The SolPass Solution consists of three components; the Pass, the SolPass Terminal (Operating System or Sol OS), and GateKeeper Plus which includes two sub-components, the Trust Broker and the Rules Engine. Each component is outlined in more depth below.
The Pass, which is to remain under the control of a SolPass subscriber, resides on a token (such as microSD, SD, USB or SmartCard form factors). The Pass includes a commercial-off-the-shelf (COTS) FIPS 140-2 LOA 3 SPYRUS Rosetta Cryptographic Security Package for Embedded Applications and a solid state drive (SSD) for storage. The Rosetta cryptographic chip on the Pass includes a SolPass Certificate that is OEM’d via ORC’s Federally certified Certificate Authority. The Cryptographic Security Package is tamper-proof, meaning that any attempts to inappropriately access the Pass will “zero” the SolPass Certificate. When a user connects the Pass to the SolPass Terminal they input their biometric identifiers to be stored on the Pass for future use. Any updates to the Pass are done via a SolPass Terminal.
The SolPass Terminal boot drive includes a COTS FIPS 140-2 LOA 3 SPYRUS Rosetta Cryptographic Security Package for Embedded Applications and an SSD for storage. The Rosetta cryptographic chip on the Terminal includes a SolPass Certificate that is OEM’d via ORC’s Federally certified Certificate Authority. The Cryptographic Security Package is tamper-proof, meaning that any attempts to inappropriately access the Terminal drive will “zero” the SolPass Certificate.
The SolPass Terminal boot drive ships with the SolPass, Linux-based, OS. The SolPass OS is digitally signed with a SolPass Certificate, and a SolPass Terminal boot drive will only run an approved/ digitally signed SolPass OS. An enterprise or user must have purchased the hardware and OS license directly from a SolPass licensee. Updates to the SolPass OS (and Pass) can only be accessed via a mutually authenticated SolPass Certificate with a SolPass licensed service. Based on communications with a SolPass GateKeeper Plus, a SolPass OS initiates Virtual Machines that manage specific access to an Enterprise resource(s).
A subscriber initiates set up with a Terminal by introducing a Pass to the Terminal. The Pass and the Terminal mutually authenticate their digital certificates. Upon successful authentication, the Terminal OS initiates a Pass set up routine that includes the registration of a subscriber’s biometric(s). The biometric or biometrics are used to activate the Pass Cryptographic Security Package.
When an active Pass is introduced to a Terminal, the SolPass OS segregates Application Spaces using KVM Virtual machine libraries IAW specified Trust Broker and Rules Engine constraints. Unlike the Pass, several users may use a single SolPass Terminal.
The Terminal can be used to access the enterprise with the established chain of trust or to communicate outside the enterprise as with any device, establishing a separate virtual machine outside of a specific enterprise’s GateKeeper Plus. In any case, there is no untrusted interaction between virtual machines.
A SolPass terminal can be purchased in the form of a personal computer, or, a SolPassX, which turns any existing computer into a SolPass enabled device.
SolPass GateKeeper Plus
The GateKeeper Plus consists of two sub-components: the Trust Broker and the Rules Engine, which manages and enforces rights administration. An enterprise must have purchased the GateKeeper Plus license directly from a SolPass licensee. The Trust Broker and the Rules Engine communicate via mutual digital certificate authentication with each other as well as an Enterprise’s resources and approved Terminals where the security policies are enforced. The entire GateKeeper Plus, the Trust Broker and the Rules Engine, are commonly managed through the Enterprise Administrator’s Dashboard.
The Trust Broker is a COTS application server that runs on a standards-based Linux operating system, under a FiXs® Trust Broker License. The application server uses a SolPass server certificate with its private key protected within any COTS FIPS 140-2 level 3 (or higher) Hardware Security Module (HSM), such as an Thales e-Security nShieldTM. An enterprise’s Trust Broker provisions and manages the Passes and Terminals approved for access to the enterprises resources via the SolPass Solution.
The Rules Engine is a COTS application server and database that runs on a standards-based Linux operating system. The Rules Engine communicates via mutual digital certificate authentication with the Enterprise resources Server certificate. The application server uses a SolPass server certificate with its private key protected within any COTS FIPS 140-2 level 3 (or higher) Hardware Security Module (HSM), such as an Thales e-Security nShieldTM. The Rules Engine captures and allows administration of an enterprise’s security policies and access control rules based on authorized user Passes (that may be bound to enterprise stakeholders) and enterprise authorized Terminals (e.g., devices within brick and mortar, laptops, and/or mobility devices), for access to the enterprise resources. With the SolPass Solution, the Rules Engine can be administered to provide security policies and access control rules that can be enforced at the resource application server or at the Terminal (e.g., an enterprise can set a rule that would disable external communications via all or specific I/O ports).