TeamLogic Systems Ltd

GeDaP KISS (KeyTalk IoT Secured Sensors)

KISS strengthens the security of Edge Devices on a network, automating the creation and exchange of short-lived digital certificates at frequent intervals. With its automatic authentication (device identity) and robust encryption KeyTalk provides the security of PKI without the bureaucracy. Highly scalable objects can be readily connected and secured .

Features

  • Protects against Man-in-the-Middle, Brute-Force & Phishing
  • Creates unique hardware device signature replacing 2FA
  • Unifies authentication into a single standard based on internal IAM
  • Push/Pull capability designed for "Things" not "clients"
  • Encryption key length 512-4096bit RSA or <512bit ECC
  • Based on short-lived digital signatures combined with Trusted Device recognitio
  • Patented on-demand technology automates client certificate distribution
  • Automated certificate Life-Cycle Management
  • Support for SSH SCEP CMPv2 EST
  • Key length configurable for short periods

Benefits

  • Protects end-user IoT and M2M devices from Cyber Attacks
  • Device hardware components used to create unique signature for authentication
  • Short-lived digital certificates ensure data integrity
  • Confidentiality of Data-in-Motion ensured by high-level encryption
  • Sensor tests ensure accuracy and reliability optimising support
  • Secure (PKI) protects even simple unintelligent sensors
  • Automated certificate distribution reduces administration costs
  • Ease of integration with multiple network infrastructures
  • Automated certificate distribution reduces administration costs
  • No requirement for Certificate Revocation lists

Pricing

£0.40 to £3.30 a device a month

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@gedap.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

2 2 0 0 0 7 4 9 5 3 4 4 9 4 6

Contact

TeamLogic Systems Ltd Ian Young
Telephone: 0151 342 4490
Email: enquiries@gedap.co.uk

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
KISS is network agnostic and can be used with most processors used in an IoT. It secures an installation, whether it encompasses devices from one or more suppliers, to provide authentication and encryption (PKI) but with minimal administration and significant savings in running cost.
KISS can reduce bandwidth
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints
Conventionally the service would be hosted on a UKCloud Server providing an appropriate level of availability for the customer's needs. KISS is also applicable to hybrid environments
System requirements
  • KeyTalk is not demanding requires entry level server
  • Works with existing IAM or inbuilt facility
  • Devices require circa 32kb for KeyTalk client

User support

Email or online ticketing support
Email or online ticketing
Support response times
As part of the support process GeDaP provides a specific email address to be used. The customer should supply all relevant detail together with a mobile number if possible.
During normal business hours (weekend by prior agreement) GeDaP will respond within 2 hours,
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
Under development
Onsite support
Yes, at extra cost
Support levels
Standard support is covered in the basic SaaS cost and is based on a maximum 2 hour response and we will endeavour to provide a solution or workaround within a further 2 hours maximum. If the problem is not resolved it will be escalated to the developers. During the incident support will use the appropriate medium and customers are advised of progress.
On-site support is available by arrangement and is charged on a time and materials basis (see Rate Card)
Support available to third parties
Yes

Onboarding and offboarding

Getting started
KeyTalk is simple to install and has been designed to create a minimal administration overhead. GeDaP can provide web-based or on site services during the installation process.Full user/administrator documentation is readily available.
Pre-installation consultancy advice and training is readily available at the relevant daily rate.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Data accumulated by KeyTalk can be exported in an agreed format for input into the new system.
KeyTalk is designed for security (authentication & encryption) there will therefore not be large quantities of data
As KeyTalk is transparent to end users the extraction would be for the Administrator
End-of-contract process
The content required together with its format will be determined by your plans at the time. GeDaP will provide the appropriate quotation based on volumes and content required if you decide to migrate the data

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Other
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
KeyTalk is written to work with any device connected to an Internet. This covers the range of equipment connected from sensors to mobiles. KeyTalk is security software and transparent to the installation and network agnostic. The only user interface is that of the Administrator. In the IoT environment it is less likely that devices would be mobile based
Service interface
Yes
Description of service interface
The KeyTalk technology used is built on LDAP Open Directory service
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
Under development
API
Yes
What users can and can't do using the API
The api is distributed to authorised users of the IAM and installs on the approved device. Thereafter the application is transparent to the end user
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
No
Customisation available
No

Scaling

Independence of resources
GeDaP works closely with UKCloud, whose resources are highly scalable. the KISS unit is micro-processor based. The KeyTalk element is highly scalable, capable of handling demands in the IoT for over 1,500,000 certificates at any onetime from KISS "Edge" devices

Analytics

Service usage metrics
Yes
Metrics types
A range of standard reports is provided together with a range of audit reports to help meet the requirements of the EUGDPR. Customised reports can be readily provided and GeDaP are happy to quote based on the standard rates.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
KISS is a GeDaP product incorporating KeyTalk patented technology

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
The administrator would define the format and requirements for export of the files (logs)
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
GeDaP recommends the computing power of UKCloud which provides a guaranteed 99.90% availability for its users
Approach to resilience
GeDaP recommends UKCloud Service which is designed for deployment across a number of sites, regions and zones. Each zone is designed to eliminate single points of failure (like power, network & hardware). GeDaP encourages customers to ensure that their solution spans multiple sites, regions or zones to ensure continuity of service even if a failure occurs.
Outage reporting
All outages will be reported via the Software Service Status page and the notifications service within the UKCloud portal. Outages are identified as Planned Maintenance, Emergency Maintenance and platform issues.
In addition the GeDaP Technical Support Manager will contact the designated customer contact.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
Other user authentication
In the IoT and M2M, authentication becomes difficult, and user names & passwords are not relevant. KeyTalk will authenticate the device with the IAM software in use (LDAP, Radius, Active Directory etc) using a unique device identifier constructed from a number of component IDs which are hashed and salted. KeyTalk uses software generated frequently changed short term certificates (PKI)
Access restrictions in management interfaces and support channels
KeyTalk in a M2M/IoT environment has predominantly inanimate users. Access to Management Information is via administrative rights assigned at installation. KeyTalk is concerned with the authentication of devices and securing the "Data in Motion" (encryption)
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Access to user activity audit information
You control when users can access audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
You control when users can access audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Though an SME, GeDaP has its own security policies in place and regularly reviews its capability against both the current Data Protection requirements and EUGDPR.
Customer Data is processed on UKCloud which is dedicated to customer processing and which is regularly assessed against ISO20000, ISO27002, and ISO27018 by LRQA a UKAS certified audit body.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
GeDaP works closely with the developers of KeyTalk who operate a system which tracks changes and which provide the input to GeDaP's own change management records. If sites require, a test bed can be provided allowing a short period of testing and approval prior to the update's incorporation in the production system.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
GeDaP provides their service based on UKCloud Servers which offer a high degree of security.
As KeyTalk is an internal application and sits between the user application and the sensors/devices to verify authentication and encryption it is not an application.
GeDaP is established in Cyber Security and are members of Cyber Exchange
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
GeDaP has a documented approach based on ISO20000 and ISO27001. Any potential incidents identified by staff or customers are monitored controlled and resolved as high priority.
Incident management type
Supplier-defined controls
Incident management approach
GeDaP has a documented incident management and reporting system based on the requirements of ISO20000 and ISO 27001. Any incident raised from reporting or raised by members of staff are resourced, tracked and resolved.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
Yes
Connected networks
  • Public Services Network (PSN)
  • NHS Network (N3)
  • Joint Academic Network (JANET)
  • Health and Social Care Network (HSCN)
  • Other
Other public sector networks
  • Those available through UK Cloud
  • RLI

Pricing

Price
£0.40 to £3.30 a device a month
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
GeDaP provide a 30 day "Proof of Concept" to allow customers to evaluate the software against established and agreed criteria. On completion of the POC there would be a review with GeDaP

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@gedap.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.