Safelayer’s KeyOne product family comprises solutions for implementing PKI (Public Key Infrastructures), data protection applications and integration tools for incorporating PKI mechanisms in applications.
KeyOne products include the following solutions.
Public key infrastructure solutions
Solutions for managing digital certificates. They implement digital certificate registration, issuing, cancellation and renewal functions in accordance with standard ITU-T X.509v3.
Advanced public key infrastructure solutions
Solutions for validating digital certificates and time-stamp generation. They include the functions needed to generate proof of digital certificates’ validity in compliance with the IETF OCSP standard and proof of the existence of specific data at a given moment in time, as established in the IETF TSP standard.
Solutions for protecting the user’s data
Includes a set of solutions for protecting the user’s data by means of electronic signature and data encryption technology based on public key infrastructure mechanisms.
Advantages of KeyOne Solutions
Safelayer solutions provide the following advantages.
Complete range of applications
The KeyOne product family supplies the functionality required to implement any advanced electronic certification solution, including client applications and integration toolkits.
Easy to use and implement
Solutions are designed to be easily integrated in business processes. Safelayer solutions incorporate a high-level language that simplifies and guarantees the start-up of solutions.
Open and Standard Compliant
The solutions implement PKI standards that are recognized by the industry, thus guaranteeing interoperability and availability of multiple applications belonging to major application providers. Standards based on ITU-T X.509v3 and IETF PKIX guarantee the implementation of electronic signatures in applications and processes.
Scalable and modular solutions
KeyOne solutions accept different architectures due to their modular design and they adapt to the highest performance requirements. Moreover, they are designed to offer high availability and guarantee the system’s growth with new advanced services.
More security and control
Products of the KeyOne version 3.0 has been designed to comply with the security requirements for management system of digital certificates for electronic signatures (CWA 14167-1); and are certified according to the Common Criteria with level EAL4+.
KeyOne 3.0 with a ISO/IEC 15408 EAL4+ (ALC_FLR.2) guarantee level in compliance with the security level 3 CIMC Protection Profile (Certificate Issuing and Management Component, NIST, 31 October 2001). More information can be found at:
KeyOne CA v4.0 has achieved CC EAL4+ (ALC_FLR.2).
Likewise, a configuration system allows to force the operation in CWA 14167-1 or NSA/NIST CIMC mode, defined by roles and events, or define its own security level). The products are equipped with an extremely flexible and reliable audit system thanks to their capacity to select and program events and to the integrity and protection system against failures that is included.
Public Key Infrastructure Solutions
KeyOne solutions for public key infrastructure include both digital certificate management systems, and advanced services for validating certificates and timestamps. More specifically, solutions based on KeyOne include the following functionality:
- Digital certificate signing request management.
- Digital certificate issuing.
- Digital certificate management (revocation, suspension, rehabilitation).
- Maintenance of the digital certificate status (revoked, suspended, unsuspended).
- Generation of revocation lists or CRLs.
- Immediate provision (online, for instance) of information regarding the status of certificates.
- Generation of time-stamps.
- Storage of backup copies of subscriber keys.
- Recovery of subscriber keys from backup copies.
The KeyOne family for electronic certification solutions is made up of the following products:
- KeyOne CA is a software application that performs the Certification Authority functions of issuing public key digital certificates using the syntax defined in ITU-T X.509v3. Optional ICAO/EAC electronic passport extensions.
- KeyOne XRA is an application that carries out the Registration Authority functions of registering digital certificate requests, requesting digital certificates from the certification authority, requesting digital certificate revocations, delivering digital certificates and publishing them in repositories.
- KeyOne LXRA is a special type of registration application included in KeyOne XRA for performing face-to-face registration in local systems. As it can control a smartcard printer, customization is supported.
- KeyOne VA is an application that performs the role of the Validation Authority, issuing evidence that proves the validity of digital certificates in accordance with IETF's OCSP protocol (Online Certificate Status Protocol).
- KeyOne TSA is an application that acts as a Time-Stamp Authority, issuing evidence that proves the existence of data at a certain time in accordance with IETF's TSP protocol (Time-Stamp Protocol).
KeyOne products for electronic certification solutions have common components (for instance, the access control and auditing system) and its own special features that offer specific functionality. The following sections identify the components’ features and provide a detailed description of their performance within each solution.