Product/Version

Image

Microsoft Software Protection Platform

View the EuroPriSe-certificate

Cert. No.

DE-080002p

Validity

13/11/2008 until 30/11/2010
expired

Public Report

Microsoft SPP short public report [PDF]

Manufacturer/Provider

Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

BEST

Data minimization and encryption

ATTENTION:

i) The computer’s “machine name” proposed during the installation can contain the user name and might allow an identification of the user when the machine name is transmitted during activation. Users are advised to change the machine name to a non-personal name. Currently, a filter mechanism at Microsoft prevents the storage of transmitted machine names. By January 19th, 2009, an update will be available stopping the transfer of machine names from clients ultimately. 

Addendum: The machine name is not transmitted to Microsoft any more.

ii) The so-called Breach Response Tool is deployed as an important update (KB940510). This mechanism runs once and checks whether client components used for activation are tampered and reports the results to Microsoft. The reporting can only be disabled in Volume Activation scenarios; in OEM and other license scenarios directed to end users telemetry data are sent even if the system is untampered. Only machine related, non-personal data are transmitted (concerning Microsoft). The transmission can be avoided only by suppressing this update and further versions of the Breach Response Tool.
Currently, no link from the delivered BRT update to the according privacy statement is provided. Microsoft will add such a link by December 1st, 2008.

Addendum: Microsoft added a link to the according privacy statement.

Summary

“Microsoft Software Protection Platform” is the name for the summary of the services Activation, Volume License Management and Security Breach Response used for Microsoft’s license management binding hardware components to a license.

Details

"Activation" means the binding of a software installation to a dedicated hardware using hardware and software identifiers stored at Microsoft or in local management tools. The main scenarios are various license types (Single License Activation, Activation by Original Equipment Manufacturer (OEM), Volume License Activation with local management server or management tools), interfaces to Windows Genuine Advantage (WGA) and Breach Response Tool (BRT). These unique identifiers (e.g., hardware checksums, product keys) do not contain neither personal data nor allow Microsoft to identify users. Only major hardware changes require a re-activation. WGA is used to check the activation state and provides a temporary download license when Microsoft is asked to provide specific downloads. BRT is used to check whether system components important for activation are tampered.

The genuine test in general as well as the update mechanism is NOT part of the evaluation (ToE). Only data transmissions between the Software Protection Platform and WGA are part of the target of evaluation.

    Technical Evaluator

    Stephan Di Nunzio
    TÜV Informationstechnik GmbH
    Langemarckstrasse 20
    45141 Essen
    Germany
    S.DiNunzio@tuvit.de

    Legal Evaluator

    Marcus Belke, Attorney at Law
    Oliver Gönner, Attorney at Law
    2B Advice GmbH
    Wilhelmstrasse 40-42
    53111 Bonn
    Germany
    marcus.belke@2b-advice.com

    European Privacy Seal for Microsoft Software Protection Platform

    Image

    Disclaimer:

    This register is kept with the utmost care. However, EuroPriSe does NOT guarantee the accuracy of information found on the Site. Your reliance on information found on the Site is at your own risk. For more information please go to EuroPriSe Terms & Conditions

    © 2008 - 2019 | EuroPriSe GmbH - European Privacy Seal | Handelsregister-Nr. (Commercial Register No.): Bonn HRB 20387

    No responsibility for the accuracy of the information. Contact | Privacy Notice | Imprint

    Product/Version

    REISSWOLF f.i.t.

    v1.5; service function as provided in 05/2018

    Qualification: IT product and IT-based service (processor service)

    View the REISSWOLF f.i.t. certificate

    Version of Certification Criteria

    11/2011

    Cert. No.

    EP-S-X5TSCN

    Validity

    24/05/2018 - 31/05/2020

    Monitoring

    01/2019

    09/2019

    Public Report

    f.i.t. Short Public Report Image Image 

    Manufacturer/Provider

    REISSWOLF Systems GmbH

    Im Heegen 13
    22113 Oststeinbek
    Germany

    BEST

    Access policies can be used to restrict system usage to specific times of the day and/or IP addresses to reduce the attack vector for third-party access. A user session is controlled by means of a cross-tab synchronised session countdown.

    ATTENTION

    Regarding the processing of personal data on third persons by means of f.i.t., it must be highlighted that the (usually) corporate users of the service qualify as controllers whereas REISSWOLF Systems GmbH acts as a processor on behalf of the users. Customers are advised that the legitimate use of the service may require the collection of the data subject's consent and/or declaration of release from confidentiality.

    SUMMARY

    REISSWOLF f. i. t. is a web-based archiving system for data storage and access. It serves the purpose of uploading, storing, managing and exchanging data in the sense of a document management system. f.i.t. is a web application that can be used with common internet browsers. 

    DETAILS

    REISSWOLF f. i. t. is primarily designed for commercial use. It is distributed by REISSWOLF Systems GmbH and operated as Software as a Service (SaaS) in a data center in Germany.

    The ToE includes

    • The web-based service REISSWOLF f.i.t. (for details, please cf. the short public report)

    It does not include

    • REISSWOLF f.i.t. mobile app
    • REISSWOLF f.i.t. hotfolder
    • Office module
    • Teamviewer
    • Other alternative interfaces to clients

    Technical + Legal Evaluator

    Ann-Karina Wrede
    Innungsstraße 7
    21244 Buchholz
    Germany

    Initial Certification: 05/2018

    REISSWOLF f.i.t. provides a web-based service that enables companies to upload, store, manage and exchange data in the sense of a document management system. Users of the service are controllers in respect of personal data on third persons that is processed by means of f.i.t.. The service is designed in a way that facilitates the users' compliance with EU data protection law.

    Image

    Disclaimer:

    This register is kept with the utmost care. However, EuroPriSe does NOT guarantee the accuracy of information found on the Site. Your reliance on information found on the Site is at your own risk.

    Image

    European Privacy Seal for REISSWOLF f.i.t.