RCII-PKI provides certificate validation authority (CA), online certificate status protocol (OCSP), time-stamp authority (TSA), LRA and web-RA for office and provide secure infrastructure for Electronic Documents.
Features
·RCII-PKI can act as a Root CA, Subordinate CA, Cross CA or a Bridge CA.
·PKI Independent modules: CA, OCSP, TSA, LDAP, web-RA, LRA, Database
·Compliance with International Standards
·Generate the ITU-T X509v3 digital certificates requested by the RAs.
·Generate and protect the private keys via the use of cryptographic devices (HSM).
·Generate and publish lists of revoked and suspended certificates (CRLs).
·Report on the status of the digital certificates so the validation service can publish it via OCSP.
·Provide independent proof of date and time for data and digital signatures can publish it via TSA
·Supplies various cryptographic components.
symmetric encryption : 3DES/RC4/Blowfish
hash functions : SHA/SHA1
asymmetric encryption : RSA 1024/DSA/ECC
·Smart Card based administrator authentication
·Compliance with HSMs, Smartcard, USB tokens and other PKCS#11 compliant devices
·Supports log chaining
·Supports windows and Linux platforms
·Supports oracle and PostgreSQL databases
Certification Authority and installation of mid way centers
Components implemented in RCII, which are abbreviated as RCII-CTO, provided all functions and requirements needed for founding a secure infrastructure for electronic commerce or in general any data transaction in cybernetics environment.
In this regard, RCII is well prepared to install and put into operation CA centers for organizations in need of secure electronic infrastructures. Moreover, RCII is currently preparing standards of creating CA midway centers meant to offer services for granting certificates of establishing security services like secrecy, accuracy, and identification for requesting organizations.
RCII-CTO software components
Certification Authority issuing center
-Design and development from the base by RCII security group.
-Capable of producing digital certificates for different and various applications in any quantity.
-Capable of communicating with other digital certification centers in order to build up a chain of confidence in national and international level.
-Supporting the highly used algorithms and recent standards in cryptography world for issuing digital certificates.
-Supporting the Eracom hardware module (HSM) to produce and save dual-keys as defaults and also any other hardware which supports PKCS#11 standard.
-Identifying users’ identity by use of Token and establishing a secure link (SSL) with other components through applying user Token.
-Capable of being installed and implemented on many operating systems, Unix, FreeBSD, Solaris, Windows and so forth.
-Supporting LDAP V2&3 and Oracle 9i data base as defaults.
-Capable of being custom-made for special applications and having support of RCII specialists.
-Capability of having new Token and HSM added in order to support log chaining capability which provides control over log files.
Registration Authority
Producing certification requests for following applications:
-Secure Email.
-SSL with client Authentication.
-SSL with server Authentication
-Design and development form the base by RCII security group.
-Supporting the highly used algorithms and recent standards in cryptography world for issuing digital certificates requests.
-Capable of sending requests for certificates and receiving digital certificates from RCII-CA.
-Capability of establishing secure links with RCII-CA locally through internet channels.
-Capable of Import/Export the requests for issuing certificates and digital certificates according to standards in order to create the ability to link with other centers of issuing digital certificates.
-Capable of supporting PKCS#11 in Aladdin and Ikey1000 Tokens in order to save certificate and private key which will be later delivered to the customers.
-Capable of supporting certificates vaults with pfx (PKCS#12) and JKS file formats in order to reserve certificates and private keys which will be delivered to the customers.
-Capable of being installed and implemented on many operating systems, Linux, FreeBSD, Solaris, Windows and so forth.
Online Certificate Status Protocol (OCSP)
·Capable of validity evaluation of requests (PKCS #10, SHA-1, MDS, RSA, PKCS #1) and cryptography of replies from (RSA, SHA-1, MDS, PKCS #1, PKCS #7, PKCS #11)
·Capable of processing the revoked certificates list (CRL V2 and delta CRL revocation updates) and producing replies.
·Supporting the highly used algorithms and recent standards in cryptography world for issuing digital certificates.
·Capable of being installed and implemented on many operating systems, Linux, Windows, Solaris, FreeBSD and so forth.
·Supporting LDAP V2&3 and Oracle 10g data base as default.
·Capability of having new Token and HSM added in order to support log chaining capability which provides control over log files.
Time Stamp Authority (TSA)
-Supporting the highly used algorithms and recent standards in cryptography world for issuing digital certificates.
-Capability of using NTS-200 hardware services.
-Processing the requests and producing time stamps.
-Capable of being installed and implemented on many operating systems, Unix, FreeBSD, Solaris, Windows and so forth.
-Supporting LDAP V2&3 and Oracle 10g data base as default.
-Capable of being custom-made for special applications and having support of RCII specialists.
-Capability of having new Token and HSM added in order to support log chaining capability which provides control over log files.
