Securing identities

Tarun Srivastava, Technical Account Manager – India & South East Asia, Nexus discusses the range of PKI solutions from Nexus

 Elaborate about your focus on identity issuance solutions

We are into identity management solutions, issuing identities to people and devices. For organizations of any size, we issue, manage, and utilize trusted identities for their workforce, workplace, and the Internet of Things (IoT). We can issue identities to all devices that accept public key-based or certificate-based identities. The uniqueness of our solution is that we can deal with all three types of identities.  One is the visual identity that we show to other people. Then there is a digital identity that we use to access systems and services. And then we have physical access cards like PAN cards issued in India and so on. We can issue all three types of identities from the same platform

 How’s the growth in this region for your solutions? What are the different opportunities you see?

It has been good. There have been many customer wins. We have clients in sectors including telecom, banking, government etc.

Telecom companies, government entities, utilities, manufacturing, IoT service providers or equipment manufacturers would be our target clients.

For instance, PKI solutions from Nexus help secure communications between machines enabled with IoT sensors in a manufacturing setup and ensure security compliance. Nexus Smart ID IoT platform provides and manages the trusted identities required to secure Energy IoT systems (Smart Grid) applications and ensures security regulation compliance. On the automotive front, we can also secure vehicle-to-vehicle communication for connected cars.

On the enterprise front, we also give PKI certificates for both employees and workplace devices. Nexus Smart ID helps issue digital and physical identities to the workforce. Our Smart ID Workplace helps automate enterprise certificate provisioning for both domain endpoints, such as machines and servers, and non-domain endpoints, such as dev ops servers, mobile devices, and networking devices.

How is India as a market for PKI solutions?

India has been a good market for PKI solutions for long since 2002. All the certificates in India that are issued to the citizens, are based on Nexus. There is an Aadhar or a UID based secure digital signing mechanism also running on our platform. So, the market in India is quite strong, and adjoining countries like Nepal and Bangladesh are also using this platform.

 Identity protection is a critical frontier. What challenges do you see in dealing with this?

As an issuing entity, we have to store user or citizen data which needs to be secured and also reveal it in such a way for legitimate use without revealing any PII (Personally identifiable information). Every device has its protocol for issuing certificates. Our solution is compliant with the latest standards but covering all sorts of devices is a challenge. And with the likely emergence of quantum computing in the future, the challenge or threat could witness an exponential increase. We have a roadmap though for quantum computing with the necessary algorithms and protocols.

How does your solution work in issuing identities?

Our solution is building a public key infrastructure. The relationship between the cryptographic keys is such that they work in pairs. Once you encrypt data with a public key, only the holder of the associated private key can decrypt it. You can’t even decrypt it using the same public key that encrypted it.

So based on the use case, we use the keys in such a way that when you have to prove your identity, then you sign something with your private key. And when someone tries to verify your identity, then they verify it using this public key. Encryption works in the opposite way, when someone has to encrypt something, they can simply introduce a new public key. And because you have the corresponding private key, you can open that. This is the basis of the solution that we have. Using this technology, we assign public keys to the users and bind them to the user using their credentials. So that combination is called a certificate. A certificate is essentially a user’s credentials along with a public key. Using that, the identity is established. Wherever a user chooses an identity, he signs it with his private key, and then it can be verified with the public key. For telecom customers, a possible use case is device authentication. Whenever a device comes onto the network, it signs a random number with the private key, and this is ultimately matched by the server random number. If it matches, the device authentication is complete. Then a TLS (Transport Layer Security) session is established between the end device and the Central Server. That happens using a key exchange, which uses public key infrastructure. So it gives encryption solutions, identity, and authentication.