Buypass Access

Product description - Buypass Access Solution

Buypass Access Solution is a solution to manage efficient and secure access to a company's internal and external services that require electronic ID for identification, signing and encryption. Employees can use a smartcard or a mobile for secure access from both stationary and mobile devices.

Local issuance and access to both public services and local resources

The solution includes its own administrative interface for local issuance of electronic IDs (eIDs) at different security levels and connected to different devices - both smartcards and mobile devices. A smartcard can include physical access control on the same card.

The solution supports the use of smartcards with your own certificates for accessing networks and other local services, as well as Buypass Qualified Certificates (eIDAS level High) for message encryption and access to a variety of local and public services. In addition, you can issue eID that can be accessed from a mobile or tablet. ID@Work, which is the name of the eID, is centrally stored PKI, also with certificates at eIDAS level High.

Buypass ID@Work - on mobile

Buypass id@work app
Easy mobile access with Buypass ID@Work.

Buypass Access Solution supports the issuance of Buypass Qualified Certificates for mobile devices - mobile phones or tablets. ID@Work is a centrally stored PKI where the certificates and the private keys are stored at Buypass in such a way that only the "rightful owner of the key" has access to the keys (HSM), ie the individual employee. The employee must authorize access to his private key by authenticating himself with an authenticator that provides strong authentication, ie two-factor authentication. This is where the mobile devices come in - an employee's centrally stored PKI is linked to his eID in a Buypass ID app downloaded and activated on mobile devices such as mobile phones or tablets.

Who is the solution for?

Buypass Access Solution is suitable for companies who wish to issue certificates themselves or through third parties.

  • Certificates in smartcards in combination with visualization (image and signature) and physical access control (magnetic stripe / RFID / barcode).
  • Centrally stored certificates in combination with mobile devices that give employees extended use where smartcards are not as accessible.

The solution supports Windows and Mac OS. The client is also built into thin clients from Dell (ThinOS) and Igel (IGELOS).

Buypass ID mobile APP is available on iOS and Android via the Apple Store and Google Play.

Components

  • Buypass Access Manager - Local Registration Authority (LRA). 
System for issuing and managing both Local Certificates from local Microsoft CA and Qualified Certificates (PKI eIDAS level High) from Buypass CA
  • Buypass Smart Card – A card with a chip that can contain both types of certificates in addition to physical features such as magnetic stripe and RFID
  • Buypass ID mobile app is used for identification with Buypass ID@Work. The centrally stored eID is issued in BAM
  • Buypass Selfservice solution for issuing activation code for ID@Work and administration of PIN for mobile APP
  • Buypass Access Enterprise – Client software for installation on individual PCs or terminal server. The software communicates with programs that will have access to the certificates on the smart card
Buypass smart card

User areas

  • Secure login to corporate IT systems and internal workplace resources (MS Smartcard logon / terminal server)
  • Secure login to corporate IT systems and internal resources from a remote workplace (VPN)
  • Single Sign On (SSO)
  • Digital signature and encryption in professional systems with Qualified Certificates (Buypass Qualified Certificates)
  • Digital signature and encryption of documents and email (Microsoft Outlook) with Qualified Certificates
  • Identification, digital signature and encryption with Qualified Certificates in third-party software
  • Access to public services with Qualified Certificates

Qualified Certificates - PKI (eIDAS LoA High)

The EU regulation on eiD and access services (EU Regulation No 910/2014 - eIDAS) has been implemented in Norwegian law through the EEA Agreement. The Act on Electronic Trust Services (Lov om elektroniske tillitstjenester) was implemented 15 June 2018 and the Self-Declaration Regulation (Selvdeklarasjonsforskriften) on 21 November 2019 with effect from 21 May 2020.

Buypass is registered with the Norwegian National Communications Authority (Nkom) as the issuer of qualified certificates in accordance with the Act on Electronic Trust Services. The certificates from Buypass can be used for authentication on public and private services in Norway as eID at eIDAS LoA High in accordance with the Self-Declaration Regulations.

Buypass is also certified according to the ETSI standard that is central to eIDAS.

Buypass works according to national and international standards to deliver best practice in the field. Buypass Qualified Certificates are in accordance with "SEID - Recommended Certificate Profiles for Person Certificates and Business Certificates, Version 1.02". Buypass Qualified Certificates are issued by Buypass Class 3 CA 3.

In the EU regulation, mentioned above, server-based signing is specifically mentioned as something that can contribute to greater prevalence and use of eSignature in Europe, not least in connection with a steady increase in the use of mobile devices such as smartphones, tablets etc.

In this context, there is already a new CEN standard that defines security requirements for systems that support server signing [TS419241]. This standard focuses on the signing function and in a Buypass context the use of centrally stored PKI as a method for generating advanced electronic signatures (AdES) based on qualified certificates (QC).

Buypass RA – Delegation of responsibility

Companies that use Buypass Qualified Certificates must enter into an agreement with Buypass, in which Buypass delegates the authority to issue and manage qualified certificates on behalf of Buypass. The company is registered as a Buypass RA (Registration Authority). The company accepts Buypass's requirements and guidelines for issuing qualified certificates. In this regard, the company designates a number of persons (minimum 2 persons) as the RA-ADMIN (Registration Authority Administrator). RA-ADMIN has the right to delegate responsibility internally.

Responsibilities and obligations for stakeholders / personnel are described in the Certificate Policy (CP) for the Buypass Class 3 CA 3 Certificates and Certification Practice Statement (CPS). These are found in our CA documentation for Personal Certified Certificate.

Users of the solution

Only authorized Operators can log on and operate the Buypass Access Manager, the BAM client. Operators is the common name for the roles RA-ADMIN and Operator. Both roles are responsible for issuing and managing certificates to users associated with the company.