Credit: Peter Sayer
Maximum privacy seems to be the goal for the new enterprise authentication and cloud storage services Bundesdruckerei is showing at Cebit this week.
The 250-year-old state printer has moved far beyond its origins as a printer of banknotes and, later, passports, offering all sorts of secure digital authentication services.
At the exhibition in Hanover, Germany, this week it's showing Bdrive, a way for businesses to securely and reliably store important files in the cloud.
Unlike services such as Dropbox, Bdrive doesn't store the files themselves, just metadata about them. The task of storing the files is left to other public cloud storage services.
Those services don't have access to the files either, though: Bdrive's Windows client software encrypts the files and fragments them across several storage services, in such a way that no one store holds all the data; It uses erasure coding to reconstruct a file even when some of its fragments are missing, said Bundesdruckerei's Maxim Schnjakin.
Bdrive records which public cloud services are holding which fragments of the file, which user it belongs to, who has been granted access to it and on what terms. Customers can choose what level of redundancy they would like in the system, said Schnjakin: They pay a subscription fee to Bundesdruckerei, which then takes care of the storage fees for the various cloud services used.
The company isn't ready to name its storage partners, but Amazon Web Services' Simple Storage Service (S3) is an example of the kind of service it might use.
Access to the files is controlled by client software embedded in Windows 10. Bdrive appears as another location alongside Desktop, Downloads and Documents in the Windows File Explorer, and tasks such as sending download links or sharing access rights are accessed from a contextual menu with a right-click.
For maximum security, control of the Bdrive files is closely tied to an authorized device and to the identity of the file's owner.
To provide stronger security than basic passwords allow, Bundesdruckerei is also showing a privacy-friendly smartcard-based fingerprint authentication system called GoID.
One problem with many biometric authentication systems is that they involve central storage and comparison of users' biometric details, putting them at risk of theft or disclosure.
Not so with GoID, in which the fingerprints are read, stored and compared entirely on the smartcard. The only information that leaves the card is a digitally signed message saying whether the authentication succeeded.
Sign up for Computerworld eNewsletters.