Freely subscribe to our NEWSLETTER

The CaaS service offered in SaaS mode, based on technology developed by Etsem, is a complementary component to every program and application: e-mail, accounting, CRM/ERP, production, CAO, medical, mail, invitations to tender, Workflow and archiving so as to respond to secure downloadable digital constraints and to the permanent confidentiality of data.

In order to guaranty the confidentiality and probative value of exchanging digital
documents, ETSEM has developed a technology that enables: proving the sender’s
identity, verifying the identity of the receivers, encrypting all the flux exchanged,
certifying the integrity of data sent and received, transmitting an official certificate
of receipt, signing the data, if necessary, dating and signing the actions of sealing,
opening, delegation and acceptation of content, certifying the totality of the process
and keeping legal traceability for the entire chain of treatment.
ETSEM technology aligns itself with SaaS enterprise applications by dint of APIs and
covers all aspects necessary for the security of the transfer and stocking of
downloadable digital data and enables guarantying confidentiality and probative
value.

In order to respond to all of these aims, the technology developed by ETSEM
integrates the different aspects of this multiple problematic at the crossroads of
current cryptosystems, public key infrastructures (PKI) and constraints linked to
downloadable digital transmission and externalizing businesses’ critical data.
In the era of the Web 2.0, multinationals and also small and medium sized
companies and microbusinesses are already in the process of exchanging and
externalizing their data (and thus downloadable digital transmission) and even their
applications (SaaS), tendencies to which can be added mobility (PDAs,
smartphones…), nomadism (offices, airports, hotels…) and collaborative work (sharing data).

ETSEM technology is thus composed of automated encryption, a system of
extended certificates, a process of downloading digital data and data flux and
powerful inert authentication measures.
Automated encryption
One of the major difficulties of current cryptosystems, not excluding public key
infrastructures (PKI), rests upon administration and sharing encryption keys. We
have also observed that there is a lack of interoperability between encryption
protocols.

Most often, this incompatibility is linked to the implementation of the
protocol and not its mathematical foundations. One example would be asymmetric
protocols such as PGP, GPG and RSA.

ETSEM technology offers a line of standard asymmetric and symmetric
cryptographic protocols that enable the user to choose the encryption technique
adapted to their specific needs.

For all practical purposes, this technology favors a strong cryptographic protocol for
stocking data and a light encryption for data flux. So as to optimize the calculation
times, these encryptions are made using a symmetric key. The size and type of its
protocol vary depending upon the security situation originally chosen: RSA
1024/2048/4096bit, Triple-DES 192bit (3x64), AES 128/256bit or SHA-2 512bit.
A system with a wide range of certificates
ETSEM technology is based upon an original system of dynamic certificates that are
simple to implement and ensure the secure use of ETSEM’s cryptosystem.

There are
three principal dynamic digital certificates: the Private Digital Certificate, (CePR),
the Negotiated Digital Certificate (CeNE) and the Independent Security Policy
Digital Certificate of (CePS).

The private digital certificate possesses all of the data relative to a proprietor,
notably those parameters useful to a cryptosystem as defined by the user as well
as declarative and authentication information that this user has saved.
Please note that the identity of a private digital certificate bearer can be reinforced
by importing an X.509 certificate delivered by a trusted Certification Authority (CA),
if necessary.

This private digital certificate is kept secret by ETSEM technology and can only be
interrogated by the user that owns it, after they are authenticated. With a CePR,
the user can securely manage their data’s confidentiality, whether it is flat files,
data flux or information saved in a database.

To control the circulation of their data, the user owning a CePR will define a digital
certificate security policy generated using dynamic and contextual circulation
(defining the context, duration, geography, and provisions), uniquely applicable to
the CePR.

The negotiated digital certificate (CeNE) is used by ETSEM technology to associate
two or more private digital certificates within the framework of a large and reciprocal exchange of data between users. Each of the entities recorded in the CeNE will possess their own CePS thus defining the security and authorization parameters for incoming/outgoing data flux from or to their respective information systems.

A downloadable digital process for data and data flux
ETSEM technology possesses two distinct data formats for different uses:
– a format specific to stocked data;
– a format specific to data flux.

The data is entirely encrypted and authenticated and permanent monitoring of data
and metadata integrity is applied to the formats as is universal timestamping of
data history.

The formats of this technology systematically load information relative to the
sender’s and receiver’s authentication by affixing their respective electronic
signatures to the verification fields intended for this purpose.
ETSEM technology formats dispose of embedded digital index bundles enabling the
user to control the data’s authenticated traceability at any time.
Strong authentication measures
Strong authentication is made possible through an inert measure in the sense that
no nominative data is stocked (as opposed to Token).

The advantage of this particularity is that it enables successively sharing with
several different users in a multisession and, in case of loss, the sharer has no way
of exploiting the owner’s data.

This measure is possible with any type of fixed or mobile terminal via the Bluetooth
wireless protocol or through the USB port and enables secure communication with
Etsem technology’s light client that has been installed on the terminal to transmit
secure data to the server.
In addition, this measure can transmit timestamped and geographically positioned
data (via a GPS signal) to the client that can be exploited by ETSEM technology’s
server thus reinforcing the control over data circulation as defined by the CePS.

It is from this measure that the user can access the ensemble of the certificates
(CePR, CeNE, CePS…) via strong authentication (AFIS, Smart Card, token) or an
SSO type (login + password) access and trigger ETSEM technology’s automated
control parameters.

With the ensemble of its uses, ETSEM technology allows you to obtain a
significantly higher level of data security in SaaS mode than with Intranet.

ETSEM thus eliminates the reluctance often expressed by businesses when
confronted with SaaS offers.

In addition, the technology developed by ETSEM ensures the total control
of data by selecting the files circulated and available for consultation in
function to the profile of each final user or their location.