CLIENT AREA
EN
Multicert Logo
Online Store
Em Destaque
MULTICERT Banner

About Us
MULTICERT Banner

About Us
Banner Mtrust (1)

Digital Transformation Solutions

PKI Characteristics

Technical and security characteristics of PKI solutions

Certification Authority

 

  • Issuance of X.509 and CVC certificates
  • Issuing CRLs and Delta CRLs
  • CA Cryptographic Keys on PKCS#11 Compliant HSMs
  • Administration web interface
  • Two-factor access control
  • Configurable user profiles (operators, administrators, auditors, etc.)
  • Audit logs
  • Compliance with RFC 5280, CWA 14167
  • Common Criteria EAL4+ CMIC Certification
  • Robust: Clustering, Backup, Disaster Recovery
  • Multilingual
  • Complete documentation package including CPS, CP, PDS, policies, manuals, diagrams, procedures, forms, and inventory

 

Timestamping Authority

 

  • Compliance with RFC 3161
  • Support for multiple timestamping units (TSU)
  • CA Cryptographic Keys on PKCS#11 Compliant HSMs
  • Administration web interface
  • Management of contracts and timestamp packages for wholesale and retail offer
  • Two-factor access control for internal users
  • Configurable user profiles (operators, administrators, auditors, etc.)
  • Audit logs
  • Built on Common Criteria EAL4+ certified security core
  • Assessed and approved by the National Security Office
  • Capable of internationalization (i18n): multilingual, writing sense, formatting, character encoding
  • Robust: Clustering (active-active), Backup, Disaster Recovery

 

OCSP - Online Certificate Status Protocol

 

  • Compliance with RFC 6960
  • Support for multiple CAs and OCSP responders
  • Cryptographic keys on PKCS#11 compliant HSMs
  • Administration web interface
  • Two-factor access control for internal users
  • Configurable user profiles (operators, administrators, auditors, etc.)
  • Audit logs
  • Built on Common Criteria EAL4+ certified security core
  • API for integration with existing CAs
  • Real-time update of certificate status via integration API
  • Periodic update of certificate status through CRL (blacklist) and LDAP (whitelist)
  • Replacement of legacy OCSP solutions without evolutionary support for a new solution, without development and integration needs of the remaining existing PKI
  • Apt for internationalization (i18n): multilingual, spelling, formatting, character encoding
  • Robust: Clustering (active-active), Backup, Disaster Recovery

 

Key Management System

 

  • Bulk pre-generation of cryptographic keys, immediately available for certificate issuance and personalization processes
  • Keys generated in HSMs, with quality and performance parameters superior to those generated in smartcard chips
  • Dynamic key stock management
  • Secure channel from HSM to personalization via transport keys and key-encryption keys (KEK)
  • Administration web interface
  • Two-factor access control for internal users
  • Configurable user profiles (operators, administrators, auditors, among others)
  • Audit logs
  • Built on Common Criteria EAL4+ certified security core
  • Apt for internationalization (i18n): multilingual, spelling, formatting, character encoding
  • Robust: Clustering, Backup, Disaster Recovery

Data Preparation

 

  • Formatting biographical and biometric data for identification documents and electronic passports
  • Compliance with LDS v1.7 ICAO 9303
  • Support for BAC, SAC/PACE, Active Authentication, EAC
  • API for integration with lifecycle and customization systems
  • Integrated with Key Management System
  • Audit logs
  • Robust: Clustering, Backup, Disaster Recovery

 

Document Signer

 

  • Signing biographical and biometric data for identification documents and electronic passports to protect authenticity and integrity
  • ICAO 9303 compliance, producing the Secure Document (SOD) framework
  • Support for BAC, SAC/PACE, Active Authentication, EAC
  • API for integration with lifecycle and customization systems
  • Audit logs
  • Robust: Clustering, Backup, Disaster Recovery

 

Card Management System

 

  • Application for final personalization of SSCDs (smartcards, USB cryptographic tokens, secure microSD)
  • Support for PKCS#11 compliant SSCDs
  • An on-chip key generation or import via a secure channel
  • Integration with smartcard printers
  • Graphical interface for customization operators prints preview
  • PIN letter printing on customizable templates
  • Cover and follow-up letter printing on customizable templates
  • Support for multiple configurable personalization profiles
  • Installation on multiple workstations for parallel customization
  • Restricted access control for customization operators

 

National PKD

 

  • LDAP interface for providing CSCA, Document Signer, CVCA, DVCA, CRLs, and Master Lists certificates
  • Hierarchical organization according to certificate name structure
  • Application with graphical interface for service management
  • Robust: Clustering, Backup, Disaster Recovery

SPOC - Single Point of Contact

 

  • Exchange of certificates and information necessary for the validation of electronic identification documents such as the Passport, which must be made available between member countries of the European Union
  • Receipt of requests for DVCA certificates from the national PKI EAC and delivery to the destination SPOC
  • Online reception of requests from SPOCs in other countries and forwarding to those responsible for the national PKI EAC
  • Compliance with ČSN 36 9791:2009, BSI TR-03110, and BSI TR-03139
  • Protection of communications between SPOCs through digital certificates issued by SPOC CA
  • SPOC CA registration by SPOC
  • SPOC CA CRL Publication
  • Administration web interface
  • Two-factor access control for internal users
  • Configurable user profiles (operators, administrators, auditors, among others)
  • Audit logs
  • Robust: Clustering, Backup, Disaster Recovery