• About
  • Management team
  • Customer references
  • Partners
  • Careers
  • Investors
• Products
  • Cryptolog Unicity
  • Cryptolog Identity
  • Cryptolog WebPass
  • CUTE
  • Cryptolog Eternity
  • Cryptolog OCSP Responder
• Solutions
  • Strong authentication
  • Digital signature
  • Paperless procedures
  • Secure email
• Services
  • Software development
  • Integration
  • Cryptography consulting
  • Outsourced services
• Contact us

Cryptolog Unicity Remote

A global server - a centralized DIMS

Why a "Remote" version?

Cryptolog Unicity Remote is a version of our flagship product Cryptolog Unicity where private keys are stored on a remote Unicity server and where initial authentication to this server is performed using a One-Time Password (OTP) provided by a specific hardware. Alternative authentication methods such as secure login/password or biometry can also be used for specific needs.

By using OTP as the authentication method to access strong cryptographic material, Cryptolog Unicity Remote empowers users with encryption and signature functionalities that can only be activated by the end-user using his or her own authentication device, making identity theft almost impossible.

By combining the best of OTP and PKI technologies, Cryptolog Unicity Remote is the best option to strongly authenticate your customers, partners and employees and provide them with up-to-date encryption and digital signature technologies, while avoiding the issues associated with installing smart card readers and USB tokens. Since there is no physical connection between the authentication device and the end-user's PC, it is particularly suited for web services such as online access to banking accounts and online transactions where ease-of-use is a key factor of acceptance.

As a result, Cryptolog Unicity Remote appears as the best compromise to deploy a centralized Digital Identity Management System by ensuring that each private key can only be used by the legitimate user while in possession of his or her personal authentication device. Cryptolog Unicity Remote is currently compatible with OTP authentication devices provided by most leading manufacturers. Privileged partnerships with specific vendors will be announced soon.

Global architecture

When a user logs on an HTTPS site requesting a bi-authenticated session, signs a PDF form, sends an electronically signed email or decrypts an email, the user's PC OS (Windows/Unix) checks the available CSP or PKCS#11 interfaces; the Cryptolog Unicity plug-in software installed on the user's PC then connects to the authentication server (acting as a reverse proxy) corresponding to the OTP device used. That triggers the pop-up where the user enters his/her OTP. Once the OTP has been validated by the reverse proxy, the cryptographic requests are directed to the Unicity Remote server where they are processed.

Alternatively, in order to answer your specific needs for strong authentication (SSL bi-authenticated) to a website, also for web form electronic signature and encryption, the solution Cryptolog Unicity Remote can be implemented with the Cryptolog WebPass Java applet, thus avoiding a plug-in installation on your users's PCs.

All signature or decryption requests are lightweight messages. To proceed with the requests, the Unicity Remote server uses the user's private keys: asymmetrical keys stored on the server, encrypted with a wrapping key stored inside the HSM, to ensure that they can only be used inside the HSM (thus making their extraction totally impossible).

The values calculated by the HSM are sent back to the user's PC, to be redirected onto the applications having previously requested the cryptographic material hereby obtained: bi-authenticated HTTPS session, PDF signer, mail client...

As for the end user, all these operations are completely transparent and instantaneous.

Cryptolog Unicity Remote acts exactly as a smart card, (signing and decrypting data to be used by the end user), remotely activated by a PIN code (the OTP displayed by the authentication device). All documents to be signed or decrypted go back and forth through a strongly authenticated SSL tunnel between the user's PC and the Unicity Remote server.

Technical specifications

Integrating Crypotolog Unicity Remote into your existing infrastructure requires:

• A PKI: Cryptolog Unicity Remote is compatible with Cryptolog Identity or any other standards-compliant PKI.
• The Cryptolog Unicity Remote software: You have the choice between installing Cryptolog Unicity Remote in-house or making use of Cryptolog's outsourced hosting solutions.
• An authentication system: Users can authenticate through an OTP device associated with Cryptolog Unicity plug-in or Cryptolog WebPass, Cryptolog's highly secure technology for the use of private keys and digital certificates, or through an alternative authentication system such as biometrics or any standards-compliant authentication device.

Supported systems and standards

Cryptolog Unicity Remote supports the following systems and standards.

Copyright © 2006 Cryptolog International