|
Certificate Services
Integration of various x509 certificate solutions for secure authentication
Challenges
Many companies and branches of government are facing the prospect of introducing strong
authentication to ensure secure internet access to their applications.
In Sweden and other countries many banks and other third party organisations are providing X.509
certificate solutions to their customers. Today these solutions are either based on the X.509
and SSL standard authentication or a proprietary client based method. This means that application
software that wants to use these certificate solutions must correctly select the required method
depending on the remote users solution.
The Solution
NordicEdge Certificate Services provide a solution to the proliferation of certificate methods,
removing this complexity from your infrastructure and applications. This simple module will deal
with authentication of users from the many different certificate methods, handle any required self
registration in a local user store for authenticated users, and integrate seamlessly with your
existing security infrastructure.
Product Overview
NordicEdge Certificate Services consists of four modules, authentication, digital signatures, registration and
integration.
Authentication
This module checks that a presented certificate and issuer are valid, a control for validity is
also made via a CRL list or OCSP transaction.
Digital Signatures
This module generates and verifies different digital signatures. PKCS#7, S/MIME and XML Digital Signatures are supported through a simple Web Services API or a JAVA API. Verfication can be made internally or by calls to external verification services.
Also available in this module are digest functions for generating message digests, the digests provided by the default installation are: SHA-1,MD-5,RIPE-MD160. Other digests are available on demand.
Registration
This module checks if an authenticated user exists in an applications directory service or SQL
database. If the user doesn't exist the module can create the user from information obtained from
the users certificate, for example first and last name, and unique identifier (Swedish personal number
in some cases).
Integration
Integration with all common authentication systems such as Computer Associates SiteMinder (formally Netegrity) is included in the default distribution.
Most standard web servers are supported out of the box, including Apache and Microsoft IIS.
Other integrations are available on request for the majority of major products.
A custom API is available for integrating with other systems such as in-house developed security layers.
Integration Modules
Technical Data
|
Supported Operating Systems
|
- All operating systems with a Java Virtual Machine (JVM) version 1.4 or higher
(Microsoft Windows, Linux, Sun Solaris, IBM AIX, HP/UX, Novell Netware, Mac OS X etc.)
|
|
User Database Support
|
- LDAP (Sun Directory Server, Microsoft Active Directory, Novell eDirectory, Siemens DirX etc.)
- SQL via JDBC eller ODBC (Oracle, Microsoft SQL Server etc.)
|
|
Included Integration Modules
|
- Microsoft IIS
- Microsoft ISA (By RADIUS)
- Apache (Both in standalone and reverse proxy mode)
- Computer Associates SiteMinder (Formally Netegrity)
- Novell iChain
- Generic RADIUS Service
- API for native integration of other applications in Java
|
|
Additional Features
|
- Integration with Nordic Edge One Time Password Server
|
|
 |
|
Key benefits |
 |
Improved Authentication |
|
Secures your companies information and applications |
|
X509.3 standard compliant |
|
Digital Signature support, PKCS#7 and XML Digital Signature generation and verification. |
|
Message Digest support: MD-5, SHA-1 and RIPE-MD160 generation and verification. |
|
S/MIME support: E-Mail signature generation and verification using the S/MIME standard. |
|
Support for proprietory certificate solutions |
|
Remote OSIF service support (e.g. "Infratjänster") |
|
Remote Web Services support |
|
Leverages existing infrastructure and resources |
|
No expensive equipment investments |
|
Rapid integration with existing authentication infrastructure |
|
Very flexible system |
|
|
|
