL server Authentication Advantages TOTAL SECURITY PROVIDED!!! DIGIFLAK PROJECT
  • 11. DigiFLAK 2013 FLAK server site Home Your backup FLAKYour FLAK Everywhere LogME. Useful features Data sync With Data Sync approach you can forget about your fear to forget! Afraid to forget your device? in bar, taxi, friend’s home, old suit.. OR Backup with FLAK servers will allow you to enjoy mobile security as well! Android or iOS LogME app Your FLAK DIGIFLAK PROJECT
  • 12. FLAKstream. Main Principles DigiFLAK 2013 FLAKstream FLAK proprietary technology of high throughput real-time network traffic scanning and analysis powered by Kaspersky SafeStream HOW IT WORKS DIGIFLAK PROJECT FLAKstream technology allows for filtering incoming and outgoing IP packets based on specified criteria and signature analysis according to given ​​URL values. This technology efficiently implements functions of streaming antivirus, firewall, parental control, Data Leakage Prevention, etc. All incoming and outgoing IP traffic to/from the host PC is intercepted by the secuter, where all data is filtered and scanned by the FLAK engine employing dedicated hardware accelerators. After detecting a potential or real threat the secuter blocks the infected object and warns the user of a possible danger. NO NEGATIVE INFLUENCE ON HOST PERFORMANCE. TREATS, VIRUSES AND MALWARE ARE BLOCKED BEFORE GETTING INTO PC. FLAK Device Internet Untrusted Internet data Verified internet to the user Redirect to FLAK Firewall Stream antivirus Parental control DLP
  • 13. FREE WIFI Business dinner FLAK mobile FLAKnet. Main Principles DigiFLAK 2013 FLAKnet With FLAKnet proprietary technology you can create secure virtual networks with no specific knowledge or surplus cost HOW IT WORKS DIGIFLAK PROJECT With FLAKnet technology the FLAK secuter users can integrate their personal computers and mobile devices in a secure virtual network without complicated settings and profound knowledge. It is just enough to enter flak-ID of the device to be connected to the network and get a mutual confirmation on the connection. A virtual network can be based on any physical connections to Internet. The secuter will automatically determine and configure all connection settings. To compare flak-id and the current IP address of the device FLAKnet sync server is used. After setting up a connection the secuter sends information about its current IP address to the sync server and gets back information about the IP address of the connected device. Connections and network management are supported by open source software, like openVPN. CREATE A SECURE VIRTUAL NET? FLAK MAKES IT EASY!!! Company Headquarters Secured Network FLAK PRO Business trip FREE WIFI FLAK Classic
  • 14. FLAKmobile. Main Principles DigiFLAK 2013 FLAKmobile DigiFlak proprietary solution, applying FLAK platform and technologies like FLiC, LogMe, FLAKstream, FLAKnet, etc. to mobile domain Solution for USB OTG devices DIGIFLAK PROJECT The solution assumes FLAK mobile secuter connection to microUSB interfaces of mobile devices. The Flak Mobile (as FLAK Classic (non mobile) does) supports USB 2.0 and NFC interfaces as well as basic FLAK applications including Firewall and VPN. It doesn’t have external network interface – the FLAK driver on Host intercepts all incoming and outgoing traffic and forwards it to the secuter via a microUSB.  SMALL DIMENTIONS 1x2cm  LOW CONSUMPTION  microUSB INTERFACE microUSB NFC
  • 15. FLAK Mobile. Main Principles DigiFLAK 2013 DIGIFLAK PROJECT This solution consists of SeOS implementation for ARM TrustZone and LogMe, FLiC, FLAKNet, FLAKstream technologies as applications for Android/IOS/Windows OS. Thus, if a mobile device supports TrustZone, then SeOS is installed as a complementary OS. The FLAK technologies are implemented as SW applications for the primary OS. Solution for devices with ARM TrustZone or Intel TxT support NO EXTERNAL DEVICE USAGE OF WELL-RECOMMENDED TECHNOLOGIES FLAK APPS IN ANDROID PLAY MARKET AND IOS APP STORE Secure OS Within this approach the FLAK secuter is required for primary personalization of the mobile device and sync or backup of confidential information and licenses. The same approach is applicable for mobile devices with Intel Trusted eXecution Technology (Intel TxT) support
  • 16. Thank you for your attention! www.digiFLAK.com DigiFLAK 2013 DIGIFLAK PROJECT