Security must be simple.According to this basic principle, the user interface of sayTRUST Secure Access was devised. Since a compromise had to be always undertaken with conventional VPN- solutions, sayTEC AG has taken all the suggestions of customers into consideration while developing sayTRUST Secure Access. The outcome of this development is a tool with both high security and easy usage.
In addition to generally recognized standards, other security features (SSL, TLS, X.509 with a 2048-Bit certificate, Diffie-Hellman Perfect Forward Secrecy dependent on the personal user certificate) and additional unique features were implemented. This includes an application-based connections in the tunnel (instead of the common Layer 2 or Layer 3 VPN). A malicious software will be recognized and devalued already at the entrance of the tunnel. With a respective CA (Certificate Authority), the certificates are self-created and not obtained from a foreign source. The whole communication will be built from the Random-Access Memory of the Client’s computer. Therefore, no data remnants which must be evaluated later remain neither on the computer nor on the link. That’s why, “Man in the middle attack” much loved by hackers, is not possible. For the encrypted communication, neither a specific virtual Network card and so nor a separate IP address from the too protective network is required. From the outside, not only the network and related information but also on the client PC, the connection is invisible. The device has and does not recognize any network information about the remote network to be protected.
It is especially pleasant for the user to be able to carry his/her work environment with him/her thanks to sayTRUST Secure Access Sticks. The administrator configures the authorization right and thereby the work environment of the user and the access right to the applications and directories. Log in once and the automatic access right for all approved applications is created, without annoying repetitive password entry, the wish of every user. The password manager takes care of highest security for Single-Sign-On. In doing so, via the secured data base of the user, the log in to various applications and/or platforms will be done with the existing passwords. While invoking a favourite application, the Single-Sign-On module takes care in the background of a secure authentication. Individual uses are of course protected with different passwords.
Target groups for mobile applications are e.g. field workers, home-based workplaces, maintenance technicians of service providers or groups who must be strictly separated according to applications. Thereby, at schools the separation of student, teacher and administrator is enabled. At hospitals, the patients’ files are accessible to only authorized individuals from the medical field and the administration. In the field of industry, data and access for the development team will be separated from each other securely.
