Menu
Bdrive secures files in the cloud with fingerprints and fragmentation

Bdrive secures files in the cloud with fingerprints and fragmentation

Bundesdruckerei's Bdrive cloud file storage service uses erasure coding to increase redundancy and security

IDG

IDG

Maximum privacy seems to be the goal for the new enterprise authentication and cloud storage services Bundesdruckerei is showing at Cebit this week.

The 250-year-old state printer has moved far beyond its origins as a printer of banknotes and, later, passports, offering all sorts of secure digital authentication services.

At the exhibition in Hanover, Germany, this week it's showing Bdrive, a way for businesses to securely and reliably store important files in the cloud.

Unlike services such as Dropbox, Bdrive doesn't store the files themselves, just metadata about them. The task of storing the files is left to other public cloud storage services.

Those services don't have access to the files either, though: Bdrive's Windows client software encrypts the files and fragments them across several storage services, in such a way that no one store holds all the data; It uses erasure coding to reconstruct a file even when some of its fragments are missing, said Bundesdruckerei's Maxim Schnjakin.

Bdrive records which public cloud services are holding which fragments of the file, which user it belongs to, who has been granted access to it and on what terms. Customers can choose what level of redundancy they would like in the system, said Schnjakin: They pay a subscription fee to Bundesdruckerei, which then takes care of the storage fees for the various cloud services used.

The company isn't ready to name its storage partners, but Amazon Web Services' Simple Storage Service (S3) is an example of the kind of service it might use.

Access to the files is controlled by client software embedded in Windows 10. Bdrive appears as another location alongside Desktop, Downloads and Documents in the Windows File Explorer, and tasks such as sending download links or sharing access rights are accessed from a contextual menu with a right-click.

People invited to download a file receive an email containing a link to it. If a password is required, this must be sent via another secure channel. Clicking on the download link launches some JavaScript from Bdrive, which downloads the necessary file fragments from the various stores, reassembles them and decrypts the file.

For maximum security, control of the Bdrive files is closely tied to an authorized device and to the identity of the file's owner.

To provide stronger security than basic passwords allow, Bundesdruckerei is also showing a privacy-friendly smartcard-based fingerprint authentication system called GoID.

One problem with many biometric authentication systems is that they involve central storage and comparison of users' biometric details, putting them at risk of theft or disclosure.

Not so with GoID, in which the fingerprints are read, stored and compared entirely on the smartcard. The only information that leaves the card is a digitally signed message saying whether the authentication succeeded.

GoID cards are somewhat thicker than a credit card, but would still fit in most wallets. They have a built-in fingerprint reader like that found in high-end smartphones -- not the swipe type found on some PCs -- and are powered and communicate via an RFID interface. In most cases that will mean plugging an external reader into a PC's USB port.

To authenticate, users drop their card on the reader when requested, then place their fingertip on the card. The card also has a built-in numerical keypad for authentication in cases where a fingerprint has not been registered.

Enrollment is performed using the same card and reader: Software on the PC directs the process, but the fingerprint data never leaves the card, said Bundesdruckerei's Eric Stange.

Bundesdruckerei is already using the cards internally, and offers them to customers as part of broader identity management and authentication, said Stange. He wouldn't put a price on the cards, saying it depended on the services sold with them.

In addition to Windows log-on and authentication for Bdrive users, the cards can also be used for building access control. Because users' biometric information never leaves the cards, it's much easier to gain the support of trade unions for their use, especially in privacy-conscious countries such as Germany, Stange said.


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags Cebit 2017

Featured

Slideshows

Sizing up the NZ security spectrum - Where's the channel sweet spot?

Sizing up the NZ security spectrum - Where's the channel sweet spot?

From new extortion schemes, outside threats and rising cyber attacks, the art of securing the enterprise has seldom been so complex or challenging. With distance no longer a viable defence, Kiwi businesses are fighting to stay ahead of the security curve. In total, 28 per cent of local businesses faced a cyber attack last year, with the number in New Zealand set to rise in 2017. Yet amidst the sensationalism, media headlines and ongoing high profile breaches, confusion floods the channel, as partners seek strategic methods to combat rising sophistication from attackers. In sizing up the security spectrum, this Reseller News roundtable - in association with F5 Networks, Kaspersky Lab, Tech Data, Sophos and SonicWall - assessed where the channel sweet spot is within the New Zealand channel. Photos by Maria Stefina.

Sizing up the NZ security spectrum - Where's the channel sweet spot?
Kiwi channel comes together for another round of After Hours

Kiwi channel comes together for another round of After Hours

The channel came together for another round of After Hours, with a bumper crowd of distributors, vendors and partners descending on The Jefferson in Auckland. Photos by Maria Stefina.​

Kiwi channel comes together for another round of After Hours
Consegna comes to town with AWS cloud offerings launch in Auckland

Consegna comes to town with AWS cloud offerings launch in Auckland

Emerging start-up Consegna has officially launched its cloud offerings in the New Zealand market, through a kick-off event held at Seafarers Building in Auckland.​ Founded in June 2016, the Auckland-based business is backed by AWS and supported by a global team of cloud specialists, leveraging global managed services partnerships with Rackspace locally.

Consegna comes to town with AWS cloud offerings launch in Auckland
Show Comments