Benefit from the best of our PKI
Identity is a Public Key Infrastructure (PKI) solution entirely developed by Cryptolog in complete compliance with cryptography standards X.509 and PKIX. By issuing electronic certificates, this state-of-the-art cryptography solution provides confidentiality (encryption), authentication and electronic signature (non-repudiation) functions in open environments. Identity offers Certification Authority, Registration Authority and revocation management functions. Its highly modular architecture and compliance with standards make it completely interoperable with any other trust service and make customized integration with existing business processes possible.
Complete management of the life cycle of certificates
Identity covers the entire life cycle of an electronic certificate by offering the following features:
- Registration and verification of requests for certificates via the Registration Authority
- Creation and distribution of signed certificates via the Certification Authority
- Registration and publication of their revocation
- Publication of certificates in a directory
Advanced certificate creation, revocation and publication features
Creation of signed certificates
Identity generates electronically signed certificates in the X.509 v3 format using entirely configurable templates including standard or specific extensions. The Certification Authority signature key may be hosted on any hardware security module, smartcard-type SSCD, USB stick or HSM (Bull, nCipher) that is compatible with standard PKCS#11 in particular.
Identity can also renew certificates in a very user-friendly way. For example, the Certification Authority may be configured to accept the automatic renewal of unrevoked certificates on the basis of a request signed by the previous certificate.
Like any PKI, Identity offers functions for certificate revocation and publication of revoked certificates via Certificate Revocation Lists (CRLs) or an OCSP (Online Certificate Status Protocol). The revocation of a certificate may be requested by the user himself if he still has his certificate or by an operator with responsibility for the user.
Advanced publication functions
As well as revocation information, the Identity PKI can publish users' certificates on various channels such as an LDAP directory or web interface. Identity also has emergency publication functions so that, for example, a group of parties can be informed immediately.
The Identity PKI is made up of a set of modules (CA, RA, CRLPub etc.) that are entirely independent and communicate with each other or with the complete suite of Cryptolog products through standard protocols. This modular architecture means that it can adapt to most Public Key Infrastructure and, more generally, electronic signature requirements.
Identity has its own Registration Authority (RA) with a simple and intuitive administration interface. An administrator or operator can easily manage the registration, distribution and revocation of electronic certificates.
Interconnection with a third-party Registration Authority
Having said that, and this is one of the strengths of our product, the Identity Certification Authority can interconnect with any type of Registration Authority through standard or specific protocols. Whatever your needs, our teams can develop dedicated connectors allowing secure and personalized interconnection with your infrastructure.
Extremely simple IT integration
Identity can be used in many environments and integrates very easily with an existing infrastructure thanks to the many web interfaces supported: PKCS#10, CMP, CRMF, XML-RPC, SOAP etc.