Biometric Verification with HSMs

Biometric recognition is a booming technology with many applications under development and beginning to reach the end user. Biometrics is, for instance, a promising alternative to current methods of authentication and access control, replacing the traditional username and password credentials for some unique user biometric information such as fingerprints or iris .

The biometric data of a person are therefore becoming extremely sensitive information.

Biometric technology can already be see on mobile devices to authenticate the user . This is a local setting in which biometric data remains under the control of the user, but there are many other scenarios where the user must authenticate to non-secure environments, like cloud.

In a scenario of biometric verification in the cloud, such as access to a web service by fingerprint scanning, data should be granted the highest level of privacy. Criptonube technology offers this possibility, performing the biometric verification algorithm inside the Secure Hardware Modules in the Cryptonodes installed in the cloud environment.

Biometric information is encrypted on the client side before being sent to the cloud and is compared with the encrypted biometric information stored in the database server. Only once in the Hardware Secure Module (HSM), decryption, and verification takes place. Criptonube guarantees that the verification has been performed in a secure environment, inaccessible to the cloud provider or any other attacker.

Use case Biometry


The economic contribution of Cloud Computing and the confidence, according to Microsoft

We have seen that a Safe Cloud is an asset that improves the business performance of organizations and companies, but an aspect which little has been said so far is the potential to assist the economic development of countries. From this point of view, trust becomes a vital element. Microsoft has recently published a paper in wich it develops this issue.

Regulations and laws try to protect the user of the Cloud, but technological tools that allow complete trust in cloud storage services are necessary as well. SCAPE may play an important role in this regard, as it has developed effective and preventive solutions from a technological point of view.




“Secure” storage in the Cloud? Not so fast…

A recent study by researcher at Johns Hopkins University questions how safe are the tactics of “zero knowledge” undertaken by some providers of Cloud storage


The study identifies serious weaknesses in the security and confidentiality of data stored in alleged “safe” clouds . According to the study , users should investigate in detail how suppliers manage their data. The cloud providers analyzed by researchers (Spider Oak, Wuala and Tresorit) typically use a method where data is encrypted when stored in the cloud and is only decrypted when the user downloads it from the cloud.

But the service providers might watch the contents of the documents if the data is shared with other user of the storage service. Usually these providers have an intermediary service that verifies the user before providing the keys to encrypt data. Researchers have found that suppliers can sometimes provide their own verification. This represents an opportunity for providers to offer false credentials that would decode the data using a very similar precedure to the attack known as “man in the middle”.

Fortunately, there are no news about commited data so far, but the possibility has been discovered and vulnerability is much greater than thought in this alleged “safe” services.

SCAPE Solutions could be of help in guaranteeing the data management is made in a safe way keeping the data encrypted at all times, avoiding sensitive data leakages and supressing those aforementioned weaknesses of “secure” cloud storage services.


SOURCES:, Original Johns Hopkins U Study,, JHU


Credit card details from million users recently stolen


Credit card details (names, credit card and social security numbers) from almost half of all South Koreans have been stolen and sold to marketing firms. The data was stolen by a computer contractor working for a company called the Korea Credit Bureau that produces credit scores.

Last december another crime was committed against Target US retail. The company says up to 70 million customers had payment card and personal data stolen from the company’s databases. These data includes card numbers, names, postal addresses, phone numbers and email addresses.

This kind of cyber-crime could be avoided or minimized applying strict security policies, saving millions of dollars in indemnifications to the companies. Solutions provided by SCAPE could be of help in guaranteeing the data management is made in a safe way, avoiding sensitive data leakages.


Looking for a Guardian for the Cloud

Sin título-2

For the average citizen, the problem is not who spies on him or her, but to whom he or she is voluntarily transfering private data. There are doubts about how this private information should be managed and by whom.

El País, 14 – 11 – 2013

Criptonube, CloudSEEP and SafeGDocs provide solutions for automatic privacy protection, so that the data can be effectively managed and processed without transfer the actual clear-text data. This implies a full privacy protection.

Read more at (in Spanish):


Google Transparency Report Reveals Dramatic Rise in User Data Requests

google_chartsEverything changed when news of the U.S. government’s PRISM spying program came to light. In an instant, we went from assuming our dealings online were mostly kept private (or as private as we wanted them to be) to knowing that virtually nothing is out of bounds, not even instant messaging conversations.

MaximumPC, 11/14/2013

CloudSEEP, Criptonube and SafeGDocs provide effective solutions to fill this gap and fully protect sensitive data, accounting for user privacy needs and enabling secure Cloud services.

Read more at:


Snowden’s legacy: The open web could soon be encrypted by default


Privacy in the open web is becoming a must. Encryption is the way to go to protect data in the Cloud, and the mayor standards organizations are shifting towards this view. CloudSEEP, Criptonube and SafeGDocs go one step further and enable fully secure and private web services in the Cloud.

Following recent discussions between the big browser makers, standards-setters and other industry folks, the World Wide Web Consortium’s (W3C) HTTP Working Group announced on Wednesday that the upcoming second version of the HTTP protocol will only work with secure “https” web addresses.

Read more at (article by David Meyer):


US data storage providers facing lack of trust from its clients

Francisco Ginel, director marketing of security products and services at Telefonica Digital, explains there is a big distrust towards the United States and many look for securing their data. The Snowden case is having not just political but also economics consequences for the IT companies under the American laws, mainly due to the power granted to the secret services of this country.


The Cloud Security Alliance pointed out in a recent survey from July –made to 207 companies from outside the U.S.– that more of the 56% of the companies were reticent to use services providers from that country. Moreover, a 10% of them even also cancelled projects related with it. These reservations are not only extensible to the private sector, but also some countries like Sweden or Brazil have already started taking measures to stop using their cloud services.

Some foresights predict that if there are no changes in the current legislation, many business opportunities could be lost until 2016 for a value of 25.6 billion euros. However, until the moment none of the big companies involved (Google, Yahoo…) have recognized a loss of clients.

Snowden case has caused great lessening of trust of the U.S. data storage providers, encouraging EU companies to move their data to another countries. Solutions offered by SCAPE, with CloudSEEP or Criptonube will help in keeping data safe and accessible even during its processing in untrusted environments, such as the ones based on cloud services.

Source (in Spanish): El País