Robust Scalable Distributed Public Key Infrastructure (PKI) Solution TrustedCA® is a scalable PKI solution for organisations of all sizes. With TrustedCA, you can create and manage a PKI for a distributed user community. TrustedCA provides a range of flexible user registration models, creates X.509 certificates and certificate revocation lists (CRLs) and supports various methods for the distribution of certificates and CRLs. In addition, TrustedCA supports either local or central key generation, and can produce "Personal Security Environments" (PSEs) for use with secure applications.

The need for PKIs

Public key based security applications such as secure Email and secure Web are the cornerstone of e-Business and e-Commerce solutions. Underpinning such Security Applications is the PKI which registers users and issues them with security credentials. When implementing a PKI, the chosen solution must be:

Available to the user community when and where they need it Usable for the non-technical end-user community Open to enable interworking with standards-based applications, directories, Smart Cards, etc. Extensible to support a range of application interfaces and customer specific requirements Scalable to large numbers of users and certificates TrustedCA meets all the above criteria.

Ideal for large, distributed organisations

For organisations with users separated by distance, the PKI may require an entity called the Local registration Authority (LRA). LRAs are situated close to the end-users to facilitate local identity checking and registration. In contrast, the Certification Authority (CA) should be centralised in a secured location. TrustedCA LRA is an optional component of TrustedCA that allows LRAs to interface between the end-users and the CA. The LRA offers a choice of secure methods for communications with the CA.

1. Multiple Registration Models: Centralised,Desktop LRA ,Web LRA ,Direct Registration ,Bulk Registration
2. PSE Export Options: Application specific - Web, Email,Format specific - PKCS12, PGP,Media specific - file, floppy, Smart Card
3. Hardware-Based Security: random number generation based on FIPS 140-1 certified Intel RNG technology (Intel 8XX chipset) ,Storage of CA keys in tamper-proof hardware
4. Key Generation Options: User generated,LRA generated,CA generated ,LRA generated,CA or LRA - on-demand or bulk pre-generated keys , Hybrid - combinations of the above
5. Modular Architecture: Extension DLLs for: Publication of certificates, PKI message formats , Exporting PSEs,X.509 v3 Extensions ,
6. Supported Standards: RSA - 512 to 2048 bit key lengths,X.509 v1 and v3 ,X.509 v3 extensions, LDAP for publishing certificates and CRLs to directory, PC/SC Smart Card Interface, PSE formats - PKCS-12
7. Broad Portfolio of Supported Applications
8. A choice of key-generation options
9. Flexible Registration Models