The KeyOne download area contains documentation and videos to know more about our KeyOne product family. The contents of that area is subject to previous registration.
KeyOne Validation Authority
More information:
Product Sheet
KeyOne VA is suitable for critical processes of electronic signature validation since it provides evidential value and greater efficiency in the verification of the status of the digital certificates (in contrast to the conventional mechanism which are based in revocation lists). KeyOne VA is designed to:
- Provide reliable information on the status of a digital certificate
- Facilitate integration with corporate information systems
- Reduce installation and maintenance costs
- Maximum security
KeyOne products support defining the roles and events required to operate in compliance with the Security Requirements for Trustworthy Systems Managing Certificates for Electronic Signatures (CWA14167-1). KeyOne VA supports the roles of security operator, system administrator and system auditor. - Reliability and control
The event system guarantees the integrity of the registered data and that no information is lost. This is possible thanks to an emergency mechanism that is activated when connection to the database is lost. KeyOne also supports selecting automatic events (which are assigned different levels of severity) and defining manual events (for registering actions that occur outside the application). - Efficiency for large infrastructures
KeyOne VA facilitates managing large volumes of certificates via the KeyOne CertStatus Server publication service. As certificate status updating is optimized, the response efficiency is guaranteed. KeyOne VA supports high availability and scalable architectures. - Easy to integrate and accounting
KeyOne VA includes an interpreted programming language to define the interaction with information systems. It is possible to customize the system, incorporate new functions, connect to access-control systems and access internal information systems (to complement the information generated).
The main functions of KeyOne Validation Authority are to:
- Store information on the status of the certificates generated by one or more Certification Authorities. The status of a digital certificate is updated by downloading the revocation lists or the information provided by Certification Authorities (CA) that have the KeyOne publication service (KeyOne CertStatus Server) installed. In both cases, updating is performed remotely.
- Receive user or service-provider requests on the status of the digital certificates used in the signing of electronic transactions.
- Guarantee the non-repudiation of the responses. These responses are digitally-signed by the Validation Authority and specify the date and status (valid, revoked, cancelled or unknown) of a certificate.
- Generate event logs so operators can monitor the system status, its security and to what extent the corporate specifications are being met.
- Customize the system to tailor response delivery and content to the identity of the requester.
The following figure illustrates the general architecture of KeyOne VA and how it interacts with network components (applications or users) under the IETF OCSP standard.
Depending on the configuration of the certificate status update system, KeyOne Validation Authority connects regularly to a Certification Authorityor an LDAP directory.
- If it connects to a CA, the information on the status of the digital certificates comes from the KeyOne Certification Authority databases (which are accessed via the CertStatus service and the Safelayer's NDCCP protocol).
- If it connects to an LDAP directory, the CRL published in the directory (or in a Web server not shown in the figure) is downloaded.
KeyOne VA can operate with a HSM (network or internal) and requires access to a database and a network time source (not shown in the figure).
