KeyOne. Certification Authority

Similar documents
Axway Validation Authority Suite

Public. Atos Trustcenter. Server Certificates + Codesigning Certificates. Version 1.2

AeroMACS Public Key Infrastructure (PKI) Users Overview

SignCloud. Remote Digital Signature System

Public Key Infrastructure PKI. National Digital Certification Center Information Technology Authority Sultanate of Oman

QuoVadis Trustlink Schweiz AG Teufenerstrasse 11, 9000 St. Gallen

Adding value to your MS customers

PKI-An Operational Perspective. NANOG 38 ARIN XVIII October 10, 2006

AXIAD IDS CLOUD SOLUTION. Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure

RSA Validation Solution

Certificate Enrollment- and Signing Services for the Cloud. A behind-the-scenes presentation of a successful cooperation between

Public Key Infrastructure

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure

6 Public Key Infrastructure 6.1 Certificates Structure of an X.509 certificate X.500 Distinguished Name and X.509v3 subjectalternativename

CERTIFICATE POLICY CIGNA PKI Certificates

The SafeNet Security System Version 3 Overview

Public Key Establishment

SSH Communications Tectia SSH

DIGITALSIGN - CERTIFICADORA DIGITAL, SA.

Who s Protecting Your Keys? August 2018

DBsign for HTML Applications Version 4.0 Release Notes

Next Generation Physical Access Control Systems A Smart Card Alliance Educational Institute Workshop

Xceedium Xsuite. Secured by RSA Implementation Guide for 3rd Party PKI Applications. Partner Information. Last Modified: February 10 th, 2014

Streamline Certificate Request Processes. Certificate Enrollment

Apple Inc. Certification Authority Certification Practice Statement

PKI is Alive and Well: The Symantec Managed PKI Service

SSL Certificates Certificate Policy (CP)

X.509. CPSC 457/557 10/17/13 Jeffrey Zhu

Apple Corporate Certificates Certificate Policy and Certification Practice Statement. Apple Inc.

Thales e-security. Security Solutions. PosAm, 06th of May 2015 Robert Rüttgen

Apple Inc. Certification Authority Certification Practice Statement

Digital signatures: How it s done in PDF

PKI Services. Text PKI Definition. PKI Definition #1. Public Key Infrastructure. What Does A PKI Do? Public Key Infrastructures

Certification Authority

PAA PKI Mutual Recognition Framework. Copyright PAA, All Rights Reserved 1

PKI Configuration Examples

Public Key Infrastructures. Using PKC to solve network security problems

Volvo Group Certificate Practice Statement

TeliaSonera Gateway Certificate Policy and Certification Practice Statement

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations

Cisco ISE Ports Reference

The Mobile Finnish Identity Certificate

Xolido Sign Desktop. Xolido Sign Desktop. V2.2.1.X User manual XOLIDO. electronic signature, notifications and secure delivery of documents

TELIA MOBILE ID CERTIFICATE

Certification Policy of CERTUM s Certification Services Version 4.0 Effective date: 11 August 2017 Status: archive

CertDigital Certification Services Policy

Copyright

SSL/TSL EV Certificates

BlackVault Hardware Security Platform SECURE TRUSTED INTUITIVE. Cryptographic Appliances with Integrated Level 3+ Hardware Security Module

SONERA MOBILE ID CERTIFICATE

Entrust Technical Integration Guide for Entrust Security Manager 7.1 SP3 and SafeNet Luna CA4

CHEVRON U.S.A. INC. PUBLIC KEY INFRASTRUCTURE Root Certificate Authority Set of Provisions Version 2

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.10 Effective Date: June 10, 2013

CertAgent. Certificate Authority Guide

Apple Inc. Certification Authority Certification Practice Statement. Apple Application Integration Sub-CA Apple Application Integration 2 Sub-CA

CSE 565 Computer Security Fall 2018

Ten Risks of PKI : What You re not Being Told about Public Key Infrastructure By Carl Ellison and Bruce Schneier

Cisco ISE Ports Reference

Digital Certificates Demystified

DirectTrust Governmental Trust Anchor Bundle Standard Operating Procedure

SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Secure applications and services Security protocols

Symantec Managed PKI. Integration Guide for AirWatch MDM Solution

Comodo Certificate Manager. Centrally Managing Enterprise Security, Trust & Compliance

QUESTION: 1 An RSA SecurID tokencode is unique for each successful authentication because

Mavenir Systems Inc. SSX-3000 Security Gateway

Network Security Essentials

Cisco ISE Ports Reference

CertAgent. Certificate Authority Guide

Certification Practice Statement

Introduction to Network Security Missouri S&T University CPE 5420 Key Management and Distribution

1 Motivation Frontend Fine-Tuning Parameters Location On Windows On Linux... 5

Configuring Certificate Authorities and Digital Certificates

National Information Assurance Partnership

ING Public Key Infrastructure Technical Certificate Policy

CORPME INTERNAL CERTIFICATION POLICIES

The Device Has Left the Building

Cisco ISE Ports Reference

Smart Meters Programme Schedule 2.1

Send documentation comments to

Disclosure text - PDS (PKI Disclosure Statement) for electronic signature and authentication certificates

ING Corporate PKI G3 Internal Certificate Policy

Bart Preneel PKI. February Public Key Establishment. PKI Overview. Keys and Lifecycle Management. How to establish public keys?

Designing and Managing a Windows Public Key Infrastructure

Information technology Security techniques Telebiometric authentication framework using biometric hardware security module

SxS Authentication solution. - SXS

Workspace ONE UEM Integration with OpenTrust CMS Mobile 2. VMware Workspace ONE UEM 1811

OISTE-WISeKey Global Trust Model

AirWatch Mobile Device Management

Guide to Deploying VMware Workspace ONE. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1

CORPME TRUST SERVICE PROVIDER

Public Key Infrastructures

Guide to Deploying VMware Workspace ONE. VMware Identity Manager VMware AirWatch 9.1

XenApp 5 Security Standards and Deployment Scenarios

Security and Certificates

THE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY. November 2015 Version 4.0. Copyright , The Walt Disney Company

NCP Secure Enterprise Management for Linux Release Notes

WHITE PAPER. VeriSign Architecture for Securing Your VPN Go Secure! For Check Point Overview

ODYSSEY. cryptic by intent. Odyssey Certrix FAQs. Odyssey Technologies Ltd

IBM Tivoli Directory Server

Server-based Certificate Validation Protocol

Transcription:

Certification Description KeyOne public key infrastructure (PKI) solution component that provides certification authority (CA) functions. KeyOne CA provides: Public key infrastructure deployment for governments, certification service providers and corporate environments. Management of user digital certificates in mobile devices, centralized servers and smart cards. Digital certificate provision for servers, applications and communication devices that require authentication, e-signing and data encryption. Maximum security guarantees and CA compliance with CEN and ETSI recommendations. Reduced integration and maintenance costs through support for integration standards including JSON/ REST and XML/SOAP interfaces. Benefits Complete and scalable KeyOne CA is optimized for managing large volumes of certificates. It can handle CRLs with multiple distribution points, ideal for government and large infrastructures. The KeyOne solution includes components that provide advanced functions to the PKI, including registration (KeyOne XRA), certificate validation (KeyOne VA) and time-stamping (KeyOne TSA). Standard support and movility KeyOne CA supports X.509 digital certificates interoperable with Windows, Mac and Linux desktop environments and mobile devices with Google Android and Apple ios operating systems. KeyOne provides PKI authentication, e-signing and date encryption without requiring proprietary applications. It is adaptable to the security mechanisms of a wide range of PKI-compatible applications and platforms. Greater PKI control and management KeyOne automatically manages the CA keys, providing greater ease of management and control of the public key infrastructure (PKI). You can define the events executed when keys are renewed, incorporate mechanisms to adjust the maximum lifetime of the digital certificates and manage the coexistence of expired CA keys (used to transparently revoke certificates generated with these keys). Integration and reduced maintenance costs KeyOne CA operates as a network-accessible specialized service component. The system can be operated from the GUI or via the JSON on REST and XML on SOAP interfaces it incorporates. This reduces the cost of integrating and maintaining the digital certificate management functions. It supports standard protocols for information and security event management and monitoring, facilitating integration with SIEM and corporate monitoring systems. Maximum security and trust KeyOne CA is designed to facilitate compliance with the security requirements for trustworthy systems managing certificates for electronic signatures (CEN CWA 14167-1) in terms of roles and events. It facilitates adaptation to the ETSI TS 101 456 recommendations for certification authority policies that issue recognized digital certificates. The system supports FIPS 140-2 level 3 HSMs and is currently being ISO/IEC 15408 EAL4+ (ALC_FLR.2) certified. Safelayer Secure Communications S.A. is a leading provider of security software for public key infrastructure (PKI), multi-factor authentication, electronic signature, data encryption and for the protection of electronic transactions.

Certification Architecture The following figure illustrates a Certification (CA) operated by KeyOne CA and how it interacts with KeyOne (or third party) products to provide registration and publishing options for the status of the certificates. The registration system can be implemented with KeyOne XRA or a corporate application that acts as the RA. A directory, a Web server (not shown in the figure) or KeyOne VA can be used to publish the status of the certificates (using CRLs or OCSP). The HSM (network or internal) used for protecting the private keys of the CA is also shown in the figure. Specifications subject to change without notice. All brand names are registered trademarks of their respective owners. Updated September 2014. Functions KeyOne CA can act as a Root CA, Subordinate CA, Cross CA and a Bridge CA. Depending on how it is used, the CA operates in conjunction with the Safelayer KeyOne XRA product or an application that assumes the entity registration functions. KeyOne CA can also operate in conjunction with the KeyOne VA product to provide the digital certificate validation service. The main functions of KeyOne CA are to: Generate and protect the private keys via the use of cryptographic devices (HSM). Automatically manage the life-cycle and the coexistence of the private keys of the CA. Manage recognized RAs and assign them certification policies. Generate the ITU-T X509v3 digital certificates (for users and applications) requested by the RAs. Generate and publish lists of revoked and suspended certificates (CRLs). Report on the status of the digital certificates so the validation service (VA) can publish it via OCSP. Allow the secure protection and retrieval of encryption keys (if they become lost). Guarantee the secure auditing of the events and actions carried out in the system. Technical Specifications Certificate format: ITU-T X.509v3, IETF RFC 5280. Certification profiles: All standard extensions defined by ITU-T X.509v3, ETSI TS 101 862, IETF RFC 5280, RFC 6818 and RFC 3739. Revocation information: Single and multiple ITU-T X.509v2 CRL distribution points. OCSP via the optional KeyOne VA component. Certificate generation: RSA PKCS#10/PKCS#7. Support of Certificate Transparency (IETF RFC 6962). Key archiving: RSA PKCS#8 and PKCS#12 via the optional KeyOne Archive component. Connectivity: SQL, LDAP/SLDAP, Microsoft Active Directory, HTTP/HTTPS, REST/JSON Web Services and SOAP/XML, POP3 and SMTP. Cryptographic devices: RSA PKCS #11 with M-out-of-N secret sharing schemes. Event monitoring: SNMP v1, v2c and v3. SIEM integration and audit: Syslog protocol or Windows Event Log Certification: CC EAL4+.(*) System Requirements Operating systems: Windows or Solaris SPARC. Database systems: Oracle or Microsoft SQL Server. Optional HSM: Thales ncipher and Safenet. Contact Safelayer to find out which models are homologated. LDAP server: Recommended for publishing certificates and CRLs to directory. (*) KeyOne CA has achieved the ISO/IEC 15408 EAL4+(ALC_FLR.2) guarantee level (http://www.oc.ccn.cni.es/) and complies with the CIMC security level 3 Protection Profile Certificate Issuing and Management Component, NIST, 31 October 2001. Safelayer Secure Communications S.A. Basauri, 17 Edif. Valrealty Edif. B Pl. Baja Izquierda Ofi. B 28023 Madrid (Spain) Tel. +34 917 080 480 Fax +34 913 076 652 www.safelayer.com World Trade Center (Edif. Sud- 4ª Planta). Moll de Barcelona s/n 08039 Barcelona (Spain) Tel. +34 935 088 090 Fax +34 935 088 091

Validation Description KeyOne VA is suitable for critical processes of electronic signature validation since it provides evidential value and greater efficiency in the verification of the status of the digital certificates (in contrast to the conventional mechanism which are based in revocation lists). KeyOne VA is designed to: Provide reliable information on the status of a digital certificate Benefits Maximum security KeyOne products support defining the roles and events required to operate in compliance with the Security Requirements for Trustworthy Systems Managing Certificates for Electronic Signatures (CWA14167-1). KeyOne VA supports the roles of security operator, system administrator and system auditor. Reliability and control The event system guarantees the integrity of the registered data and that no information is lost. This is possible thanks to an emergency mechanism that is activated when connection to the database is lost. KeyOne also supports selecting automatic events (which are assigned different levels of severity) and defining manual events (for registering actions that occur outside the application). Efficiency for large infrastructures KeyOne VA facilitates managing large volumes of certificates via the KeyOne CertStatus Server publication service. As certificate status updating is optimized, the response efficiency is guaranteed. KeyOne VA supports high availability and scalable architectures. Easy to integrate and accounting KeyOne VA includes an interpreted programming language to define the interaction with information systems. It is possible to customize the system, incorporate new functions, connect to access-control systems and access internal information systems (to complement the information generated). Facilitate integration with corporate information systems Reduce installation and maintenance costs Safelayer Secure Communications S.A. is a leading provider of security software for public key infrastructure (PKI), multi-factor authentication, electronic signature, data encryption and for the protection of electronic transactions.

Specifications subject to change without notice. All brand names are registered trademarks of their respective owners. Updated September 2014. KeyOne Validation Functions The main functions of KeyOne VA are to: Store information on the status of the certificates generated by one or more Certification Authorities. The status of a digital certificate is updated by downloading the revocation lists or the information provided by Certification Authorities (CA) that have the KeyOne publication service (KeyOne CertStatus Server) installed. In both cases, updating is performed remotely. Receive user or service-provider requests on the status of the digital certificates used in the signing of electronic transactions. Guarantee the non-repudiation of the responses. These responses are digitally-signed by the Validation and specify the date and status (valid, revoked, cancelled or unknown) of a certificate. To enroute requests to other VAs that can provide authoritative answer for certain digital certificates, as defined in RFC 2560. Generate event logs so operators can monitor the system status, its security and to what extent the corporate specifications are being met. Customize the system to tailor response delivery and content to the identity of the requester. Architecture The following figure illustrates the general architecture of KeyOne VA and how it interacts with network components (applications or users) under the IETF OCSP standard. KeyOne VA can operate with a HSM (network or internal) and requires access to a database and a network time source (not shown in the figure). Depending on the configuration of the certificate status update system, KeyOne VA connects regularly to a CA or an LDAP directory. If it connects to a CA, the information on the status of the digital certificates comes from the KeyOne CA databases (which are accessed via the CertStatus service and the Safelayer s NDCCP protocol). If it connects to an LDAP directory, the CRL published in the directory (or in a Web server not shown in the figure) is downloaded. Technical Specifications Online validation protocol: IETF RFC2560. Cryptographic devices: RSA PKCS #11. Connectivity: SQL, LDAP/SLDAP, Microsoft Active Directory, HTTP/HTTPS, REST and SOAP Web Services, POP3, SMTP and I/O standard. Update mechanism: ITU-T X509.v3 CRL and/or the KeyOne CertStatus Server module. Supports multiple CAs. Event monitoring: SNMP v1, v2c and v3. SIEM integration and audit: Syslog protocol or Windows Event Log. Certification: CC EAL4+.(*) System Requirements Operating systems: Windows or Solaris SPARC. SMTP mail server: Recommended for implementing customized event notification. Database systems: Oracle or Microsoft SQL Server. Optional HSM: Thales ncipher and SafeNet. Contact Safelayer to find out which models are homologated. Time source: Operating system time synchronized with an external source. (*) KeyOne VA has achieved the ISO/IEC 15408 EAL4+(ALC_FLR.2) guarantee level (http://www.oc.ccn.cni.es/) and complies with the CIMC security level 3 Protection Profile Certificate Issuing and Management Component, NIST, 31 October 2001. Safelayer Secure Communications S.A. Basauri, 17 Edif. Valrealty Edif. B Pl. Baja Izquierda Ofi. B 28023 Madrid (Spain) Tel. +34 917 080 480 Fax +34 913 076 652 www.safelayer.com World Trade Center (Edif. Sud- 4ª Planta). Moll de Barcelona s/n 08039 Barcelona (Spain) Tel. +34 935 088 090 Fax +34 935 088 091

Registration Description KeyOne XRA is part of the Safelayer Public Key Infrastructure (PKI) solution. It provides the Registration (RA) functions and it is designed to: User registration and digital certificate lifecycle management through interaction with KeyOne CA. Certificate life-cycle management for PKI services and applications that require authentication, signature and data encryption. Digital certificate management for a wide range of user platforms and devices. Simplified PKI deployment thanks to a complete range of face-to-face and remote registration mechanisms. Benefits User and mobility environments KeyOne XRA s user management is independent of its environment. This enables deploying PKI authentication, e-signing and encryption for a wide range of PKI-compatible applications and platforms: Windows, Mac and Linux desktop environments and mobile devices with Google Android and Apple ios operating systems are supported. Certificates for applications KeyOne XRA also manages applications that require digital certificates. It interacts with KeyOne CA to provide digital certificates for different purposes, including SSL, SSL EV, VPN certificates and certificates for PKI services requiring authentication, e-signature and data encryption based on X.509 digital certificates Workflows and registration KeyOne XRA is extremely adaptable to business needs: for user registration processes and for the delivery of digital certificates to users. Its workflow manager provides simple and reliable system configuration for defining what data processing actions are to be included in the registration process and what data the system is to exchange with users, operators and applications. Integration and cost saving KeyOne XRA is ideal for integrating PKI registration in corporate processes. System functions can be used as Web services via the product s JSON and XML interfaces. The workflow management system supports easily defining which functions are provided as Web services and which are accessible from the GUI. Maximum security and control KeyOne XRA includes the role management, auditing and reporting mechanisms recommended for digital certificate management systems for CEN CWA 14167-1 e-signature. It facilitates adaptation to the ETSI TS 101 456 recommendations for the policies of certification authority policies that issue recognized digital certificates. Registration system integration in corporate processes using the JSON/REST and XML/ SOAP standard interfaces. Safelayer Secure Communications S.A. is a leading provider of security software for public key infrastructure (PKI), multi-factor authentication, electronic signature, data encryption and for the protection of electronic transactions.

Specifications subject to change without notice. All brand names are registered trademarks of their respective owners. Updated Seprember 2014. KeyOne Registration Functions KeyOne XRA operates as a user/application registration service (RA) for requesting the issuing and revocation of digital certificates (in conjunction with KeyOne CA). The system can combine the following registration procedures: Face-to-face. Requesters verify their identity face-to-face to obtain their digital certificates. Once the registration agent approves the request, the keys are generated on the user s cryptographic card, mobile device or PC, depending on the registration policy. For deploying the registration station close to requesters, the agent can use KeyOne LXRA, the KeyOne XRA client application. Remote. Entirely remote certificate request and delivery processes are executed via the Web or in combination with other protocols, such as SCEP and Windows Enrollment. Requests can be pre-authorized (in this case, the requester usually authenticates by password), or the registration agent can approve them after validating the registration details provided by the requester. Automatic. Supports loading requester details from a trusted source, e.g., a HRM database or directory provided by a corporate application that interacts with KeyOne XRA. The connection with KeyOne XRA is performed using XRA s JSON/REST or XML/SOAP interfaces for remotely invoking the registration system s digitalcertificate approval, renewal and revocation functions. The RA can also connect directly with the corporate database or directory to obtain requester details. Architecture The following figure illustrates a Registration (RA) operated by KeyOne XRA and how it interacts with the different components of the architecture and other KeyOne products (KeyOne CA and KeyOne LXRA) to provide the types of registration supported. Optionally, depending on the registration procedure, the RA agent can have the KeyOne LXRA client application connected to a smart card printer (not shown in the figure). Requesters either have PCs for software certificates or certificates on cryptographic cards, or mobile devices for certificates and keys for mobile operating systems. Application certificates for servers and HSMs are also requested via the Web or in combination with the SCEP (Simple Certificate Enrollment Protocol), depending on the device. Technical Specifications Certification request formats: RSA PKCS #10, ITU-T X.509v3 and Firefox. Certificate delivery and certification chain formats: RSA PKCS #7, PKCS #12 and ITU-T X.509v3. Certificate inscription protocols: REST/JSON, SOAP/XML, SCEP, Windows Enrollment and OTA Enrollment of Apple. Certification profiles: All the standard extensions defined by ITU-T X.509v3, Firefox and Microsoft. Revocation information: Single and multiple ITU-T X.509v2 CRL distribution points. OCSP via the optional KeyOne VA component. Connectivity: SQL, LDAP/SLDAP, Microsoft Active Directory, HTTP/HTTPS, REST and SOAP Web Services, POP3, SMTP and I/O standard. Cryptographic devices: RSA PKCS #11. Event monitoring: SNMP v1, v2c and v3. SIEM integration and audit: Syslog protocol or Windows Event Log. Certification: CC EAL4+.(*) System Requirements Operating systems: Windows or Solaris SPARC Database systems: Oracle or Microsoft SQL Server. Optional HSM: Thales ncipher and SafeNet. Contact Safelayer to find out which models are homologated. LDAP server: Recommended for publishing certificates and CRLs in directory. SMTP mail server: Recommended for the generation of automatic notifications. Smart card printers: Datacard. Contact Safelayer to find out which models are homologated. Smart cards: G&D or Gemalto. Contact Safelayer to find out which models are homologated. (*) KeyOne XRA has achieved the ISO/IEC 15408 EAL4+(ALC_FLR.2) guarantee level (http://www.oc.ccn.cni.es/) and complies with the CIMC security level 3 Protection Profile Certificate Issuing and Management Component, NIST, 31 October 2001. Safelayer Secure Communications S.A. Basauri, 17 Edif. Valrealty Edif. B Pl. Baja Izquierda Ofi. B 28023 Madrid (Spain) Tel. +34 917 080 480 Fax +34 913 076 652 www.safelayer.com World Trade Center (Edif. Sud- 4ª Planta). Moll de Barcelona s/n 08039 Barcelona (Spain) Tel. +34 935 088 090 Fax +34 935 088 091

Time Stamping Description Electronic time-stamping is the only way to guarantee that a transaction occurred or an electronic document was signed at a given time. KeyOne TSA, the Safelayer secure time-stamping service, is designed to: Guarantee, objectively and precisely, the registering of the moment a transaction occurs Protect the time-stamp records Allow the connection, easily and securely, with the corporate control systems, minimizing installation and maintenance costs Benefits Maximum security KeyOne products support defining the roles and events required to operate in compliance with the Security Requirements for Trustworthy Systems Managing Certificates for Electronic Signatures (CWA14167-1). KeyOne TSA supports the roles of security operator, system administrator and system auditor. Reliability and control The reliability of a TSA (Time Stamping ) registration system is vital for ensuring the traceability of the issued time-stamps and auditing their operation. The KeyOne registration mechanism incorporates a data protection system and an emergency system that ensures logs cannot be lost. KeyOne also supports selecting automatic events (with different levels of severity) and defining manual events (for registering actions that occur outside the application). Maximum performance and scalability Connected to cryptographic accelerators, KeyOne CA meets the highest load requirements, can be integrated in high availability architectures and guarantees the fastest-possible transactional response times. Easy to integrate and accounting KeyOne TSA includes an interpreted programming language to define the interaction with information systems. It is possible to customize the system, incorporate new functions, connect to access-control systems and access internal information systems (to complement the information generated). Safelayer Secure Communications S.A. is a leading provider of security software for public key infrastructure (PKI), multi-factor authentication, electronic signature, data encryption and for the protection of electronic transactions.

Time Stamping Architecture The following figure illustrates the general architecture of KeyOne TSA and how it interrelates with the network components (under the IETF time-stamp protocol). KeyOne TSA can operate with a HSM (network or internal) and requires access to a database and a network time source (e.g., via NTP). Specifications subject to change without notice. All brand names are registered trademarks of their respective owners. Updated July 2016. Functions The main functions of KeyOne TSA are to: Receive time-stamp requests via the Internet from users and service providers that want to add time stamps to electronic documents or transactions. Generate a digitally-signed time-stamp that includes the time of the request; the information that securely binds the stamp to the electronic document; and a unique registration number for auditing purposes. Generate audit logs so operators can monitor the status of the system, its security and to what extent the corporate specifications are being met. Technical Specifications Time-stamp protocols: IETF RFC 3161 and RFC 5816. Time-stamp profile and policies: ETSI EN 319 421 (replaces TS 102 023 ) and ETSI TS 319 422 (replaces TS 119 422 and TS 101 861). Cryptographic devices: RSA PKCS #11. Conectivity: SQL, LDAP/SLDAP, Microsoft Active Directory, HTTP/HTTPS, REST and SOAP Web Services, POP3, SMTP and I/O standard. Event monitoring: SNMP v1, v2c and v3. SIEM integration and audit: Syslog protocol or Windows Event Log. System Requirements Operating systems: Windows or Solaris SPARC. SMTP mail server: Recommended for implementing customized event notification. Database systems: Oracle or Microsoft SQL Server. Optional HSM: Thales ncipher and SafeNet. Contact Safelayer to find out which models are homologated. Time source: Operating system time synchronized with an external source. Safelayer Secure Communications S.A. Basauri, 17 Edif. Valrealty Edif. B Pl. Baja Izquierda Ofi. B 28023 Madrid (Spain) Tel. +34 917 080 480 Fax +34 913 076 652 www.safelayer.com World Trade Center (Edif. Sud- 4ª Planta). Moll de Barcelona s/n 08039 Barcelona (Spain) Tel. +34 935 088 090 Fax +34 935 088 091

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback