Public Key Infrastructure
Public Key Infrastructure (PKI)
A public key infrastructure (PKI) is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. The purpose of a PKI is to facilitate the secure electronic transfer of information for a range of network activities such as e-commerce, internet banking and confidential email. It is required for activities where simple passwords are an inadequate authentication method and more rigorous proof is required to confirm the identity of the parties involved in the communication and to validate the information being transferred. There are two types of PKI.
- Digital Signature Certificates
- Certificate Management Suite
Digital Signature Certificates
The emPower certificate management and web security platform enables you and your customers to request certificates from a Webtrust accredited CA or white labelled sub-CA hosted and managed by eMudhra. Leverage emPower to build a trust services backbone to accelerate secure digital transformation.
Type of Certificates
In accordance to the guidelines of IT-Act and the X.509 Certificate Policy for India PKI published by Controller of Certifying Authorities,e-Mudhra issues six types of certificates: Signature, Encryption, Device/System, SSL Server, Code Signing and Document Signer Certificate
SSL server certificates are digital identifications containing information about web server and the organization that is owning the server’s web content. An SSL server certificate enables users to authenticate the server, check the validity of web content, and establish a secure connection.
The Document Signer Certificates are issued to organizational software applications for operating automatically to authenticate documents/information attributed to the organization by using Digital Signature applied on the document, documents/Information.
Document Signer Certificate
The encryption key pair is used by the subscriber for receiving encrypted messages which is encrypted using subscriber’s public key. The subscriber fills in the application and submits to eMudhra or it’s authorized RAs along with the identification and address proof. The RA verifies the application, id proof and address proof and approves the request. The Subscriber provides a password in the portal for protecting the encryption certificate. The server generates the encryption key, escrows and makes it available for the customer in the portal. The subscriber needs to login with the credentials sent to his digital id and download the encryption certificate from the portal.
SSL Server Certificate
The signature certificate is corresponding to the signing private key. It will be used by individuals or organizations for signing purpose. The key pair will be generated by applicant/subscriber in a secure medium and is inherent to keep his private key in safe custody. The signature certificate is issued by e-Mudhra after the validation process mentioned in the CPS. The relying parties can make use of this certificate for signature verification
Certificate Management Suite
emCA is a comprehensive suite of products for certificate lifecycle management and discovery helping any enterprise or government setup trust services or certifying authority rapidly.
emCA is EAL 4+ CC PP 1.5 compliant and is used in organizations that are Webtrust accredited.
Comprehensive CA offering
Inbuilt modules for certificate issuance, revocation, OCSP, Timestamping and business operations (RA), ETSI compliant remote signing that can be rapidly deployed.
Highly scalable for IoT scenarios having issued over 200 certificates per second.
Support for ETSI compliant remote signing with both long lived and short lived key pairs.