Certification Authorities are entities that issue and manage digital signature certificates and form the backbone of PKI. A digital signature certificate contains the public key and identity information of its owner. Certification authorities digitally sign certificates that they issue, using their private key to impart authenticity to digital certificates.
Digital Signature Certificates allows Corporate, Government Agencies, Financial Institutions etc. to leverage digital signatures and encryption to provide unparalleled security services that include authentication of user and device, data security, integrity and verification.
emCA is a robust, standards compliant, fully scalable policy driven digital certificate issuance and management solutionwith the support for commercial strength of popular keypair algorithms. Certificates generated by emCA comply with the X.509 v3 standards. emCA has the capability to support custom developed algorithms.
emCA enables the Enterprises to manage the entire certificate life cycle. This includes:
- Certificate Issuance
- Certificate Revocation
- Certificate Renewal
- Certificate Expiry
- Certificate Retrieval
emCA helps the enterprise in issuance and management of digital signature certificates as per the global and Indian standards.
The digital certificate issued to the user using emCA, conforms to following:
- Integrity- Ensures that any tampering of data during exchange can be recognized. Prevents change of data without signer’s consent and knowledge.
- Authentication- Ensures that the signer of the transaction is a rightful person.
- Non-repudiation- The signer of the message/data cannot repudiate at a later stage of not being initiated the transaction. Thus the user is bound to the actions performed by using him/her digital signature certificates.
- Confidentiality- The sensitive data can be encrypted and decrypted using asymmetric keys which is fool proof and provides at most security.
- Creation of Self Signed CA Certificate along with key pair on the HSM along with backup mechanism.
- Cross certification facility for the root certificate.
- Creation and management of Issuing CAs and issuing policies.
- Certificate profile creation and management.
- Provides Key recovery system for key archival and retrieval.
- User interface and secure login to emID
- Ability to generate keys and certificates for browsers, FIPS certified crypto tokens, HSMs, smart cards etc.
- Supports PKCS#10 certificate signing request.
- Generation of X.509 Certificate V3 Certificate.
- CRL generation and publication.
- RA/CA portal for certificate enrollment, approvals, keypair generation and certificate by the end users.
- Complies with established PKI standards for certificates, revocation lists, tokens and certificate management interfaces.
- Supports Windows and Linux platforms.
- Supports multiple databases such as MySQL, Oracle, DB2 etc.
- HSM and token products of major vendors are supported.
- The entire certificate life cycle is taken care that includes complete digital certificate production process, from key generation to revocation or expiry.
- Highly scalable, with the ability to issue large number of certificates.
- Provides keys and certificates for software such as browsers, and Web servers, for tokens, etc.
- Full support for key archiving and recovery.