GeDaP KISS (KeyTalk IoT Secured Sensors)
KISS strengthens the security of Edge Devices on a network, automating the creation and exchange of short-lived digital certificates at frequent intervals. With its automatic authentication (device identity) and robust encryption KeyTalk provides the security of PKI without the bureaucracy. Highly scalable objects can be readily connected and secured .
Features
- Protects against Man-in-the-Middle, Brute-Force & Phishing
- Creates unique hardware device signature replacing 2FA
- Unifies authentication into a single standard based on internal IAM
- Push/Pull capability designed for "Things" not "clients"
- Encryption key length 512-4096bit RSA or <512bit ECC
- Based on short-lived digital signatures combined with Trusted Device recognitio
- Patented on-demand technology automates client certificate distribution
- Automated certificate Life-Cycle Management
- Support for SSH SCEP CMPv2 EST
- Key length configurable for short periods
Benefits
- Protects end-user IoT and M2M devices from Cyber Attacks
- Device hardware components used to create unique signature for authentication
- Short-lived digital certificates ensure data integrity
- Confidentiality of Data-in-Motion ensured by high-level encryption
- Sensor tests ensure accuracy and reliability optimising support
- Secure (PKI) protects even simple unintelligent sensors
- Automated certificate distribution reduces administration costs
- Ease of integration with multiple network infrastructures
- Automated certificate distribution reduces administration costs
- No requirement for Certificate Revocation lists
Pricing
£0.40 to £3.30 a device a month
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
6 6 0 6 1 2 5 2 3 6 8 8 3 0 3
Contact
TeamLogic Systems Ltd
Ian Young
Telephone: 0151 342 4490
Email: enquiries@gedap.co.uk
Service scope
- Software add-on or extension
- Yes, but can also be used as a standalone service
- What software services is the service an extension to
-
KISS is network agnostic and can be used with most processors used in an IoT. It secures an installation, whether it encompasses devices from one or more suppliers, to provide authentication and encryption (PKI) but with minimal administration and significant savings in running cost.
KISS can reduce bandwidth - Cloud deployment model
-
- Public cloud
- Private cloud
- Community cloud
- Hybrid cloud
- Service constraints
- Conventionally the service would be hosted on a UKCloud Server providing an appropriate level of availability for the customer's needs. KISS is also applicable to hybrid environments
- System requirements
-
- KeyTalk is not demanding requires entry level server
- Works with existing IAM or inbuilt facility
- Devices require circa 32kb for KeyTalk client
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
As part of the support process GeDaP provides a specific email address to be used. The customer should supply all relevant detail together with a mobile number if possible.
During normal business hours (weekend by prior agreement) GeDaP will respond within 2 hours, - User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- WCAG 2.1 AA or EN 301 549
- Web chat accessibility testing
- Under development
- Onsite support
- Yes, at extra cost
- Support levels
-
Standard support is covered in the basic SaaS cost and is based on a maximum 2 hour response and we will endeavour to provide a solution or workaround within a further 2 hours maximum. If the problem is not resolved it will be escalated to the developers. During the incident support will use the appropriate medium and customers are advised of progress.
On-site support is available by arrangement and is charged on a time and materials basis (see Rate Card) - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
KeyTalk is simple to install and has been designed to create a minimal administration overhead. GeDaP can provide web-based or on site services during the installation process.Full user/administrator documentation is readily available.
Pre-installation consultancy advice and training is readily available at the relevant daily rate. - Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
-
Data accumulated by KeyTalk can be exported in an agreed format for input into the new system.
KeyTalk is designed for security (authentication & encryption) there will therefore not be large quantities of data
As KeyTalk is transparent to end users the extraction would be for the Administrator - End-of-contract process
- The content required together with its format will be determined by your plans at the time. GeDaP will provide the appropriate quotation based on volumes and content required if you decide to migrate the data
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- Yes
- Compatible operating systems
-
- Android
- IOS
- Linux or Unix
- MacOS
- Windows
- Other
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- KeyTalk is written to work with any device connected to an Internet. This covers the range of equipment connected from sensors to mobiles. KeyTalk is security software and transparent to the installation and network agnostic. The only user interface is that of the Administrator. In the IoT environment it is less likely that devices would be mobile based
- Service interface
- Yes
- User support accessibility
- None or don’t know
- Description of service interface
- The KeyTalk technology used is built on LDAP Open Directory service
- Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
- Under development
- API
- Yes
- What users can and can't do using the API
- The api is distributed to authorised users of the IAM and installs on the approved device. Thereafter the application is transparent to the end user
- API documentation
- Yes
- API documentation formats
- API sandbox or test environment
- No
- Customisation available
- No
Scaling
- Independence of resources
- GeDaP works closely with UKCloud, whose resources are highly scalable. the KISS unit is micro-processor based. The KeyTalk element is highly scalable, capable of handling demands in the IoT for over 1,500,000 certificates at any onetime from KISS "Edge" devices
Analytics
- Service usage metrics
- Yes
- Metrics types
- A range of standard reports is provided together with a range of audit reports to help meet the requirements of the EUGDPR. Customised reports can be readily provided and GeDaP are happy to quote based on the standard rates.
- Reporting types
-
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- KISS is a GeDaP product incorporating KeyTalk patented technology
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
- Physical access control, complying with SSAE-16 / ISAE 3402
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- The administrator would define the format and requirements for export of the files (logs)
- Data export formats
-
- CSV
- ODF
- Data import formats
-
- CSV
- ODF
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Bonded fibre optic connections
- Legacy SSL and TLS (under version 1.2)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Legacy SSL and TLS (under version 1.2)
Availability and resilience
- Guaranteed availability
- GeDaP recommends the computing power of UKCloud which provides a guaranteed 99.90% availability for its users
- Approach to resilience
- GeDaP recommends UKCloud Service which is designed for deployment across a number of sites, regions and zones. Each zone is designed to eliminate single points of failure (like power, network & hardware). GeDaP encourages customers to ensure that their solution spans multiple sites, regions or zones to ensure continuity of service even if a failure occurs.
- Outage reporting
-
All outages will be reported via the Software Service Status page and the notifications service within the UKCloud portal. Outages are identified as Planned Maintenance, Emergency Maintenance and platform issues.
In addition the GeDaP Technical Support Manager will contact the designated customer contact.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Username or password
- Other
- Other user authentication
- In the IoT and M2M, authentication becomes difficult, and user names & passwords are not relevant. KeyTalk will authenticate the device with the IAM software in use (LDAP, Radius, Active Directory etc) using a unique device identifier constructed from a number of component IDs which are hashed and salted. KeyTalk uses software generated frequently changed short term certificates (PKI)
- Access restrictions in management interfaces and support channels
- KeyTalk in a M2M/IoT environment has predominantly inanimate users. Access to Management Information is via administrative rights assigned at installation. KeyTalk is concerned with the authentication of devices and securing the "Data in Motion" (encryption)
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Username or password
Audit information for users
- Access to user activity audit information
- You control when users can access audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- You control when users can access audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
Though an SME, GeDaP has its own security policies in place and regularly reviews its capability against both the current Data Protection requirements and EUGDPR.
Customer Data is processed on UKCloud which is dedicated to customer processing and which is regularly assessed against ISO20000, ISO27002, and ISO27018 by LRQA a UKAS certified audit body.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- GeDaP works closely with the developers of KeyTalk who operate a system which tracks changes and which provide the input to GeDaP's own change management records. If sites require, a test bed can be provided allowing a short period of testing and approval prior to the update's incorporation in the production system.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
GeDaP provides their service based on UKCloud Servers which offer a high degree of security.
As KeyTalk is an internal application and sits between the user application and the sensors/devices to verify authentication and encryption it is not an application.
GeDaP is established in Cyber Security and are members of Cyber Exchange - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- GeDaP has a documented approach based on ISO20000 and ISO27001. Any potential incidents identified by staff or customers are monitored controlled and resolved as high priority.
- Incident management type
- Supplier-defined controls
- Incident management approach
- GeDaP has a documented incident management and reporting system based on the requirements of ISO20000 and ISO 27001. Any incident raised from reporting or raised by members of staff are resourced, tracked and resolved.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
-
- Public Services Network (PSN)
- NHS Network (N3)
- Joint Academic Network (JANET)
- Health and Social Care Network (HSCN)
- Other
- Other public sector networks
-
- Those available through UK Cloud
- RLI
Social Value
- Fighting climate change
-
Fighting climate change
Strengthens authentication allowing remote/distance working to reduce carbon footprint and make better use of environmental resources.
Supports secure remote/home working assisting organisations to maximise the benefits of back towork. - Covid-19 recovery
-
Covid-19 recovery
Allows organisations to securely grow in the Global market minimising infection risks
Creates facilities for rapid organisation growth. Facilitates growth regardless of size or location. - Tackling economic inequality
-
Tackling economic inequality
Ensures workforce can appear securely and authenticated regardless of oreigins and background
Provides secure authentication for the workforce which can securely work from their chosen location - Equal opportunity
-
Equal opportunity
Facilitates secure authentication regardless of location or physical well being.
Ensures opportunities for community integration - Wellbeing
-
Wellbeing
Facilitates secure authentication regardless of location or physical well being.
Ensures opportunities for community integration
Pricing
- Price
- £0.40 to £3.30 a device a month
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- GeDaP provide a 30 day "Proof of Concept" to allow customers to evaluate the software against established and agreed criteria. On completion of the POC there would be a review with GeDaP