Key Lifecycle Management

Shorten turnaround time

Minimise disturbance to end users 

A Suite of Administration Tools to Manage Keys, e-Cert & Token Authenticator for TrustSafe Confidential Mail System 

PKI Keys Repository

Central Secure Key Repository

A secure central repository to hold original electronic certificate file (P12 File) and its Password.

Keys and passwords are encrypted (3DES encryption) and stored in two separated databases with two Master e-Certs.

PKI Authenticator token management

Enigmator Token Management

Reduce disturbance to users in case accidental token locked.

Administrator can remotely release a locked Enigmator Token and Smart card by a secured token administration password in challenge-response principle.

PKI digital certificate remote installation

Remote Import Cert

It supports administrator remotely to transfer new certificate to user at distant workstation when users need to renew e-cert of their token authenticator.

Supports operations with 2048-bit RSA Key Length e-Cert

What is Public Keys Infrastructure

Public Key Infrastructure (PKI) covers the use of public key cryptography and digital certificates as the accepted means of authentication and access control over untrusted networks, such as the Internet. While public key cryptography addresses issues of data integrity and transaction privacy, certificates address concerns in authentication and access control.

Applications

Confidential email, online banking and e-commerce.

Encryption

A PKI system allows data to be encrypted and decrypted, protected from unauthorised interception.  Without PKI, sensitive information can still be encrypted (ensuring confidentiality) and exchanged, but there would be no assurance of the identity (authentication) of the other party. 

Public key cryptography

It involves the use of a pair of different, but related, keys, which enables the conduct of electronic commerce securely on the open telecommunications network or the Internet.  Each user has a private key and a public key. The private key is kept secret, known only to the user; the other key is made public by placing it in the Public Directory maintained by Certificate Authority such as Hong Kong Post.

A digital certificate is a digital document attesting to the binding of a public key to an individual or other entity. It allows verification of the claim that a specific public key does in fact belong to a specific individual. A Hongkong Post e-Cert contains a public key, the name of the holder, an expiration date, a certificate serial number and subscriber reference number.

Digital Signature

A digital signature, in relation to an electronic record, is the electronic signature of a signer. It is generated by the transformation of the electronic record using asymmetric cryptography and a hash function. A person having the initial untransformed electronic record and the signer's public key can then determine whether the transformation was generated using the private key that corresponds to the signer's public key; and whether the initial electronic record has been altered since the transformation was generated.

Environment
A typical PKI consists of hardware, software, policies and standards to manage the creation, administration, distribution and revocation of keys and digital certificates. Digital certificate is core element of PKI as it affirms the identity of the certificate subject and bind that identity to the public key contained in the certificate.

 

Certificate Authority

A trusted party (CA) acts as the root of trust. 

It provides services that authenticate the identity of individuals, computers and other entities

Registration Authority

This is often called a subordinate CA.  It is certified by a root CA to issue out certificates.

It is an authority in a network that verifies user requests for a digital certificate. 

Certificate Database

This saves all certificate requests that been issued or revoked. It serves as a log of all security certification transactions within the system.

Certificate Store

It resides on a local computer as a place to store issued certificates and private keys.

Key Archival Server

This saves encrypted private keys in a certificate database. This is used for disaster recovery purposes as a backup.