procilon realises PKIs with standard components that are internationally evaluated in accordance with CC EAL 4+ (high protection) and confi rmed in accordance with the German Digital Signature Act. The requirements put on data security are met via an end-to-end encryption using AES 256 and RSA encryption (2048-bit key length). The choice and use of cryptographic algorithms and relevant parameters is based on the regularly updated regulations and recommendations of the German Federal Office for Information Security.
Issuance of electronic certificates
Similarly to other areas, electronic certifi cates are issued by the certifi cation authority (CA) of an organisation. The validity of public keys is confi rmed through digital signatures by the CA. Along with the key itself the digital certifi cate contains further information such as the term of validity etc. As the responsible entity the CA is the central component in the public key infrastructure.
Registration of electronic certifi cates
To maintain the trustworthiness of the CA, a conclusive verifi - cation of the identity of the requesting person or organisation is required prior to the issuance of the electronic certifi cate, which is ensured by the registration authority (RA)
Verifi cation of electronic certifi cates
To verify the validity of electronic certifi cates a validation authority is needed. Generally, one distinguishes between the checking against a published certifi cate revocation list (CRL) or the realtime verifi cation by an online certifi cate status protocol (OCSP) service. Which mode of verifi cation is chosen depends mostly on the respective operational scenario.
The applications range from signing and encoding of e-mails (S/MIME) through authentication processes right to the fast generation of certificates in the internet of things. All components are also suitable for mobile applications. Depending on the status of the operator and the security standard of the associated computing centre, the most diverse solutions can be conceived, starting with a root CA as trust anchor and continuing with strictly hierarchical PKIs with multiple sub-CAs. Even a cross certification with other PKIs is feasible.
Don't hesitate to contact our sales team.