The DINAMO Pocket HSM is exclusive in Brazil
and enables the management of over 200 GlobalSign digital
certificates
Recently, the CA/B Forum, a voluntary organization of leading
Certification Authorities (CAs) and vendors of Internet browser
software and other applications, related to Code Signing security
standards. The changes imply two main consequences that completely
modify the generation and administration of digital certificates.
The first is the challenge of installing Code Signing certificates
on multiple machines. Previously, it was possible to do so because
the use of Trusted Platform Modules (TPM) was permissible but now
its retrieval is only permitted through a FIPS 140-2 Level
2compliantcryptographic device, token, or Hardware Security Module
(HSM). The second consequence is in relation to the options
available for managing keys due to the change in the size of the
key pair, which was increased from 2048 bits to 3072 bits by the
CA/B Forum.
With this scenario in mind, GlobalSign - a global Certificate
Authority (CA), and leading provider of identity security, digital
signature, and IoT solutions - has joined forces with DINAMO
Networks - a digital security and encryption expert and the main
Brazilian manufacturer of HSMs. The partnership's purpose is to
provide a pioneering solution aimed at an increasingly significant
market bottleneck in the country. The DINAMO Pocket is a mini HSM
that hosts GlobalSign Code Signing, adapted to the current
regulations of the CA/B Forum, and allows secure and flexible
management of up to 200 digital certificates.
"The changes made by the CA/B Forum have provoked reactions in
the Brazilian market, such as the shortage of token supply chain,
since there was no cryptographic device available for keys larger
than 2048 bits in stock, and the intensification of inspections by
the Federal Revenue Service, which made it impossible to import
this equipment. The idea is to provide developers with a viable
alternative, produced in Brazil and compliant with international
security standards, so that they can continue to sign their code,
following the determinations of the CA/B Forum and enabling
Brazilian software to be recognized upon installation," explains
Luiza Dias, CEO of GMO GlobalSign Brazil.
"We have observed that all of our clients already use Code
Signing, and many of them have shown interest in using HSMs.
However, they argue that the investment in traditional HSMs reaches
values above R$ 100,000. Large organizations have budgets
allocated for technology, but this is not always the case for
smaller companies. The DINAMO Pocket solution represents
significant savings in this regard and adds to our range of offered
products," emphasizes Marcelo Buz, Director of ID and Electronic
Signature at DINAMO Networks.
The director adds that GlobalSign Code Signing can also be
stored in the cloud.
"We have noticed that there are two types of personas among the
consumers of Code Signing certificates: the internal software
house, which creates its own applications, and the software house
that creates solutions for third parties. Probably what will
determine the choice between cloud and DINAMO Pocket will be this
consumer profile," said Buz. He also points out that other factors
may be considered, such as the renewal time of the certificates -
whose validity is from one to three years.
Product and Partnership
The DINAMO Pocket is a device that stores GlobalSign Code
Signing products. Together, they allow multiple developers to share
access to the same digital certificate, ensuring governance and
access traceability. Code Signing certificates use unique
encryption to link the manufacturer's identity to the software,
which increases credibility in the installation process, guarantees
the legitimacy of the software, and ensures that the code has not
been tampered with. Dinamo Pocket’s advantage is its compact size.
It has the dimensions of a TV modem, which makes it easy to
accommodate.
"Combining the security of GlobalSign digital certificates with
the convenience of our HSM is the ideal formula for developers to
reinforce the protection and reliability of their products. DINAMO
Networks is very confident with this partnership because our
technology is already approved and used in major projects in
Brazil," emphasizes Marco Zanini, CEO of DINAMO Networks.
Market estimates indicate that around 7 million Code Signing
certificates are issued worldwide annually. Latin America
represents 10% of this market, with Brazil being the main issuer in
the region. "We believe that the DINAMO Pocket will have a very
positive reception among developers. In the short term, we estimate
that at least 2% of the Brazilian Code Signing market will already
be using it - and this will only be the beginning. “We are
extremely motivated and envision significant steps to be taken,
nationally and internationally, by forming this partnership with a
company the size of GMO GlobalSign Brazil," highlights Zanini.
Dias added: "We are very pleased with the partnership, after
all, we always seek technological allies attuned to market needs.
The partnership also shows that we, as a Certificate Authority, can
work together with other companies so that the end customer is not
penalized by regulatory changes. I am confident in saying that,
when it comes to the DINAMO Pocket, there are no other similar
solutions in terms of cost-effectiveness in circulation, and that
it represents an important step.”
ABOUT DINAMO Networks
DINAMO Networks is a specialist in digital security and
cryptography. It has the largest library of high-level APIs and has
been involved in key security projects in the country, such as:
Pilot of DREX (Digital Real), Data Anonymization for compliance
with the General Data Protection Law (LGPD), signing and processing
of PIX, Brazilian Payment System (SPB), Card Processing, Electronic
Patient Record (PEP) signing, Internet Tax Return (IR), Electronic
Invoice, among many others. It manufactures different models of
security appliances, or Hardware Security Modules (HSMs), all with
international FIPS 140-2 certification, level 3, used by major
Brazilian banks, including the Central Bank of Brazil (especially
for PIX encryption), and by companies from various sectors either
On-Premise or in the Cloud. Recently, it launched the first
pay-per-use encryption solutions platform available in the global
market, DINAMO SuperCloud. To learn more, visit:
https://www.dinamonetworks.com/.
About GMO GlobalSign
As one of the world’s most deeply-rooted certificate
authorities, GMO GlobalSign is the leading provider of trusted
identity and security solutions enabling businesses, large
enterprises, cloud-based service providers, and IoT innovators
worldwide to conduct secure online communications, manage millions
of verified digital identities and automate authentication and
encryption. Its high-scale Public Key Infrastructure (PKI) and
identity solutions support billions of services, devices, people,
and things comprising the IoT. GMO GlobalSign is a subsidiary of
GMO GlobalSign Holdings K.K., a member of the Japan-based GMO
Internet Group, and has offices in the Americas, Europe and Asia.
For more information, visit https://www.globalsign.com.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20240723191070/en/
MEDIA RELATIONS CONTACTS
GLOBAL Amy Krigman Director of Public Relations, West
Region E-mail: amy.krigman@globalsign.com
BRASIL
MGBCOMM CONTACTS
Ludmila Vianez Senior PR Phone: +55 71 99137-2184
Email: ludmila@mgbcomm.com
Roberta Sena Senior PR Phone: +55 11 98435-6712
Email: comunicacao@mgbcomm.com
Mariana Guedes Director Phone: +55 11 99896-5313
Email: mariana@mgbcomm.com