Blogginlägg -

WebCrypto, Invisible Token and Hybrid Access Gateway

After following the development of WebCrypto for more then three years it is awesome to see how it now slowly becomes implemented by the larger browsers. You can test your browser here.

WebCrypto opens up for very interesting possibilities by enabling native crypto support and secure key storage for web applications (if its secure could absolutely be discussed but it is much better then what we have previously had).

One of the interesting possibilities is an update of Invisible Token. Invisible Token is an authenticationmechanism that makes your browser to your second factor by deploying a seed in the browser. When this was first implemented we where limited to local storage for the seed storage. With the introduction of WebCrypto we can import the seed (HMAC key) as non-exportable. In this way it is will be hard for the user or an attacker to extract the seed adding strength to the browser as second factor.

To make use of the WebCrypto implementation of Invisible Token you first need to upgrade to Hybrid Access Gateway 5.6 and then re-create the Authentication Method. It will not be automatically upgraded.

/Samuel Erdtman

Ämnen

  • Datasäkerhet

Kategorier

  • blog

Regioner

  • Dalarna

Kontakter

Lars Pettersson

CEO +46 8 685 45 60

Relaterat innehåll

Ale kommun stärker säkerhet för anställda

Ale kommun har upphandlat en lösning för tillverkning och administration av tjänstekort som gäller för alla anställda. Kommunledningen ställde krav på att alla anställda skall ha en säker identifikation som också kan användas för säker inloggning samt för passage, print-on-demand etc.

neXus stärker i Mellanöstern

neXus har ingått ett distributionsavtal med Shifra, en distributör i Dubai, vilket gör det möjligt för Shifra att sälja neXus PKI-plattformar i Mellanösternregionen.

Carolen Ytander ny CMO för neXus

neXus stärker sin företagsledning ytterligare och rekryterar Carolen Ytander som ansvarig för marknad, kommunikation och strategisk HR. Carolen kommer närmast från Vattenfall där hon haft flera olika chefsroller, däribland som nordisk marknadschef.

Ny CFO till neXus

Magnus Karlsson tillträder som CFO i Nexus den 22 februari 2016 och blir därmed ny medlem i koncernledningen. Magnus efterträder Björn Johansson som efter nio år i Nexus beslutat sig för att söka nya utmaningar utanför koncernen.

Identitetshantering för banker

Den 12 februari 2016 publicerade den tyska finanstidningen gi geldinstitute en artikel om vikten av Identity Management, identitetshantering, för banker.

Securing your identities for cloud applications like Microsoft Office 365

​Using cloud applications is very common today. Each user tend to use several different cloud services and applications every day in working life. To work efficiently and secure you should define you own cloud strategy for your organization.

The SCIM standards just grew up to become RFC's

Integrity and simplicity for both users and IT-departments just took a huge step forward on the Internet. The SCIM specifications, System for Cross-Domain Identity Management, are now published as publications by the Internet Engineering Taskforce (IETF) as RFC7643 and RFC7644. At neXus we are super proud because we have been playing a key part of the specifications.

The Hacked Jeep is not alone

As I wrote about in the blog post “Demystifying Security and Identities for Internet of Things” it is essential to implement security by design.

The IETF #93 meeting is wrapping up and it was a great week

An very intensive Internet Engineering Task Force (IETF) week in Prague is just winding down. It’s been a great week in warm and welcoming Prague. IETF works on the specifications that together form the Internet and IETF attendees meets three times a year to try to make the internet, slowly but consistently, a better place.

Identity data capture and validation is key

This week I had the pleasure of visiting NORSIS event IDentitet 2016 in Oslo. Very well structured the event started with presentations around the capturing and validation of identity data which is fundamental for the trust in eIDs (and of course other types of credentials).

Explosion in IoT reveals risk of massive black market

In a recent report Gartner predicts that by 2020 over 50% of new major business process and system will incorporate some element of the Internet of Things. From a security perspective this growth will be challenge from many perspectives.

Happy Data Privacy Day!

January 28th is the Data Privacy Day, a date that is currently observed in United States, Canada and 47 European countries.

Server Name Indication and Hybrid Access Gateway

SNI is an extension to TLS that has been around for a while, since 2003, but is becoming more and more important as installations become multi tenant with customers from completely different organizations.