I found this Cloud Identity concept from my documents. It´s written some years ago for a SignWise project, but we never developed this solution. If you think that you want to implement it then you can contact me.
Cloud Identity service helps you meet corporate, contractual and regulatory compliance requirements for electronic Identity security by using dedicated Hardware Security Module (HSM) appliances within the SignWise Services. With SignWise Cloud Identity, you control the encryption keys and cryptographic operations performed by the HSM.
SignWise offers a variety of solutions for electronic authentication and within the SignWise Services platform. SignWise Cloud Identity fulfills most of the rigorous contractual or regulatory requirements for managing cryptographic keys. Additional protection is sometimes necessary. Until now, your only option was to store the electronic ID owner encryption keys in your SIM cards, smart cards or on-premises data centers. This prevented you from migrating these applications to the cloud or significantly slowed their performance and was offering poor usability and/or roll-out. SignWise Cloud Identity service allows you to protect encryption keys within HSMs designed and validated to government standards for secure key management. We securely generate, store, and manage the cryptographic keys used for electronic authentication and electronic signing and are accessible only by electronic ID owner. SignWise Cloud Identity helps you comply with strict encryption key management requirements without sacrificing business requirements.
The SW Cloud Identity service works with SignWise Services and with SignWise Portal. Cloud Identity instances are provisioned inside SignWise Services, providing simple electronic Identity for SignWise Services user and visitors. SignWise provides dedicated and exclusive (single tenant) access to SignWise Identity Cloud instances, isolated from other SignWise Services customers. Available in multiple Regions, SW Cloud Identity allows you to offer secure and durable electronic Identity scheme to your customers.
Customer or visitors can use cryptographic keys with One-time passwords (OTP) which is sent via SMS offer the convenience of using a mobile phone while adding the security of out-of-band delivery. Mobile phones are one of the very few devices most people already carry and actively protect. SMS offers a familiar platform for OTP delivery without the need for companies to own, distribute, or replace stand alone delivery devices.
Besides being familiar to the end user, OTPs via SMS feature true out-of-band delivery. Man-in-the-middle (MITM) and other malware attacks often hinder password reset attempts by intercepting messages between the user and the entity attempting to deliver the new password. By delivering OTPs over the phone network, an MITM attack is unable to intercept the delivery of the password.
SW Identity Cloud protects your customer and visitor’s cryptographic keys with tamper-resistant HSM appliances that are designed to comply with international (Common Criteria EAL4+) and U.S. Government (NIST FIPS 140-2) regulatory standards for cryptographic modules. We retain full control of your keys and cryptographic operations on the HSM and we will manage and maintain the hardware without having access to your keys.
By protecting your customer and visitor’s keys in hardware and preventing them from being accessed by third parties, SignWise Identity Cloud can help you comply with the most stringent regulatory and contractual requirements for key protection.
If you need to track resource changes, or audit activities for security and compliance purposes, you can review all of the Identity cloud API calls made from your account through SignWise Services API. Additionally, you can send client log messages to your own collector.
POST IS WRITTEN BY
manager @SignWise Services and electronic identity expert
I have primarily worked as an R&D visionary and adviser for PKI-based authentication, eSigning, eSignature validation and eAuthorization services. I was part of the team that worked on the Estonian electronic identity for the Ministry of Economic Affairs and Communications, creating service portals for local authorities and annual electronic reports submission system for the e-Business Registry – winning the Best e-Government Solution award at the World Summit Award in 2011.
Learn more about electronic identity and document signing trends and how you can get the support for your business by contacting SignWise Services team now.