Comarch PKI

The problem isn't the Internet. The problem is the horribly insecure computers attached to the Internet.
Bruce Schneier

Problem

The more agile electronic document circulation is within a company, the more efficient the business. Circulation makes sense when information is secure, which means that the right person has access to the right information and it is possible to verify information authenticity at any given moment. The PKI standard provides such mechanisms but cannot ensure that the human link in the process will not make any mistakes.

Challenge

PKI implementation should be performed in such a manner that enables the user to instinctively apply security policies and their supporting tools without bypasses. By user we mean system administrator as well as front-end employee. Moreover; the system should be implemented completely, covering every aspect of business operations.

Solution

Comarch PKI solution includes:

Comarch SOPEL (Electronic Signature Support System) is a set of tools providing complete implementation for secure qualified electronic signature verification equipment and secure electronic signature submission software.

  • the main task performed by the system modules is to support employee document and form signing. Employees achieve this by using their private keys with optional time stamping
  • complete implementation for qualified electronic signature
  • full compliance with the legal requirements for electronic signatures
  • full compliance with the technical requirements arising from the orders pursuant to the Law on Electronic Signatures
  • cooperation with cryptographic hardware devices (HSM – Hardware Security Modules)
  • has interfaces for the most popular programming languages: C/C#/Java
  • supports a variety of cryptographic key and certificate formats (X.509v3, PGP)
  • enables electronic signature and its verification connected with standards: PKCS#1, PKCS#7, XMLSign (Xades)


Comarch CertificateAuthority (CA) is Comarch proprietary software for full implementation of PKI systems (Public Key Infrastructure). This involves issuing certificates for secure e-mail, web servers, communication channels, and user authentication and authorization.

  • Comarch CertificateAuthority supports the entire certificate life cycle from application through to expiry or annulment
  • capacity to establish expanded Public Key Infrastructure with numerous distributed registration points
  • highly adaptable to individual requirements
  • full compatibility and interoperability with a wide range of cryptographic software,
  • range of options for publishing certificates and CRLs via mail, ftp, WWW, LDAP (Lightweight Directory Access Protocol)
  • unique capacity to migrate cards from the PGP standard to X.509
  • interoperability with microprocessor cards
  • interoperability with HSM devices (High Security Module)
  • certificate/key recovery module (KRM – Key Recovery Management)


Comarch SmartCard is a cryptographic microprocessor card for the secure storage of sensitive information such as cryptographic keys and passwords.

  • hardware protection for private keys and other sensitive data
  • access to sensitive data is secured by PIN (known to owner only)
  • card password security policy is implemented strictly on card
  • user PIN with a length of 4 to 16 characters (figures, letters and special characters)
  • administrator PIN (PUK) with a length of 4 to 16 characters (figures, letters and special characters)
  • cryptographic algorithms:
    - asssymetric: key dimensions: RSA: 512, 1024, 2048
    - symmetrical: 3DES
    - hash function: MD5, SHA-1
  • 64kb card memory (including 40kb for the keys, the certificates and the data)
  • enables import of qualified certificates from outer source (with privet keys - PKCS#12)
  • communication between card and secure software is performed through Secure Messaging (SM)
  • possible to define number of  different sizes of keys at the production stage
  • RSA (standard 8 x 1024, 2 x 2048)
  • Support for many platforms: Windows 98SE/Me/2000/XP/2003/Vista, Linux (prepared for solid version), Mac OS X
  • access to card by  library PKCS#11 and CSP API



Comarch Token specialized hardware-program solutions enabling strong authentication in a variety of customer environments and systems.

  • expansion of Comarch SmardCard concepts
  • solution whose hardware is based on USB tokens, consolidates features of microprocessor cryptographic card and card reader
  • enables key storing for access/signing  to applications/internet sites
  • designed for mobile users working on notebook or few desktops
  • access to card by library PKCS#11 and CSP API
  • cryptographic parameters similar to Comarch Smard Card


Comarch SmartCard Workshop system manages the life cycles of cryptographic cards and tokens.  In addition to the basic functionality connected with workflow and current status reports for cards issued by the system. The system also provides full integration for digital and graphical card personalization.

  • compatible with other components of Comarch PKI infrastructure
  • enables mass and automatic key generation on cryptographic cards
  • provides mass certificate application to Certification Center and allows porting generated certificates on card
  • imports keys and certificates from Certification Center by KRM module

Download:

Print this page
News

Comarch Finance on TwitterComarch Finance on YouTube

comarch agencja interaktywna