OneNet™ and OneSec™ Secure Applications

Security Platform

All the secure applications share a common security platform, called OneSec™, which provides the administrators, controllers and users, a common interface for Registration, certification, Audit Logs, application handling etc. as required by each application.

The common user interface has the following common format which allows the user to manage their local security environment including their passwords, pin, smart cards, certificates, profiles, applications and audit logs.

OneSec Common User Interface

Enhanced Security

The use of OneNet™ and OneSec™ secure applications together with the OneNet/Java development features allows the immediate use of the digital certificates generated by the OnePKI™ and, more importantly, transparently implements strong certificate validation to ensure that certificates provide the security that is intended.

To correctly take advantage of the certificate verification and ageing features of the OnePKI™ infrastructure The OneNet™ and OneSec™ applications and the OneNet/Java development tools can be used to provide this enhanced level of security over and above what is normally found in more simple certificate applications.

The essential difference between, for example, browser security provided by native security features of the popular browsers and the same security services provided by OneNet/Web module is in the handling of certificates. Browsers have very poor and limited processing of certificates, thus supporting only low assurance certification policies. They allow use of unverified certificates, they do not enforce use of CRLs, they do not use all certificate extensions, and they do not support secure cooperation between multiple security domains (PKIs), across Bridge CAs. The certification section of the OneNet/Web and Java module performs all these functions, thus it supports medium and high assurance certification policies.

OneSec™ User Authentication

All of the OneNet™ applications share a common user authentication interface. The user logs into their local certificate store or personal smart card using a user name and password on the client, shown below,

OneSec™ Client login

or by use of a smart card if the OneCard™ option is installed:

OneSec™ Login using Smart Card features

Using the simple OneSec™ common interface the user can locally manage their certificate registration and administration and change passwords and so on with the local OneSec™ administration application.

OneSec™ Certificate Management features

Once the user has enabled their certificate store then they can be authenticated to any of the OneNet™ and OneSec™ applications without further user input. All the advanced certificate validation checks are performed automatically by the OneSec™ security system, and require no further user intervention. This also applies to any applications enhanced with the OneNet/Java development tools, so, once the application is OneSec-enabled all the certificate validation will occur automatically.

Single Sign On

By using the OneSec™ common client interface, users automatically get the benefits of Single Sign On (SSO). Users only need to authenticate to OneSec™ once per session and they enable all their secure applications. There is no need to login to each application separately if the application is OneSec-PKI-enabled.