Signum is an Enterprise Security and Cryptography Platform, designed to protect sensitive digital assets from the moment they are created and as long as required
Your systems and users create and exchange vast amounts of data assets, often without any protection of confidential material. Signum steps in to mitigate these issues in a cost effective manner.
Larger enteprises use various different software systems in their day-to-day business processes. Systems and their users create various documents of varying confidentiality level, and in large volume. Many of these assets lack even the most basic protection:
Upgrading large software systems with security features, as well as legacy systems, is a slow, expensive, and often unfeasible undertaking. Integrating these systems in a secure manner can present an even bigger challenge, especially with ever-increasing data exchange between business partners.
Signum acts as a security mediator between users, software systems and business partners. It allows for easy data protection and secure integration, while at the same time employing highest levels of cryptography and secure data exchange.
Your enterprise becomes more compliant to security standards and requirements defined by ever growing threats.
Signum features several different mechanisms, or modules, working together to protect data integrity, as well as provide nonrepudiation and verification tools. Total data encryption provides security during transfer and storage.
Signum comes with integrated distributed digital signature server.
Along with regular digital signatures, EU AdES standards are supported based on Qualified Certificates.
Automated data type validation and digital signature verification provide system-wide protection even before a document enters your business processes.
Applied to digital signatures, transactions or audit logs, trusted timestamps provide a secure means of tracking the exact creation and modification times of documents, as well as other arbitrary data.
Fully encrypt and store your digital assets with Signum Document Vault and its DMS services, or by integrating the platform with your document management system.
Multi-dimensional data structure allows you to create complex document relations and quickly access any document and any version.
Know when a message has been delivered and opened by transaction participants, with full control over payload decryption process.
You can even choose to send data first, and provide access to it later.
Total data encryption for storage and transfer is achieved with a minimum of 5 different keys.
256 bit cryptography for symmetric algorithms and 2048 bit for PKI are mandatory. Signum is configurable and can provide you with larger, more secure and future proof keys.
End-to-end security is provided by Signum, meaning that it can provide you with maximum data protection even in an unsafe, open enfironment.
This is a welcomed feature when dealing with various business clients with different security standards, however it is strongly recommended a TLS infrastructure with a minimum od 2048 bit key is provided.
Communicate with your partners via Signum. Providing you with a trusted alternative to unsecure emails or chat, Signum handles every payload with maximum protection mechanisms.
Our unique approach to data security led us to develop the 5+ data transport protocol.
We jokingly call it "The Paranoid Protocol". Here is why:
The Payload Session key is a one-time created key that wraps data during transfer and storage. It si dynamically created and is never reused, no matter how small the message was.
This key can only be accessed by parties involved in the transaction. Therefore, they are the only ones that can ever access encrypted data.
This layer consists of two key pairs, the Sender and Receiver keys, with trust established by a mutually trusted Authority. The keys provide identity assurance for every participant, as well as provide access to data.
Based on your scenario, these keys can be stored on hardware devices such as smart cards, loaded into software system, or can be dynamically generated per each transaction.
Note that this is a simplified representation - there can be an arbitrary number of participants in a transaction, each with their own set of keys generated in different ways.
Transaction details and metadata are protected with the server encryption key used by Signum Platform
Ideally, this key is stored on a Hardware Security Module, but can be also defined on system startup
The key is never stored on disk
Full user authentication, authorization and auditing is available, with option to integrate with existing SSO providers, LDAP etc.
Authentication and authorization management is also provided for all 3rd party systems integrated via Signum
dsds..usr managements or sso
Running Signum in a TLS protected environment is a strong recommendation, even though its end-to-end encryption allows it to exchange messages over an unprotected network
Supported mutual certificate-based authentication can be a preferred way to authenticate 3rd party systems