Context

Our society is highly reliant on information technologies. Industrial production, financial flow, commercial exchanges and even the security of citizens depend more and more on information technologies. All these systems are vulnerable to sabotage.

Terrorism, economic fraud and organized crime have information technologies sabotage as a common target. Whatever the form and origin of the sabotage, it presents a continuous and serious risk to public institutions as well as companies and individuals.

Most security systems are based on a perimeter protection (firewalls, intrusion detection system...). Depending on the circumstance the security perimeter can be the one of a company, a group, an information system, or simply a personal computer. Perimeter protection, while being globally useful, does not bring any protection against certain types of attacks. With the connection of IT systems to networks, the out sourcing of services, or even internal reorganization, it has become extremely complex to define and secure the perimeter. Perimeter security solutions are a partially inaccurate vision of security, believing that a threat necessarily comes from the outside. Today, threats have become extremely diversified (indiscreet co-workers, Trojans, operating systems...). For the Board, the operator, or the manager of a site, infrastructure or activity, the danger can come from both the inside and the outside of the perimeter being managed.

The extended Internet study from Forrester estimates at 14 billion the pieces of equipment that will be connected to the Internet by 2012. By that time computers will only represent 5% of the connected systems. The vulnerabilities wrought by this massive systems interconnection will result in major security demands.

Protection of IT systems against sabotage, a Universal application

Validy SoftNaos, a universal application

1. brings a decisive answer to the fight against IT sabotage and is the result of a truly new approach of IT system protection.
2. is a generic solution and is characterized by its universal range of application. It not only applies to IT but more generally to any application, system and device that has a micro-controller.
3. defends the integrity of software applications during their execution (thanks to its “detection and coercion” component), including systems in which the operator cannot have a complete confidence.
4. is of relevance to the equipment and software pool of million of machines and systems that are distributed worldwide for the management and control of the thousand of sensitive activities for which it is vital to guarantee reliable and risk free use to the general public, users, personnel and operators.
5. is a new method of protection in complete break with the current state of the art.

Numerous application areas:

1. Civil security,
2. home automation,
3. personal security,
4. goods security,
5. banking transactions,
6. physical and chemical containment,
7. telecoms,
8. water,
9. energy,
10. radioprotection,
11. waste treatment,
12. biotechnology,
13. chemistry,
14. health,
15. aerospace,
16. air control,
17. industries, etc.

Validy SoftNaos is therefore capable of protecting a cellphone, the software embedded in a car, railroad infrastructure, banking...

Validy SoftNaos is ideal for protecting embedded or buried systems.

Validy SoftNaos blocks the execution of a protected software in the absence of the secure token. This means a pirate trying to corrupt the system integrity doesn't have access to an operational copy of the system and is unable to try out different attacks which could then be used to corrupt the original and working version of the system. Therefore the only option is to try to corrupt the original version, which is immediately detected by Validy SoftNaos.

Depending on the system application you can choose a suitable microprocessor form: USB key, built in component, SD Card, Micro SD Card, Sim Card or Smart Card.

The detection of a modification made by a pirate in the software can trigger different kinds of retaliatory action, immediate or delayed, and graduated according to the requirements of the operator: dissuasion message for the pirate, warning message for the operator, interruption of the software for a varied amount of time depending on the frequency of attack (aimed at countering brute force attacks, for example with an exponential timescale).

1. suppression of certain functionalities in the software
2. system halt
3. the system is placed in a stable and non dangerous state awaiting human intervention.
4. switching of the functionality of a security software
5. self destruction of the software

With Validy SoftNaos for Java you can protect your system starting from now by recompiling the program it uses.

Validy SoftNaos is not a DRM (Digital Rights Management) system nor a checksum integrity check of the system.