- Seen : 408 View
The ParsTrast system is a set of software components required for the issuance and management of a public key electronic certificate (X509 Public Key Certificate). This system provides all the processes of registration, issuance, revocation, suspension, renewal, renewal and validation of electronic certificates in accordance with the country's standards and according to the needs, policies and requirements of public key infrastructure in various domains and applications. The main components of the Parstrast system are: CA Certification Center (CA), Certificate Registration Center (RA), Certificate Repository, OCSP Responder, TSA, Certification Center (CSA). VA) and Identity Management and Identification Center (IdP)
Approvals and honors
The first software for publishing and managing native electronic certificates produced in 2002
Getting a Platinum Rank from the Root Center Laboratory of the Ministry of Industry, Mines and Trade
Official registration of software at the Supreme Informatics Council in 2006
Used in the country's e-certificate issuance centers such as the Central Bank of the Islamic Republic of Iran, the Stock Exchange and Securities Organization, Hamrah Aval Company, the middle center for issuing Parsin certification and more than 10 general key infrastructure infrastructures within the organization.
Features and standards
Compliant with IETF PKIX standards
Ability to define and configure various types of certificate profiles according to X.509 and RFC5280
Default support for a variety of profiles of widely used certificates such as TLS / SSL, Windows Logon, Document Signing, Email and Authentication
Support for determining certification management policies through dynamic profiles including:
Ability to specify templates for the content of each of the Subject Certificate fields
Ability to define different extensions for inclusion in the certificate
Ability to issue and manage multiple different certificates with one profile
Key Profile Management Features include key length, key production algorithm, key lifetime, key storage media
Ability to determine the allowable interval for renewing a certificate (Renew margin)
Ability to issue, cancel, suspend and delete all types of certificates
Ability to renew and renew key certificates issued
Automatic and semi-automatic certificate management capability
Supports the timing of operations on the certificate for the future
Supports key management functions including production, maintenance, cancellation and suspension
Ability to manage requests (register, review and edit, cancel and delete all types of certificate requests)
Ability to archive, search and retrieve requests and certificates
Ability to view the work process of requests
Ability to display and control the life cycle of the certificate
Ability to define and manage different maps for each component based on the services provided by the components
Ability to define and manage organizations in multiple levels up to 5 levels
Ability to define, and manage users for each component with the ability to assign roles and organizations
Identification of users (operators of registration centers and issuance of certificates and guides) using PKI digital signature token
Control access for multi-level users as Role-based and Record-level
Support for Built-in Built-in HSM Software Simulator
Ability to work with a variety of HSM equipment with Java JCA / JCE CSP and PKCS # 11 interfaces
Compatibility with ParsKey digital signature tokens and other approved tokens in the country's public key infrastructure
Ability to determine the validity period, update and publish CRL courses compatible with RFC5280
Support for Certificate and CRL Publishing Mechanisms in Reservoir, Compliant with LDAP RFC2253 Protocol
Ability to address and differentiate the certificate based on the distinctive name (DN) compatible with RFC2396
Ability to update multiple OCSP, RA and certificate repositories simultaneously
Support for RSA and ECDSA algorithms in all components
Support for time stamp production function (TSP) compatible with RFC3161 standard
Support for Certified Central Certification and Digital Signature Service through VA component
Support for Online Certificate Inquiry Status Mechanisms in OCSP Compatibility Compatible with RFC5019
Digital signature of audit events in the form of Chain signing in all components
Ability to use normal event with the ability to save in a variety of files, databases or send network events
Supports general and v1 X509 v3 key and certificate certificates CRL v2
Supports PKCS # 1, # 5, # 7, # 8, # 9, # 10, # 11, # 12
Non-functional and operational features
Ability to manage and manage separate Certificate Issuance Center (CA) and Registration Offices (RA)
Ability to support multiple CAs in the RA component
Ability to support multiple CAs in the OCSP component
It has a user-friendly web portal for each component
Ability to increase OCSP components separately
Ability to define and increase registry offices
Ability to use the main services of registering and issuing certificates through the web service
It has a high scalability with the ability to use different components of the product in a centralized and distributed manner.
No restrictions on the number of levels of the trust hierarchy
Can be provided as software installation software, virtual machine and Container and Network Appliance
Database-independent design and the ability to work with a variety of databases such as Oracle, MySQL, PostgreSQL and Microsoft SQL Server
HA capability with Load balancing and Fail-over management
Ability to backup, restore, monitor and monitor centrally
Supports two-way SSL / TLS communication between components, between components and database, and with reservoir
Compatible with all types of e-certificate policies
Ability to integrate with Mobile Signature Service via ETSI TS 102 20
Saler Company Information
