TLS

Transport Layer Security is a security protocol designed to improve data security over the Internet. TLS is primarily used to encrypt communications between web and servers, such as emails, messaging and voice over IP (VOIP).

TLS can help prevent data breaches and DDoS attacks through three principal elements: encryption, authentication and integrity:

  • Encryption hides third-party data during transfer
  • Authentication ensures the identity of the parties exchanging information
  • Integrity makes sure that data has not been forged or tampered with.

TLS1.3 updates the most important security protocol on the Internet, delivering superior privacy, security, and performance. Security needs to be guaranteed when using sensitive transactions such as online shopping, payments, exchange of medical information and so forth.
TLS 1.3 provides additional privacy for data exchange, protecting the identities of users and preventing traffic analysis.

Device Secure Elements

A secure element is a microprocessor chip providing an extra layer of security compared to standard ones and storing sensitive, confidential and cryptographic data and running secure applications. These chips protect the devices from a wide range of attacks, while dealing with a series of operations such as authentications, digital signatures, and mobile payments.

Secure elements can be embedded directly in the devices or in SIM cards. When embedded in devices, they must guarantee security throughout the device’s lifecycle, so that it doesn’t become obsolete. Secure elements are continuously updated to enable them to deal with new dangers.

Data Masking & Encryption

Data Masking & Encryption are two different methods to ensure data protection and they significantly improve their efficiency if used in combination.

Masking is the technique through which personally identifiable information (PII) are hidden or de-identified. The level of obscuration can be adapted according to the role of the user accessing the data. Data involved in masking must remain meaningful while preventing reverse-engineering. Data-masking includes different techniques such as substitution, shuffling, and number and data variance.

Encryption converts data into unreadable texts by means of non-readable mathematical calculations and algorithms, so that a decryption key or a password is necessary to read it. Encrypted data is commonly referred to as ciphertext, while unencrypted data is called plaintext.

OAUTH

OAuth is an open-standard protocol for authorization to grant applications with “secure designated access”. This protocol authorizes one application to interact with another without having access to the users’ password. The most common example is that an application can access a user’s profile through one of its social networks’ login.

This is possible because OAuth uses authorization tokens instead of passwords to prove an identity. Since OAuth is a standard for authorization, its function is to ask for authorization, not for authentication. This system increases security because in case of a breach in the application that used the user’s login for authorization, the password remains safe.

ISO 27001

ISO/IEC 27001 is the standard that deals with the Information Security Management System (ISMS). It is the only standard that defines the requirements for ISMS to guarantee satisfactory security controls. When compliant with this standard, a company can demonstrate that it is able to protect its records or those of third parties.

Its aim is to ensure the confidentiality, integrity and availability of information, among other features.
Confidentiality makes information available only to authorized persons. Integrity relates to the accuracy and completeness of the information, and availability grants access upon request by an authorized entity.

ISO/IEC 27001 governs communications and information in all their forms: written documents, verbal communications, e-mails and letters, even conversations in public places.

BUSINESS PARTNERS

topcon