Public Key Infrastructure

Public Key Infrastructure

Public Key Infrastructure (PKI) protects your entire “digital” company (including business critical information, communication and IT processes) against threats like fraud, identity theft, counterfeit, forgery, unauthorized access, data leakage, espionage and piracy.

Devise Futures provides state-of-the-art, scalable and interoperable PKI solutions for the registration, issuance and validation of PKI-based digital identities (digital certificates) for users (people, technical components and devices) of information and communication systems. Users can use their digital identities for various purposes, such as authentication, authorization, digital signature and encryption.

Our experts have over fifteen years of experience building and managing from single root PKI hierarchies to very complex cross certified PKI hierarchies using Common Criteria (CC) EAL 4+ industrial strength PKI software and using FIPS 140-2 Level 3 (and/or CC EAL 4+) accredited Hardware Security Modules (HSMs).

Basic parts of a PKI

A PKI trust solution consists of five basic parts:

  • Registration Authority (RA) – authenticates user and verifies its requests for a digital certificate. The RA tells the Certification Authority (CA) to issue the digital certificate;
  • Certification Authority (CA) – issues the digital certificate, which contains a public key and the identity of the owner. The digital certificate validates that the public key actually belongs to the certificate owner;
  • Validation Authority (VA) – online responder that provides the timely status of a certificate. It is very important to avoid certificates misuse, as only valid certificates should be used. This is the cornerstone of the trust in the PKI solution;
  • Timestamping Authority (TSA) – issues trusted timestamps, to prove the existence of certain data before a certain point in time (e.g. contracts, research data, medical records,…) without the possibility that the owner can backdate the timestamp. It is applied to authenticate digitally signed data for regulatory compliance, financial transactions, and legal evidence;
  • Compliance documentation and legal policy documents – includes the following documents: rules, procedures, Certificate Policy (CP), Certificate Practice Statement (CPS), PKI Disclosure Statement (PDS), amongst others.

PKI Solutions

 

Devise Futures PKI solutions are designed to simplify the use of digital certificates and to have an easy and cost-efficient deployment. You can count on our experts that will bring their expertise to help you decide to outsource or develop in-house solutions, and to understand which PKI trust model fits your business.

 

 

    In-house PKI solutions are designed to meet the requirements of clients who require a PKI implemented within their trusted data center.

    Devise Futures experts will:

    • advise, design, customise and deploy your trusted in-house PKI platform according to your requirements and tailored to meet your business needs,
    • train your IT personnel to control, operate, manage and support the PKI systems, and help the users.

    Managed PKI solutions are designed to meet the requirements of clients that do not wish to operate and manage their PKI platform. The PKI platform may be hosted within the clients’ own data center or at Devise Futures’ trusted data center.

    Devise Futures experts will:

    • advise, design, customise and deploy your trusted managed PKI platform according to your requirements and tailored to meet your business needs,
    • operate, manage and support the PKI systems, and help the users, allowing your company to focus on its core business.

    Cloud PKI refers to a Cloud-based solution that is owned, operated and hosted by Devise Futures (the Trusted Third-Party - TTP) in its trusted data center. The Cloud PKI solution provides clients whit a cost effective and easy to use solution, simplifying PKI deployments and eliminating the need to host your own PKI.

    In this solution, Devise Futures assumes the responsibility of setting policies, managing, maintaining and operating the technology and infrastructure, and ensuring that PKI-standards are being enforced according to government regulations.

    This approach is a way to avoid initial money and manpower shortages, since it does not require additional staffing nor purchasing hardware or software. Cloud PKI is faster to deploy, since all core components may be shared with other Cloud PKI clients, without decreasing the security, integrity, constant availability and key confidentiality of the solution. Even though the client (your company) maintains control of certificate issuance, co-branding and management.