March 01, 2006
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Comprehensive e-commerce supporting capabilities.
- Weaknesses: Implementation will not be a trivial matter in many cases.
- Verdict: A serious tool for those wishing to secure e-commerce, B2B and similar applications.
SafeSign is a subtly different kind of product to the others in this test. It will appeal to those wanting to create a key and certificate infrastructure for identity enablement on critical applications, such as those in the e-commerce or business to business arenas, where secure transactions are crucial.
We tested the SafeSign Authentication Server, part of the SafeSign identity management suite. The authentication server is a Java-based platform, so users will require Java development components deployed on development and production machines.
There is a useful installation and configuration guide in PDF format, although a good working knowledge of the security concepts and technologies involved would help.
The services available can be administered via a management console and an integral token management console, the presentation of which is workmanlike and intuitive. Command line administration is also possible.
The verification service supports PKCS#7 messages, XML digital signatures, IBM CBT signatures, certificates and PDF files. There are signature creation and random number services and PSM/Watchword MAC (Message Authentication Code) and challenge/ response services using Thales PSM or Watchword 3 MAC messages, as well as a generic MAC verification service. Event and error logs are generated and, as an additional security measure, these log entries are supplemented with a sequence number and MAC in order to make any tampering conspicuous.
As the SafeSign Authentication Server is a serious, industrial-strength product for use within transactional-based applications where security is paramount, it is not exactly a “plug and play” application for the average admin to deploy in a few hours.
Similarly, it is not really simply an SSO or user-authentication system in the tradition sense, although it does use certificates and tokens to support the identification of the source and validity of messages and transactions. It will, however, appeal strongly to those involved in designing and setting up secure payment or business-to-business systems.
In conclusion, the SafeSign Authentication Server is a flexible and capable enabling foundation around which to build secure e-commerce or B2B applications.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- The information security implications of M&A deals
- Cyber-security must reflect risk not just regulation
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success