HS.TOTHEM is an innovative and secure reference technology for Web applications for single-sign-on and complex access control policies, including user’s settings of the level and type of authentication to access critical resources. This digital signature and authentication system can be very easily incorporated into existing solutions, allowing to maintain existing implementations of the various Information Systems installed at institutions. Allows single or combination factors (factor 2 or factor 3) the following authentication methods: Login / Password; Smartcard (Citizen Card and Professional Order Cards, such as the Order of Physicians Card); X509 certificates; USB tokens (such as yubikeys, U2F tokens); NFC Cards (Mifare) and QR Codes.

HS.TOTHEM aims to enable health institutions with a system that allows:

Configuration of the list of systems, services and other options available per user;

Authentication of users on different systems by providing different authentication methods:

Login / password
- This usage pair is set during each user’s registration process.
Smartcard (Citizen Card / Order Card):
- Cardholder recognition and confirmation via authentication pin code.
X509 Certificates:
- Holder recognition through an X509 certificate and a certificate pin code.
Moving keys – Yubikeys and TokensU2F:
- Use of cryptographic mechanisms that provide access to the system;
- You only need to insert the key into a USB port and touch it to comply with the secure authentication protocol.
QR-Code:
- Reading via smartphone.

RESULTS / BENEFITS

The implementation of this authentication management and control system besides to fulfill the technical obligations of GDPR, information security and information services also aims to fulfill the following macro objectives:

Mitigate the risks of using weak methods for users to authenticate systems, such as passwords, which are simple and easily decipherable

Ensure the correct creation of authentication logs performed on the integrated information systems

Login / password
- This usage pair is set during each user’s registration process.
Smartcard (Citizen Card / Order Card):
- Cardholder recognition and confirmation via authentication pin code.
X509 Certificates:
- Holder recognition through an X509 certificate and a certificate pin code.
Moving keys – Yubikeys and TokensU2F:
- Use of cryptographic mechanisms that provide access to the system;
- You only need to insert the key into a USB port and touch it to comply with the secure authentication protocol.
QR-Code:
- Reading via smartphone.

Support for the definition of information systems security policies

Diagnosis of authentication mechanisms in use

Secure user authentication through web portals and/or others

Identity validation of each authenticating user

Correct availability of authentication logs

TECNOLOGY

HS.TOTHEM has been developed with innovative Technology thus ensuring compatibility with various protocols (ex. OpenID Connect, SAML, LDAP), high service availability and high performance.

OpenID Connect

SAML

LDAP

ARCHITECTURE

HS.TOTHEM authentication portal enables users, profiles, authorizations and authentications to be managed. It consists of a Tomcat application server and a MySQL database. It contains an integrated HTTP / HTTPS proxy that controls all access to REST applications. HS.TOTHEM authentication portal is installed on a machine running CentOS 7 operating system and its components can be managed using the Systemclt tool that manages the services in Linux distribution.