System components and standalone applications

A set of standalone components and applications that improve security and increase system efficiency.

System components improve the security of information systems within which they are integrated. The components contain clearly defined interfaces for integration, as well as an administrative graphical console for configuration. On the other hand, standalone applications can be used as completely independent service applications or as part of larger information systems.


  • CPAL - Cryptographically protected audit log

    Cryptographically protected Audit Log (CPAL) manages system logs and provides logging and protection of all data changes and activities in the system. This means that CPAL makes sure that key system actions are securely stored and cryptographically protected from all users, including system administrators. CPAL groups system logs into blocks, which it first cryptographically protects at the individual level and then cryptographically chains with other data blocks. Verification of cryptographic blocks provides full security in the authenticity of logs of actions performed in the system. The graphical interface of this component offers operators a clear view of protected system logs and allows them to be easily searched.

  • StarFish - Qualified certificate authority for issuing X509 digital certificates

    StarFish CA is the national certificate authority for issuing X509 digital certificates. The system provides full control over digital certificates, including their issuance, activation, suspension and revocation. StarFish CA supports integration with various HSM devices and provides a complete infrastructure for establishing a Root CA with a multiple Intermediate CA hierarchy. Starfish CA supports the management of revoked certificates through CRL and OCSP mechanisms.

  • User Guardian - Centralized solution for user authentication and authorization

    A component that manages system users and their access rights in the system. User Guardian through its graphical user interface allows creating various user roles (administrator, operator, etc.) and assigning them to system users. Each user role controls a set of resources that a user who owns that role can access. Resource access rights are defined using user privileges, so a user with an administrator role has a set of privileges that includes a privilege to access the system log. User Guardian through its graphical user interface offers a full configuration of privileges and roles in the system.

  • Crypto Proxy

    Crypto Proxy is a reverse proxy server that enables protection of existing information systems regardless of their role and topology. To achieve this functionality, Crypto Proxy is architecturally designed as a Reverse HTTP Proxy Server, a security component positioned between the client and the server, routing all requests to the server. This component manages all messages sent to the server and specifies the cryptographic standards that clients must adhere to in order to gain access to the server. Crypto Proxy is the ideal solution if you want to raise the security of your existing information system to a higher level without having to change or adapt your existing system.

  • Key Management System - A solution for secure management of private user keys

    Key Management System (KMS) is a system for storing and managing users’ cryptographic keys. The system enables the functionality of creating and storing keys on hardware security elements (HSM, smart cards), as well as their use for various cryptographic operations. KMS offers its functionalities through an integrated web service interface.

  • eID Logistics - Smart storage and distribution of ID documents

    System for smart storage and distribution of blank identification documents (ID cards, passports ). The system manages the stock of blank documents and monitors the physical location of personalized documents during their transport to the location where the owner will receive it. The system offers its functionality through a graphical user interface and an integrated web service interface, and can be used to manage the logistics of various types of items.

  • Timestamp Authority

    The Timestamp Authority (TA) component allows timestamps to be associated with transactions conducted in the system or digital documents managed by the system. TA works in accordance with the RFC 3161 standard. TA integrates with the correct source of time, after which its signature unequivocally and irrefutably guarantees the time of performing a certain operation in the system. TA configuration is done through its graphical user interface.

  • BioEnroll - Acquisition of biometric data

    A component that enables enrolment of biometric data of citizens. Biometric data include a photograph of a face, fingerprints, iris scan and handwritten signature on a digital whiteboard. BioEnroll forwards collected data to the rest of the system through a predefined web service interface. BioEnroll is interoperable with a wide range of biometric acquisition hardware manufacturers and allows easy use and integration with other system components.


Mobile phones today are used for various types of online services that require secure authentication. Examples of such services are online banking and e-commerce transactions. Traditional online authentication mechanisms usually require users to remember some type of information, and often require the possession of an additional hardware token.

Mobile Biometric Authentication provides a secure authentication mechanism that uses citizens' biometric data (face image) and a mobile phone, eliminating the need to remember passwords or use any additional hardware modules.

Mobile applications that use a cryptographic security module (in the form of a micro SD card, embedded SE module or through the NFC interface) to carry out secure information transfer between clients. Crypto Voice requires an internet connection to perform the transfer of secure voice communication, while Crypto SMS is fully operational using only a GSM channel and without an internet connection.

Mobile applications from the Crypto Suite domain enable contactless reading of ID documents using the NFC communication channel, as well as the use of these documents for digital signature creation, data encryption and exchange of protected documents (with secure client authentication). Mobile Crypto Suite also has a desktop version that allows secure communication between mobile and desktop clients, guaranteeing a seamless user experience on different types of devices.