What is Safeway 2.0?

Safeway 2.0 has been specifically developed to assist in the management and validation of digital certificates, digital signatures, and OTP devices.

Safeway 2.0 centralizes the management of digital certificates and OTP devices through a web application and it centralizes the validation requests of certificates, digital signatures and OTP passwords through Web Services fully developed with Java technology and industry standard compliant. In addition to offering choice in terms of security mechanisms (digital certificates, OTPs or both), it permits using them in all the applications that require it. Because it centralizes management and validation, it reduces security risks and administration and maintenance costs, facilitating the incorporation of new systems without the need for repeated investment in licensing or development of existing solutions, etc.

Safeway 2.0 provides security, audit and log mechanisms to meet the highest requirements, and it provides safe repositories for information, activity records and access and application statistics.


Features

To ensure the identity of the users, clients or systems and guarantee that they are actually authorized to access confidential information or make a certain operation, Safeway® validates the integrity of the certificates, digital signatures and OTPs, verifies they are active, they have not been revoked or blocked and they are associated to the users who have presented them.

To meet this objective effectively, Safeway® is based on the following functionalities:

For digital certificates and signatures:


  • Management of digital certificates of CA's (Issuing Entities or Certifying Authorities): Record creation, modification and elimination.
  • List of active, revoked or to be activated certificates.
  • Validation of digital certificates and signatures


For OTPs:


  • Importation of OTP devices from a DPX file sent by the hardware provider.
  • Assignment of an OTP device to an individual/user.
  • Display of information provided by an OTP’s manufacturer once it is related to an individual.
  • Additional information provided by Safeway: valid date, status (active, suspended or revoked), channel to receive a validation application, comments, etc.
  • List of devices indicating assigned user, status, series number and expiration date.
  • OTP password validation via web services.


For general administration:


  • Administration of all the information by means of a web application, with high security levels both for information storage and system entry.
  • Audit of each validation requested to Safeway® from external systems.
  • Audit of each operation made by a user from the administrative application.
  • Statistical Information of the system’s activity.


Safeway also incorporates mechanisms that enable greater security of the information it stores through:


  • Restricted access with use of profiles, user and password, enabling implementation of role separation and conflicting interests. For example, profiles of users authorized to enter OTP devices or digital certificates, cannot activate them.
  • Audit of the entire activity: both of validation applications as that generated through the management system.
  • Protection of information through using digital signatures on sensitive information.


Other important features:


  • Direct communication with application servers: the system is available to receive direct queries from any system via Web Services. That enables simplifying the company’s network architecture and applications because it centralizes this information. The system offers its functionalities through Web Services using the SOAP standard protocol. Together with HTTP and SSL, they ensure not only a high level of security, through the potential use of digital certificates to validate the authenticity of the system requesting the validation, but they also enable an easy integration of the system to future developments because these protocols have been standardized and widely used in the market. Even though the use of SSL increases the security level of the solution, is not a requirement for the application’s operation. Security is also added by requiring the authentication (system and password identifier) in each call made to Web Services.


Technology

Safeway has been developed using Java technology and according to industry standards. So Safeway can be installed in different platforms without the need to change version or make adaptations.


Requirements

Software Requirements


Two alternative software platforms are proposed for implementing the solution:


Option I:

  • Operative System : Red Hat Linux 9.0
  • Data Base : MySQL 4.1
  • Application Server: Apache Tomcat 5.x
  • Sun Java 2 SDK 1.4.x

Option II:

  • Operative System : Windows 2000, 2003 or XP
  • Data Base: SQL Server 2000 (or MySQL 4.1)
  • Application Server: Apache Tomcat 5.x
  • Sun Java 2 SDK 1.4.x

There are no functional differences between the platforms and in both cases the relational data base can be stored in the same equipment as the application or in separate equipment. The solution can be scaled to farm mode if the activity requires it. In both configurations another web and/or application server can be used, such as IIS + Tomcat, IBM HTTP Server + WebSphere Application Server, IIS + BEA WebLogic, etc.


Hardware Requirements


  • x86 1.5Ghz Processor
  • 512Mb RAM
  • Ethernet Interface 10/100Mbps