Tomi Liias, Head of European Sales, Tosibox Oy
TOSIBOX® provides an easy and fast way of creating operational networks without extensive IT skills. You can set up the solution in the same time it takes to enjoy a cup of coffee and easily manage the ecosystem yourself. Watch this short video to learn how easy it is to establish a point-to-point VPN connection between you and your device.
To establish a remote connection, you need just one TOSIBOX® Lock and one TOSIBOX® Key. The Lock is the endpoint for secure TOSIBOX® connectivity to various devices such as PLCs, HMIs, IPCs and controllers. It can be a hardware-based router device with firewall, or a software-based solution that can be integrated inside another device. The Key is the user’s tool to access the network. It can be a hardware dongle that is inserted into the USB port of a computer, or a virtual client running on the user’s computer or even a mobile client for a mobile device. And the user, of course, can be you, your employee or a third-party user, who you can grant limited access and remove it once the need for it goes away.
To ensure maximum security, the solution utilizes two-factor authentication (2FA). This means means there are two different things required from you in order to authenticate and get access: Something you have, i.e. the physical TOSIBOX® Key, and something you know, i.e. your password.
The trust relationship between a TOSIBOX® Lock and Key is based on physical matching. This unique process matches together, cryptographically, the physical TOSIBOX® devices.
To get started, first make sure the Lock is powered on and connected to the internet. You can use any connection method from any operator. You won’t need any special services for the subscription, such as a fixed IP address or open ports. You can also always take advantage of a local subscription, instead of expensive roaming subscriptions.
Next, just insert the Key into the Lock’s USB port for matching. During this process the devices exchange their security certificates and public keys, creating a trust relationship that is the basis for all communication happening afterwards.
After matching, the Key becomes the Master Key. This means the Master Key user is the admin of the TOSIBOX® network and can add and remove access rights to Locks from sub Key users. You can also use the same Master Key to match as many more Locks as you want.
After matching, the Lock and Key register themselves to the distributed TOSIBOX® MatchMaker service – the heart of TOSIBOX® connectivity. It helps users find the Locks that their Key has access to, no matter where the Lock or the user are located. The MatchMaker background service provides a global relay network that helps to establish the connection. The connection between the TOSIBOX® MatchMaker and TOSIBOX® devices is encrypted using TLS and mutually authenticated using certificates and PKI.
To create the VPN connection, just insert the Key to your computer’s USB port. Install the TOSIBOX® Key client from the device’s flash drive and sign in. Alternatively, you can download the client software from our website.
The matched Lock will appear in the listing – rename it something sensible and it’s ready for use! You can connect with just one mouse click.
After that, the Key requests a connection to the Lock. The VPN tunnel is mutually authenticated using certificates and PKI. The VPN tunnel is established directly between the TOSIBOX® devices. The connection is end-to-end encrypted. Encryption and decryption take place at the connection endpoints (devices). Nobody – not even Tosibox Oy – can decrypt the data in between!
Thanks to the patented connection method, the connection can be established even if both parties are behind firewalls or NATs. This means there are no services in TOSIBOX® devices that would be all the time listening or exposed to the Internet.
”The way we used to do it was just painful. Then we went to Tosibox. You plug in the Key, click, click, and BANG. You are connected.”
AJ Egli, IT Network Admin, Leitner-Poma of America
Hear it from our customers: The leading ski lift manufacturer Leitner-Poma of America standardizes on TOSIBOX® connectivity to secure global network of transportation systems, maintaining over 99% uptime. Read more from the case study >
If you’re still wondering, yes! It is perfectly safe to install a TOSIBOX® Lock into an existing company or factory network. In addition to making our products secure, we have put a lot of effort on making them easy to use. With fewer things for users to remember and worry about, TOSIBOX® products are practically impossible to misconfigure. We believe simplicity is an excellent design principle also for security.
TOSIBOX® allows you to remotely access the selected devices within the network with fully secure connections. The Lock accepts remote connections only from the authorized TOSIBOX® devices (Keys, SoftKeys or Mobile Clients) and all information that is transferred over the Internet is strongly encrypted.
TOSIBOX® products have no backdoors and Tosibox Oy does not retain any private keys or passwords for the products. Our technical support can access the Lock only after the user has explicitly turned on the remote support feature.
In our products we are using industry standard and proven technologies such as the RSA cryptosystem, AES encryption, Diffie–Hellman key exchange and TLS sessions.