KeyOne PKI Platform provides trusted identity credentials for citizen and corporate eIDs.

Based on public key infrastructure (PKI) technology, KeyOne is a proven solution that provides digital certificate management functions with the maximum security and trust. KeyOne includes the following components:

  • Certification Authority/Registration Authority (CA/RA) – digital certificate management functions
  • Validation Authority (VA) – online certificate status information
  • Time Stamping Authority (TSA) - electronic time-stamping services

The solution is scalable with the following components:

Applications

User desktop applications - enabled PKI certificates for applications

  • Web access control (TLS with certificate) and Network (VPN with certificate)
  • Authentication with smartcard (Windows Smartcard Logon)
  • Signature and document protection (e.g., PDF), secure email and Web forms
  • Signature code and applications that support X.509 certificates

Smartphone/tablets applications - digital certificate for Apps in a mobile PKI environment

  • Protection of email, calendar, contacts and to-do lists
  • Access control to Web applications and corporate networks
  • Incorporation of PKI mechanisms in the apps, using the OS's API

Applications and devices - Web authentication certificates/applications and encryption communications

  • TLS/SSL servers: organization validation (OV), domain-validated (DV) and extended validation (EV) certificates
  • Network and communication devices (3GPP/LTE/4G)
  • Corporate servers including Web servers, messaging and domain controllers that support SSL/TLS for authentication and data encryption

Benefits

  • Proven Technology
    Safelayer is well established in the government, finance and corporate sectors, where it has implemented a wide range of security and PKI services projects.
  • Certificate Management
    Includes options for automating the administration of the digital certificate lifecycle for end entities, including the automation of key renewal for trusted entities (CA, RA, VA & TSA).
  • Integrated Solution
    Through strategic alliances with security market leaders, Safelayer's solution integrates perfectly with hardware security modules (Thales and Safenet) or certificate management suite (Venafi).
  • Multiple Enrollment Options
    The flexibility of KeyOne registration components minimizes rollout times to simplify the user experience and maximize security. It supports face-to-face and Web enrollment procedures and is integrated with Windows Certificate Enrollment.
  • Web Integration: System functions can be used as Web services JSON and XML. This simplifies system integration and allows the deployment of batch enrollment processes.

Components

  • KeyOne CA
    Central system of generation and revocation of certificates X.509v3 for a root CA, Subordinate CA or Bridge CA. Cross-certification environments are also supported.
  • KeyOne XRA/ KeyOne XLRA
    User/application registration service (RA) for requesting the issuing and revocation of digital certificates (working with KeyOne CA).
  • KeyOne VA
    Stores information on the digital certificates generated by one or more Certification Authorities (CAs). Implements the OCSP protocol.
  • KeyOne TSA
    PKI time-stamping that guarantees the date and time a transaction occurred or an electronic signature was signed. Implements the RFC 3161 protocol.

The following figure illustrates a Certification Authority (CA) operated by KeyOne CA and how it interacts with KeyOne (or third party products) to provide registration and publishing options for the status of the digital certificates.

K1 Products generic vision draft

Resources

KeyOne Registration Authority Graphic User Interface

KeyOne Registration Authority Graphic User Interface.

KeyOne Registration Authority WS/SOAP management

KeyOne Registration Authority WS/SOAP management.

KeyOne PKI 4.0 (CA/XRA/VA) and KeyOne ePassport (CSCA/CVCA/DV) 4.0 with a CC EAL4+ (ALC_FLR.2) guarantee level in compliance with the security level 3 CIMC Protection Profile ("Certificate Issuing and Management Component", NIST). For more information: http://oc.ccn.cni.es/

Central system of generation and revocation of certificates X.509v3 for a root CA, Subordinate CA or Bridge CA. Cross-Certification Environments are also supported.

We use cookies to improve our website and your experience when using it. Cookies used for the essential operation of this site have already been set. To find out more about the cookies we use and how to delete them, see our Privacy Policy.I accept cookies from this site