Trusted Identity Credentials for Citizen eIDs and Corporate eIDs.

Based on Public Key Infrastructures (PKI) technology, KeyOne is a proven solution that makes focus on security and digital certificates management functions to provide a comprehensive solution for critical eID infrastructures. KeyOne includes the following components: 

  • Certification Authority/Registration Authority (CA/RA) – digital certificate management functions
  • Validation Authority (VA) – online certificate status information
  • Time Stamping Authority (TSA) - electronic time-stamping services

The solution is scalable with the following components:


User desktop applications - enabled PKI certificates for applications

  • Web access control (TLS with certificate) and Network (VPN with certificate)
  • Authentication with smartcard (Windows Smartcard Logon)
  • Signature and document protection (for example PDF), secure email and web forms
  • Signature code and applications that support X.509 certificates

Smartphone/tablets applications - digital certificate for Apps in a mobile PKI environment

  • Protection of Email, Calendar, Contacts and Task Lists
  • Access control to Web applications and corporate networks
  • Adding Apps PKI mechanisms, using the API provided by the OS itself

Applications and devices - Web authentication certificates/applications and encryption communications

  • Certificates for servers TLS / SSL from the type Organization Validation (OV), Domain-validated (DV) and Extended Validation (EV)
  • Network devices and communication devices (3GPP / LTE/4G)
  • Securing devices or server applications that support SSL / TLS for authentication and data encryption


  • Proven technology
    Safelayer has a consolidated position on Government, Finance and Corporate sectors, in which, out of a range of projects for implementing security and PKI services.
  • Certificate Management
    Includes a number of options to automate the administration of the end entities digital certificates lifecycle, including key renewal automation of the trusted entities (CA, RA, VA, TSA).
  • Integrated solution
    Through strategic alliances with security market leaders, Safelayer offers a perfectly integrated solution with hardware security modules (Thales and Safenet) or certificate management suite (Venafi).
  • Multiple enrollment options
    The flexibility of KeyOne registration components are designed to minimize the rollout times, to simplify the user experience and maximize the security. It includes support for face-to-face and Web enrollment procedures. It is integrated with Windows Certificate Enrollment.
  • Web Integration: System functions can be used as Web services via the products' JSON and XML. This simplifies system integration and allows the deployment of batch enrollment processes.


  • KeyOne CA
    Central system of generation and revocation of certificates X.509v3 for a root CA, Subordinate CA or Bridge CA. Cross-Certification Environments are also supported.
  • KeyOne XRA/ KeyOne XLRA
    Operates as a user / application registration service (RA) for requesting the issuing and revocation of digital certificates (in conjunction with KeyOne CA).
  • KeyOne VA
    Maintains information on the status of digital certificates generated by one or more Certification Authorities (CAs). Implements the OCSP protocol..
  • KeyOne TSA
    PKI time-stamping which ensures the date of the transactions or the signature of electronic documents. Implements the RFC 3161 protocol.

The following figure illustrates a Certification Authority (CA) operated by KeyOne CA and how it interacts with KeyOne (or third party products) to provide registration and publishing options for the status of the digital certificates.

K1 Products generic vision draft


KeyOne Registration Authority Graphic User Interface

KeyOne Registration Authority Graphic User Interface.

KeyOne Registration Authority WS/SOAP management

KeyOne Registration Authority WS/SOAP management.

KeyOne PKI 4.0 (CA/XRA/VA) and KeyOne ePassport (CSCA/CVCA/DV) 4.0 with a CC EAL4+ (ALC_FLR.2) guarantee level in compliance with the security level 3 CIMC Protection Profile ("Certificate Issuing and Management Component", NIST). For more information:

Central system of generation and revocation of certificates X.509v3 for a root CA, Subordinate CA or Bridge CA. Cross-Certification Environments are also supported.

We use cookies to improve our website and your experience when using it. Cookies used for the essential operation of this site have already been set. To find out more about the cookies we use and how to delete them, see our Privacy Policy.I accept cookies from this site