OnePKI™ - Global Public-Key Infrastructure

OnePKI™ a global public–key infrastructure which provides registration and certification functions in local environments and also in a global and open network: creation, issuing, distribution, verification, and revocation of certificates and CRLs. It supports multiple secure network applications: secure Web, secure Email, and secure proprietary applications.

OnePKI™ conforms to the full set of standards for digital certificate generation and management. It implements a full Certificate Authority (CA) hierarchy which includes a Top Level CA, one or more Policy CAs, one or more Hierarchy CAs and one or more Local CAs which are related in a hierarchy as shown below.

Users get their digital certificates from the Local CAs at the bottom of the trust hierarchy or, in a small system, a Single CA (SCA). These user certificates are signed by the CAs above them in the hierarchy up to the Top Level CA (TCA) which is self-signed. Top Level CAs can cooperate via a Bridge CA to other TCAs if required. This would allow, for example, inter-company trust to be setup. The SCA is self-signed and combines some of the functions of the TCA, PCA and mostly the LCA.

OnePKI™ offers a complete CA Hierarchy with choice of deployment options

It handles full X.509 v3 certificates to the RFC 2459 certificate profile with all extensions and extended SET certificates with SET private extensions for secure payment transactions;

The system supports alternative configurable certification policies via the PCA including (high, medium and basic) assurance levels.

The system provides easy and transparent handling and strong verification of certificates, based on verification of certification chains and use of Certificate Revocation Lists (CRL) and all certificate and CRL revocation functions

The system can be integrated with LDAP directories at the medium assurance level and smart cards at the high assurance level.

OnePKI™ is highly scalable and interoperable with other standard X.509 PKIs.

It has user friendly administrators interface GUI which is simplified for ease for the administrator and low cost of administration.

The CA Admin interface is protected with a multi-role authentication scheme which uses smart cards and certificates at the higher levels of assurance to ensure that only authorized administrators can access the system functions. The multi-role features also ensure that some sensitive functions require more than one person to authorize the functions.