Trusted Identity Credentials for Citizen eIDs and Corporate eIDs.
Based on Public Key Infrastructures (PKI) technology, KeyOne is a proven solution that makes focus on security and digital certificates management functions to provide a comprehensive solution for critical eID infrastructures. KeyOne includes the following components:
- Certification Authority/Registration Authority (CA/RA) – digital certificate management functions
- Validation Authority (VA) – online certificate status information
- Time Stamping Authority (TSA) - electronic time-stamping services
The solution is scalable with the following components:
- KeyOne eMRTD Platform - PKI components for travel documents (for example: ePassport)
- Safelayer Mobile ID - App/SDK for identification systems based on mobile devices
User desktop applications - enabled PKI certificates for applications
- Web access control (TLS with certificate) and Network (VPN with certificate)
- Authentication with smartcard (Windows Smartcard Logon)
- Signature and document protection (for example PDF), secure email and web forms
- Signature code and applications that support X.509 certificates
Smartphone/tablets applications - digital certificate for Apps in a mobile PKI environment
- Protection of Email, Calendar, Contacts and Task Lists
- Access control to Web applications and corporate networks
- Adding Apps PKI mechanisms, using the API provided by the OS itself
Applications and devices - Web authentication certificates/applications and encryption communications
- Certificates for servers TLS / SSL from the type Organization Validation (OV), Domain-validated (DV) and Extended Validation (EV)
- Network devices and communication devices (3GPP / LTE/4G)
- Securing devices or server applications that support SSL / TLS for authentication and data encryption
- Proven technology
Safelayer has a consolidated position on Government, Finance and Corporate sectors, in which, out of a range of projects for implementing security and PKI services.
- Certificate Management
Includes a number of options to automate the administration of the end entities digital certificates lifecycle, including key renewal automation of the trusted entities (CA, RA, VA, TSA).
- Integrated solution
Through strategic alliances with security market leaders, Safelayer offers a perfectly integrated solution with hardware security modules (Thales and Safenet) or certificate management suite (Venafi).
- Multiple enrollment options
The flexibility of KeyOne registration components are designed to minimize the rollout times, to simplify the user experience and maximize the security. It includes support for face-to-face and Web enrollment procedures. It is integrated with Windows Certificate Enrollment.
- Web Integration: System functions can be used as Web services via the products' JSON and XML. This simplifies system integration and allows the deployment of batch enrollment processes.
- KeyOne CA
Central system of generation and revocation of certificates X.509v3 for a root CA, Subordinate CA or Bridge CA. Cross-Certification Environments are also supported.
- KeyOne XRA/ KeyOne XLRA
Operates as a user / application registration service (RA) for requesting the issuing and revocation of digital certificates (in conjunction with KeyOne CA).
- KeyOne VA
Maintains information on the status of digital certificates generated by one or more Certification Authorities (CAs). Implements the OCSP protocol..
- KeyOne TSA
PKI time-stamping which ensures the date of the transactions or the signature of electronic documents. Implements the RFC 3161 protocol.
The following figure illustrates a Certification Authority (CA) operated by KeyOne CA and how it interacts with KeyOne (or third party products) to provide registration and publishing options for the status of the digital certificates.
KeyOne PKI 4.0 (CA/XRA/VA) and KeyOne ePassport (CSCA/CVCA/DV) 4.0 with a CC EAL4+ (ALC_FLR.2) guarantee level in compliance with the security level 3 CIMC Protection Profile ("Certificate Issuing and Management Component", NIST). For more information: http://oc.ccn.cni.es/