PKI technology is the most efficient solution for the protection of digital data, documents and transactions
PKI technology can be implemented according to different technical standards, the most common ones being X509 PKI and ICAO PKI. While X509 PKI standard is implemented for data protection in many state and private systems, ICAO PKI is almost exclusively used for ID document data protection, but most importantly for Machine Readable Travel Document (MRTD) protection.
NetSeT PKIStar platform offers an entire set of services needed for online authentication, digital signature creation and digital document protection. The platform offers the entire Public Key Infrastructure (PKI) for issuing and managing X509 digital certificates. The platform is made completely in line with European (EIDAS) and local regulations for management of electronic documents and application of digital signatures.
PKIStar platform stores sensitive cryptographic elements on Hardware Security Modules (HSMs) and the platform itself is designed to support the integration with various types of HSM devices.
The platform has over 10 references across the world, while in Serbia alone it is used in 4 different institutions that issue qualified electronic certificates and provide qualified, reliable services – the Ministry of Interior, the Chamber of Commerce and Industry of Serbia, the Post of Serbia and the Serbian Armed Forces.
PKIStar enables complete management of digital certificates and asymmetrical cryptographic keys, which are stored on smart cards. The platform covers the following business processes in issuance and use of electronic certificates on smart cards:
While the PKIStar platform is completely devoted to issuing certificates on smart cards, NetSet Cloud ID platform introduces a new concept for managing digital identities and certificates in the cloud. Cloud ID platform is a natural extension of the PKI Platform which supports an extended set of user functionalities based on the use of traditional PKI operations (e.g. creating a digital signature) as the integral part of different business processes for managing digital documents in the cloud.
The Cloud ID platform enables digital documents that have a full legal basis to truly remain in digital format throughout their entire life span. In addition to the digital certificate issuance service in the cloud, the NetSeT Cloud ID platform provides support for a complete set of cloud trust services, which includes digital signature, digital seal, sharing, verification and archiving of confidential electronic documents. The platform is an ideal solution for managing digital contracts, invoices, authorizations, directives, reports and other similar documents. With Cloud ID, you can forget about printing, manually signing and physically transporting documents, making your business processes much more accessible, modern and economical.
The platform enables the management of digital identities and documents located on the central site of the private cloud system, which is under the full control of the institution that issues digital certificates. Instead of smart cards, digital identities are stored in specialized hardware security modules (HSMs) that are used to create a digital signature from a remote location.
The following business processes and functionalities are an integral part of the Cloud ID platform:
The platform supports two basic uses: use through a graphical user interface applied to individual users and smaller business systems, and use through an integration API designed for large business systems with their own ERP solutions. In this way, the platform supports both direct use by individual users (individuals) and integration with existing business processes of information systems of larger organizations.
NetSeT ICAO PKI Suite is a set of components that implement the data protection infrastructure on the chip of the ID document and control access to its most sensitive data. The NetSeT ICAO PKI Suite is fully implemented in accordance with the relevant ICAO and BSI EAC specifications, including BAC (Basic Access Control), SAC (Supplementary Access Control) and EAC (Extended Access Control) protocols. The basic components of the NetSeT ICAO PKI Suite are:
A special branch of NetSeT Global Solutions’ product range is software components that enable easy and secure application of Java smart cards in various business applications. Over the last two decades, since NetSeT introduced smart card technology to protect electronic identification documents, several generations of JavaCard applets and middleware components have been developed for use in a variety of government and business secure information systems.
The most important JavaCard applets with accompanying middleware components are:
In addition to all these applets, NetSeT supplies a set of appropriate middleware components that allow the use of smart cards on standard desktop and mobile platforms.
To leverage applets in PKI applications, NetSeT has developed the Truste Edge middleware package. Trust Edge contains support for standard cryptographic functions according to PKCS standards and is implemented as Microsoft CSP (Crypto Service Provider) and PKCS # 11 cryptographic middleware. In addition to PKI cryptographic functions, we have provided a set of dedicated middleware components for working with data on applets for electronic identification, such as: eID Update, eID Cert Renewal, ELAK, ePass Reader, mobile ePass Reader, eID Reader, eID API, etc.
At the moment, the NetSeT company has in its production program over 10 different JavaCard applets, some of which have been used for more than 15 years and have experienced several generations. The two applets used to implement the eHealth Insurance Card are ROM coded in collaboration with NXP Semiconductors.