Document Sample
Certification_Authority Powered By Docstoc
					                                                                                          Cryptomathic CA
                                                                                        Cryptomathic CardInk

Cryptomathic Certification Authority

Professional Trust Management
In the physical world identity cards and handwritten signa-
tures are the means with which we build trust and seal
agreements. In the electronic world these means are
replaced by certificates and digital signatures.

The Cryptomathic CA professionally manages all the
Certification Authority’s tasks – this includes issuing:
• Certificates for secure e-mail (S/MIME)
• Certificates for digital signatures in Web browsers
• Certificates for authentication and VPN logon
• SSL/TLS server and client certificates
• Certificates for Windows 2000 smart card logon
• Trusted Computing Platform Alliance certificates
Benefits                                                                     The main component of Cryptomathic CA is the CA server
Cryptomathic CA offers all the features expected from                        that is managed through the (possibly remote) administra-
professional trust management software, including:                           tion client. The Local Registration Authority (LRA) applica-
                                                                             tion1 allows local identification and registration of end
Multiple CAs – Running several logical Certification                         users, whereas the Web Front End provides instant inte-
Authorities concurrently, the CA server easily accommo-                      gration with Microsoft Explorer for certificate issuing and
dates the CA hierarchies of Trust Service Providers and                      installation. In addition, two APIs are provided for facilita-
large enterprises.                                                           ting custom applications to interface directly with the CA
                                                                             server. The LRA API enables registration of end users and
Scale-out Clustering – Assures high availability and per-                    management of these registrations, and the PKIX API
formance and allows servers to be added or removed                           offers functionality for on-line certificate issuing, updating
from a running system.                                                       and revocation. Moreover, the PKIX API supplies a com-
                                                                             bined registration and certification protocol for bulk certifi-
Hardware Security Modules – Support for a number of                          cation. Off-line certificate issuing (e.g. for CA certificates) is
FIPS-certified hardware security modules.                                    facilitated through the administration client.
                                                                                                                         Available from version 3.4

                 LRA Application1                     CCA Adm.Client

     TCP/IP                                                                                                           CCA Server

                   Web Server                      Third Party Application
                  Web Front End                            CCA APIs                                                                DB
                                                                                          Cryptomathic CA

Technical Specifications
Certificate Format                               • RSA 1024-4096 bit CA keys, limit set by      Operating Environment
• X509v3                                           hardware security module2                    • CA server runs as Windows NT/2000
Certificate Requests                             Client Side Integration                          service
• PKCS #10, certificate returned in              • Web pages for certificate issuing and        • Administration client – Windows
  PKCS #7 structure                                pick up, support for any CSP                   NT/2000 applications
• SPKAC, certificate returned in PKCS #7         • ActiveX component for LRA administration     Supported Hardware Security Modules
  structure                                      • API for certificate management, avail-       • nCipher nShield F2 and F3
• CRMF, request/response according to              able in ANSI C and as Windows DLL            • IBM 4758
  PKIX-CMP                                       Server Side Integration                        • Chrysalis-ITS Luna SA and Luna CA3
• Central bulk issuing                           • ANSI C API for CA administration, also       • Any PKCS #11 compliant hardware
• Off-line: X.509v3 and PKCS #10, certifi-         available as Windows DLL                     Supported Databases
  cate returned in PKCS #7 or plain              • API for LRA administration, available in     • Oracle 8 and 9
  X.509v3                                          ANSI C and as Windows DLL                    • Microsoft SQL Server 7 and 2000
Certificate Revocation and Renewal               Key Management                                 Supported Directories
• CMP, according to PKIX                         • All CA keys are hardware protected           • SUN™ ONE Directory Server (formerly
Certificate Status Retrieval                     • All auxiliary keys are hardware protected      iPlanet Directory Server)
• Instant certificates                           Operational Features                           • Novell eDirectory
• CRLs according to X.509v2                      • All events are MAC protected and             • MS Active Directory
Cryptographic Specification                        securely logged in the database              • Any LDAP compliant directory
• Certification of RSA keys of 512 bits or       • Scale-out clustering for high availability   2
                                                                                                    In version 3.3 at most 2048 bit.
  longer                                           and performance                              3
                                                                                                    Available from version 3.4

Cryptomathic’s Trust Products                                                  Interoperable – The trust products comply with business
Cryptomathic’s family of trust products includes all the                       standards and are tested for interoperability. This ensures
applications needed to set up and maintain a trust com-                        that the applications fit into existing infrastructures.
munity, also known as a Public Key Infrastructure (PKI).                       Scalable and stable – Designed with scalability and stabili-
Cryptomathic’s trust products range from the central                           ty in mind, the trust products fit both current and future
Certification Authority (CA), with supporting applications                     requirements.
for registration of users and distribution of certificates, to                 Proven – Large enterprises and banks as well as financial
components for time stamping and remote signature                              and government institutions rely on Cryptomathic’s trust
generation, which may be added as required.                                    products to protect their business.
                                                                               Flexible – The trust products are designed for easy inte-
With Cryptomathic’s trust products you can include the                         gration with existing business systems. In addition, our e-
benefits of digital signatures and reliable authentication in                  Security tools allow you to enable new and legacy appli-
a business application for internal or external use, offer                     cations to handle digital signatures.
trust services as a service provider, or even set up a pub-                    Secure – Built by world-class security experts,
lic Certification or Time Stamping Authority. The simple,                      Cryptomathic’s trust products offer premium security.
yet flexible, license forms and pricing models make                            Hardware Crypto Enabled – For physical security and even
Cryptomathic’s trust products an attractive choice for                         better performance all the trust products support hardwa-
solutions of any scope or size.                                                re security modules.

About Cryptomathic                                                             Cryptomathic’s world-class experts offer e-Security
                                                                               consultancy at strategic level, for solution architecture,
With more than 15 years of experience, Cryptomathic is                         and integration.
one of the world’s leading providers of e-Security. We can                     We offer a complete modular education program, where
assist you in securing your business by providing best-of-                     you can learn what you need to know about e-Security –
breed e-Security software products and services as well as                     both on a general and product specific level.
consultancy and education.
                                                                               We serve our customers through our head office in
Our range of software products covers e-Security tools for                     Denmark and our European subsidiaries. For more infor-
professional application development, trust products as                        mation, please fill in the interest card on our web site:
well as data preparation for smart cards.