Cryptosign CSP Server from REALSEC, The key to preventing Digital Identity Theft

Today, one of the computer security risks that most individuals and companies are afraid of are the derivatives of digital identity theft.
REALSEC explains what these risks are and how they can be reduced; showing how their solution, Cryptosign CSP Server, meets this objective.
The current digital universe we live in has numerous advantages, but at the same time there is a dark side; that of cybercrime. As explained by Rafael Cuenca, REALSEC Business Development Manager, one of the differences between digital and traditional crime “is that the speed with which these situations occur online worldwide is hard to replicate in the real world, since technology acts as a catalyst allowing, for example, a virus created by a Hacker to obtain universal presence in less than 1 hour.
Another risk worth mentioning is the possibility of someone replicating presence and identity in multiple situations and actions, and finally committing digital identity theft.
According to a study by the European consultants, Dynamics Market, 31% of Europeans surveyed say they have been victims of identity theft out of which 18% are Spaniards. The same study reveals that 37% of these users in Spain have been victims of digital identity theft from attacks by cyber criminals who have used their identity to pull money from their bank accounts.
Currently, we are seeing two new variants of identity theft or Phishing; known as Vishing and Smishing. In the case of Vishing, an email or a telephone call requests the victim to call a phone number to update their personal information or resolve an incident related to their bank account. In this call, data is requested from the victim and then used fraudulently. Smishing follows a similar procedure, but in this case the notice comes as a mobile phone message that provides a link to a web address where the victim is urged to download a program that supposedly, “will solve the problem”; when in fact what has been installed on the computer is a spyware program or Trojan through which cyber criminals can impersonate the victim.
As Rafael Cuenca explains, it’s not about fearing the risks of the digital universe and not betaking of its benefits, but knowing what those risks are “and what is the best way to prevent them, such as the use of digital signature and encryption in our communications systems“.  In this sense, Jesús Rodríguez Cabrero, President and CEO of Realsec, ensures that “the severity of the origin of this problem is not related; in the vast majority of cases, with the use of digital certificates. If they have been generated by a reliable certification authority and are used properly, they are a very secure instrument for authentication and do not pose any risk to identity theft“.
The problem stems from the fact that in many cases the private keys from certificates are not saved and guarded in a secure environment, but exposed in the Windows container, with the consequent risk of theft by any seasoned hacker which later can be used to impersonate and extort the user“, explains the Realsec Director in his blog.
How to prevent identity theft
To prevent Phising as well as its variants, Vishing and Smishing, it is advisable to follow a series of guidelines: it is essential to analyze in which environments and to whom we disclose personal data over the phone and/or email and to not share this information if we are not certain that we are dealing with a trustworthy interlocutor. We must use strong passwords, use banking cards with chip and not magnetic stripe, use secure digital signature for signing documents and other operations… in short, demand maximum security in all processes in which our digital identity can be compromised.
In the case of digital signatures, if we want to be sure about their use and not put our identity at risk, it is essential to use it through a digital certificate that allows authentication and ensure a utilization that won’t be rejected. The digital certificate, contains relevant information from a person or entity and includes the fields for which it is certified (signature, authentication, server…) and the public and private key. This is the basis of the signature and digital authentication and the key to avoiding digital identity theft. Through this system, the entities know who is the issuing authority of the certificate and at the same time can see the revocation list first-hand.
Cryptosign CSP 2.0: Centralized management system of digital certificates
REALSEC combats the risk of digital identity theft in corporate environments with its Cryptosign CSP 2.0 solution.
Problems such as controlling the use and location of the corporate company certificates, the possible fraudulent use by an employee, or malware attacks on equipment in the departments of the company are resolved by this Cryptographic Server network since custody and management is easy and the digital certificate and their private keys are secure.
Cryptosign CSP 2.0 is the perfect solution to perform digital signature operations, email protection and Web authentication; with maximum performance, ease and transparency during administration.
It comes in Appliance format (HSM + Application), which manages the certificates and their relationship user-certificate; preventing its use by unauthorized persons as well as confidential data leaks.
It allows you to work with third party signature applications that use MSCAPI (Office 2010, Adobe X Pro, Internet Explorer, etc.) and at the same time, it has a Java API system that facilitates integration with any application requiring digital signature in a simple and efficient way.
The active protection of the HSM by way of sensors detect intrusions or anomalies by deleting the information. The HSM complies with the FIPS 140-2 level 3 certification. The solution is also certified with the Common Criteria EAL 4 +.
More information at: CryptoSign CSP v.2.0.1

Source: Hay Canal

No Comments
  • Posted at 12:59, 10/10/2015

    Great article David.Encrypting inramfotion can be as simple as making sure your Outlook PST file is encrypted. Most people don’t realize that if they have an un-encrypted PST file, it can be imported into any email client, and all emails can be viewed as if they were sitting at your PC. Take that 1 step further, how would the inramfotion in there allow me to escalate an attack on your system Like I said before, great article, love reading your blog, keep it up Ron

Post a Comment