|
 |
|
 |
'KSignPKI
PRO (Professional)' is a critical security foundation
that provides trusted user authentication service on
Windows NT/2000/2003.
'KSignPKI PRO' can be also integrated into Unix, Linux
and other operation system environments as well as supporting
convenience GUI(Graphic User Interface) function to
facilitate easy of use. |
|
|
 |
'KSignPKI PRO(KSignPKI Professional)'
is a PKI solution that provides authentication service
to safely transact data and validate identity when exchanging
data on Internet between sender and receiver.
'KSignPKI PRO' was built to operate in MS Windows NT Server
under complying 'KSignPKI' technology expertise experience.
|
Windows
NT- based platform |
| |
MS Windows NT is probably the most popular choice
for small and medium sized businesses data server.
Therefore, 'KSignPKI PRO' is built to operate in
MS Windows NT and provide friendly environment to
existing system administrators. |
|
Convenient facilities
/ Easy of use |
| |
Support GUI(Graphical User Interface) function
to accommodate easy of use, and provide audit management
for administrators to easily receive directory information
and administrate the system. |
|
Low price/Cost
effective |
| |
KSignPKI PRO is a suitable choice for small and
medium sized businesses with having small amount
of budget to deploy the system or expand the existing
system in the future
In fact, it is relatively cheaper to deploy the
system in MS Windows NT platform than in Unix platform.
Organizations/enterprises with KSignPKI PRO system
will save large amount of costs since KSignPKI PRO
requires less resources, maintenance and system
analysis. |
|
Integrated with
other platforms |
| |
A certificate that was issued by 'KSignPKI PRO'
has no restrictions or limitations on using it on
Unix, Linux and Windows NT. Therefore, it will be
easily integrated with existing operation system. |
|
|
|
 |
 |
KSignPKI Components
|
|
CA (Certification Authority) |
|
RA (Registration Authority) |
|
Directory Server (Storage) |
|
CGI Prog : (Proceeds users request through web) |
|
OCSP (Online Certificate Status Protocol) |
|
KRA (Key Recovery Authority) |
The components of 'KSignPKI PRO' can be independently
constructed to deploy unique security system for the special
need or requirement.
(1) KSignPKI PRO CA / KSignPKI
PRO CA Admin :
The system to issue and administrate digital certificate.
|
|
Support various PKI algorithm: RSA,
KCDSA, ECDSA, etc |
|
Support digital signature, key distribution,
S/MIME, SSL, VPL, and Issue X.509v3 certificate,
|
|
Support administrative functions: reissue, update,
revoke, suspend and recover X.509v3 certificate |
|
Support interoperation between CAs (Cross-Certification,
Certificate Trust List, etc) |
|
Support setup management according to certificate
profile policies defined at RFC2459/3280 |
(2) KSignPKI PRO
RA / KSignPKI PRO RA Admin
/ KSignPKI PRO LRA : The
system to register and administrate user information.
|
|
Register and administrate subscriber
information |
|
Prevent threats of alteration/forgery/deletion
of RA system |
|
Approve issuance of certificate after verifying
subscriber's identity by interviewing them in face
to face. |
|
Provide 'Role Based Access Control' for RA administrators |
|
Support digital certificate based 'Two-Factor
Authentication' to authenticate RA administrators |
(3) KSignPKI PRO KGS : the system to generate
keys for CA system administrator and certificate request
form
|
|
CA system and administrator key generation,
and certificate request form generation system |
|
Generate digital signature key pair: RSA, ECDSA,
KCDSA, etc |
|
Generate certificate issuance request form: PKCS#10,
RFC2511 |
|
Setup policies for generate key pair and certificate
issuance request form |
|
Provide 'Role Based Access Control' by policy
manager, generation manager and audit manager |
|
Support 'Two-Factor Authentication' to authenticate
key generation system administrator |
(4) KSignPKI PRO CIS : the
smartcard issuance system
|
|
Setup smartcard's map |
|
Setup or modify smartcard's PIN value |
|
View or modify data stored in smartcard |
|
Unlock smartcard |
(5) KSignPKI PRO
OCSP : Online Certificate Status Protocol
|
|
Support both CA dependent type/independent
type OCSP |
|
Can be configured with OCSP server/ OCSP Client/
OCSP Admin |
|
Real-time certificate status verification (RFC2560)
|
(6) KSignPKI PRO TSA : Time
Stamp System
|
|
Issue time stamp token |
|
Handle time stamp confirmation request |
|
Support time stamp server administration module |
|
Support administration on data of issued time
stamp token |
|
Provide security and signature libraries |
(7) KSignPKI PRO Client
|
|
Support End to End(E2E) security communication
channel using PKCS#7, SSL, etc |
|
Support RFC2510 CMP protocol to issue and administrate
certificate |
|
Support various types of private key and certificate
storage format (PKCS#12) to
accommodate mobility and flexibility |
|
Able of choosing various of storage types (HDD,
Floppy Diskette, Smart Card, USB Key, etc) |
|
Support digital signature algorithms confirm
to PKCS#1 : RSA, ECDSA, KCDSA, etc |
|
|
|
 |
(1) Ensure international
product interoperability
|
|
Provide global security service with
ensuring international product interoperability |
|
Support IETF, ISO, PKCS Series and other major
international standards |
|
Passed NIST Interoperability Test to ensure interoperability
with overseas CA solution or CA service |
(2) Trust and Reliability
|
|
Satisfied all 273 security essential
subjects of Public Licensed CA under Digital Signature
Act of Korea |
(3) Easy of applying into
various applications services and E-Commerce
|
|
Able to add certification service
onto web, mail, EDI, XML, VPN and wireless Internet
security products. |
|
Provide sufficient development environment for
users through supporting various
domestic/international security algorithm and APIs |
(4) Support effective certificate
verification mechanism
|
|
Support selective certificate verification
mechanism for corresponding service environment
and purpose |
|
Support CRL(Certificate Revocation List) verification
mechanism |
|
Provide various and distinctive certificate verification
mechanism such as CRL DP, Delta CRL, etc |
(5) Easy of use for CA service
administrative function and enhanced security
|
|
Provide easy interface to facilitate
administrator to manage user and certificate information |
|
Support role based access control for administrator
by using hardware tokens such as smartcard, USB
key, etc |
(6) Variability and mobility
of user information management
|
|
Provide mobility and security through
supporting various types of storage methods
(smartcard, USB key, HDD, floppy diskette, etc) |
KSignPKI PRO IN USE
As the PKI system, 'KSignPKI PRO' is deployed in Ministry
of Education and Human Resources Development for the
'Digital Document Transaction System' to ensure secure
data transaction between universities in the country.
Electronics and Telecommunications Research Institute
and Kangwon Land asino have deployed 'KSignPKI PRO'
for their groupware security. KSIGN has supplied 'KSignPKI
PRO' to Daeduk University, Mokpo National University
and Dongshin University for the purpose of educating
security specialists.
If constructing CA system with using the groupware of
a company, then employees of a company will be provided
with strong security features. It is not hard to imagine
that a company will gain safer and trusted working environment
as well as providing reliable service to customer as
the result.
Especially, It is essential to deploy 'KSignPKI PRO'
for enterprises engaged in eCommerce or educational
institutions lively exchanging important digital document
under the supervision of Ministry of Education &
Human Resources Development.
In addition, 'KSignPKI PRO' can be deployed for Internet
banking, online stock trading, enterprise groupware,
eCommerce, digital payment, ticket reservation, and
various certificate issuances where verifying user identity
means the critical importance.
'KSignPKI PRO' is capable of interoperating with the
Data Validation and Certificate Server (DVCS), Key Management
Infrastructure(KMI), Extranet Access Management(EAM),
PKI-based Conditional Access System(CAS), Data Encryption
Solution(SWAT), Application Security Toolkit (KSignCASE)
and other several PKI products.
|
|
|
|
|
Server |
| |
- Operating System: Minimum Sun Solaris 2.5/2.6
- System: Minimum Ultra10 (Recommended)
- Memory: Minimum 512 MB (Recommended)
- HDD: Minimum 20M (Requested)
- Smart card reader and smart card: CA server use |
|
Client |
| |
- Operating System: MS Windows9X/NT/2000
- System: Minimum Intel Pentium 200MHz (Recommended)
- Memory: Minimum 32 MB (Recommended)
- HDD: Minimum 10MB
- Video: Minimum SVGA (Recommended)
- Smart card reader and smart card: for PC |
|
Installation Requirement |
| |
- Following software must be installed in advance before
installing KSignWPKI 2.0
- WEB Server: Apache web server 1.2/1.3
- Netscape browser: Minimum 4.6/4.7
- Directory Server: Netscape directroy server or Aphlion
directory server
- Data Base: Minimum Oracle 8.1.6 |
|
|
|
|
