Safelayer Secure Communication announces Common Criteria (CC) EAL4+ (ALC_FLR.2) certification for version 4.0 of its KeyOne product, which meets the functional requirements for the Certificate Issuing and Management Components (CIMC) Security Level 3 Protection Profile of the US Government (NSA).
KeyOne is one of the most complete and tested PKI platforms on the market. It provides components for implementing citizen identification systems (Citizen eID/ePassport), trusted service providers (TSPs) and corporate environments. The platform also provides PKI technology for the emerging mobility and Internet of Things (IoT) environments. This certification makes KeyOne one of the most secure platforms available.
This CC certification covers the following KeyOne components:
- Certification Authority (KeyOne CA): digital certificate generation and revocation system for people (corporate users or citizens) or connected objects (software systems or hardware devices).
- Registration Authority (KeyOne XRA): user registration and digital certificate life-cycle management system through interaction with KeyOne CA.
- CRL Issue Authority (KeyOne CRLA): KeyOne CA component for managing CRLs in high-volume PKIs.
- Validation Authority (KeyOne VA): OCSP validation of certificates from multiple CAs.
- Country Signing Certification Authority (KeyOne CSCA): KeyOne CA component which acts as the root CA of the first-generation eMRTD PKI defined by ICAO. Manages digital certificates.Country Verifying Certification Authority (KeyOne CVCA): root CA of the second-generation eMRTD PKI defined by European Union on the EAC standard.
- Document Verifier (KeyOnve DV): subordinate CA of the second-generation eMRTD PKI defined by European Union on the EAC standard.
Through CC certification, the Certification Body (CNI-CCN) certifies that the technology is secure, which means Safelayer's clients can have the utmost confidence in the company's products. CC EAL4+ certification guarantees an independent and systematic review of the completeness of the product — of both functional specifications and the tests carried out — and the security in the software development procedures. EAL4+ certification is the benchmark adopted by the ICT sector to provide the necessary and sufficient guarantees for quality, reliability and security.