IOK CERTEX Public key infrastructure

The public key infrastructure of CERTEX (IOK CERTEX) implements the mechanism of a public key infrastructure providing creation, distribution and management of key information using digital certificates in different information systems.

2018: Description and structure of IOK CERTEX

According to information on a product provided for October, 2018, IOK CERTEX sets an order of relationship between users of information systems and provides availability and reliability of key information, accessory and compliance of public keys to their owner, the protected mechanisms of receiving, change and withdrawal of keys.

Important components of this infrastructure are Certification centers (certificate authorities) to which all users of a system trust. Certification centers solve the most important problems of request processing, the edition, a response and the publication of certificates, determination of policy of their use, setup of parameters and system configuration. Use of digital certificates provides the necessary level of a universalization when using document flow in corporate networks, e-mail, access to network devices and websites, the organization of VPN connections, authorization at the level of operating systems, DBMS and applications. Digital certificates are a basis of trusted relationships between participants in the course of data exchange. Existence of the certificate belonging to the correspondent allows to conduct with it the protected data exchange: confidential information transfer (enciphering), determination of authenticity of electronic documents, holding a procedure of strict authentication of the interacting parties. IOK CERTEX allows to build hierarchical and network models of a public key infrastructure of any degree of enclosure.

Structure and purpose of components

• Software "The CERTEX v.3 application server ensures functioning of all service applications IOK CERTEX and coordinating of communication between them;
• "The administrator of CERTEX CAUtil Certificate authority" provides to software the organization of work on release of certificates of certification centers, the centers of registration, TSP-and OCSP servers, certificates of users and also establishment of trusted relationships between certification centers, import of certificates and formation of templates of certificates;
• "The administrator of the Center of registration CERTEX RAUtil" provides to software registration of users of infrastructure, remote administration of certificates of users, generation of secret key of the registered user, formation of a request for a production/withdrawal of the certificate of the user, access to certificates of users under the LDAP protocol
• Software "The register of registration certificates of CERTEX LDAP" provides gaining access to certificates, check of the status of certificates, storage of archive information;
• Software "Analysis of conflict situations of CERTEX Arbiter" provides automation of the procedure of permission of the incidents connected with contest by participants of an electronic document management system of authorship, integrity of the certificate, relevance (status) of the certificate;
• HTTP Auditor provides web monitoring of lifecycle of certificates, activity of personnel of certification center, the center of registration and end users and also the automated centralized collection of information from magazines of registration of events of IOK CERTEX;
• The database provides storage, duplication and data backup of IOK CERTEX;
• The user interface of IOK CERTEX provides registration of users via the standard web browser, application for obtaining the certificate; generation of a user key, response and updating of own certificate; inter-user communication and infrastructure using the selected standard Web server;
• The CIPF of TUMAR-CSP provides the IOK CERTEX components with necessary cryptographic functions, including on calculation and verification of the EDS. IOK CERTEX allows to use third-party cryptographic modules.

The given opportunities

• Registration of users;
• Release of certificates;
• Withdrawal of certificates;
• Use of time stamps (Time-Stamp);
• Operational check of the status of certificates (Online Certificate Status Protocol);
• Ensuring access to the Register of certificates;
• Creation of hierarchical and network models of a public key infrastructure of any degree of enclosure;
• Analysis of conflict situations at emergence of the disputable situations connected with certificates;
• Audit of events, the automatic centralized collection of information from magazines of audit of the IOK CERTEX components;
• Printing of certificates;
• Support of a state language;
• Possibility of implementation of trusted relationships with other certification centers;
• Possibility of upgrade and modular building.

The supported OS:

• Windows Server 2003;
• Windows Server 2008;
• Windows XP;
• Windows Vista;
• Windows 7;
• Windows 8;
• Windows 10;
• Linux 32/64;
• Unix HP-UX ia64;
• SUN Solaris;
• IBM AIX.