KeyOne PKI Platform provides trusted identity credentials for citizen and corporate eIDs.
Based on public key infrastructure (PKI) technology, KeyOne is a proven solution that provides digital certificate management functions with the maximum security and trust. KeyOne includes the following components:
- Certification Authority/Registration Authority (CA/RA) – digital certificate management functions
- Validation Authority (VA) – online certificate status information
- Time Stamping Authority (TSA) - electronic time-stamping services
The solution is scalable with the following components:
- KeyOne eMRTD Platform - PKI components for travel documents (e.g., the ePassport)
- Safelayer Mobile ID - App/SDK for identification systems based on mobile devices
Datasheet
Applications
User desktop applications - enabled PKI certificates for applications
- Web access control (TLS with certificate) and Network (VPN with certificate)
- Authentication with smartcard (Windows Smartcard Logon)
- Signature and document protection (e.g., PDF), secure email and Web forms
- Signature code and applications that support X.509 certificates
Smartphone/tablets applications - digital certificate for Apps in a mobile PKI environment
- Protection of email, calendar, contacts and to-do lists
- Access control to Web applications and corporate networks
- Incorporation of PKI mechanisms in the apps, using the OS's API
Applications and devices - Web authentication certificates/applications and encryption communications
- TLS/SSL servers: organization validation (OV), domain-validated (DV) and extended validation (EV) certificates
- Network and communication devices (3GPP/LTE/4G)
- Corporate servers including Web servers, messaging and domain controllers that support SSL/TLS for authentication and data encryption
Benefits
- Proven Technology
Safelayer is well established in the government, finance and corporate sectors, where it has implemented a wide range of security and PKI services projects. - Certificate Management
Includes options for automating the administration of the digital certificate lifecycle for end entities, including the automation of key renewal for trusted entities (CA, RA, VA & TSA). - Integrated Solution
Through strategic alliances with security market leaders, Safelayer's solution integrates perfectly with hardware security modules (Thales and Safenet) or certificate management suite (Venafi). - Multiple Enrollment Options
The flexibility of KeyOne registration components minimizes rollout times to simplify the user experience and maximize security. It supports face-to-face and Web enrollment procedures and is integrated with Windows Certificate Enrollment. - Web Integration: System functions can be used as Web services JSON and XML. This simplifies system integration and allows the deployment of batch enrollment processes.
Components
- KeyOne CA
Central system of generation and revocation of certificates X.509v3 for a root CA, Subordinate CA or Bridge CA. Cross-certification environments are also supported. - KeyOne XRA/ KeyOne XLRA
User/application registration service (RA) for requesting the issuing and revocation of digital certificates (working with KeyOne CA). - KeyOne VA
Stores information on the digital certificates generated by one or more Certification Authorities (CAs). Implements the OCSP protocol. - KeyOne TSA
PKI time-stamping that guarantees the date and time a transaction occurred or an electronic signature was signed. Implements the RFC 3161 protocol.
The following figure illustrates a Certification Authority (CA) operated by KeyOne CA and how it interacts with KeyOne (or third party products) to provide registration and publishing options for the status of the digital certificates.
Resources
KeyOne Registration Authority Graphic User Interface.
KeyOne Registration Authority WS/SOAP management.
KeyOne PKI 4.0 (CA/XRA/VA) and KeyOne ePassport (CSCA/CVCA/DV) 4.0 with a CC EAL4+ (ALC_FLR.2) guarantee level in compliance with the security level 3 CIMC Protection Profile ("Certificate Issuing and Management Component", NIST). For more information: http://oc.ccn.cni.es/
Central system of generation and revocation of certificates X.509v3 for a root CA, Subordinate CA or Bridge CA. Cross-Certification Environments are also supported.