Technical Perspective - Chiave RA

FUNCTIONALITY AND SPECIFICATIONS

Below we present a technological description of Chiave RA. For a more detailed specification, please contact us for a review with one of our technicians.

Platform: Chiave RA is an appliance with built-in HSM that meets FIPS 140-2 level 2 or 3, as well as EAL4+.

Integration: The SOAP interface enables programmers to integrate Chiave RA with external applications in cards readers or card programming units.

Logging: Chiave RA stores an intrusion-protected log of every completed request. The intrusion protection works through a MAC signature generated by the local head key, which is stored within the unit’s HSM.

Transfer: Remote transfer of key component to and from Chiave can be handled through normal card readers and regular open networks, since the information is encrypted.

Supported standards: PKI Service: XKMS. Bankgirocentralen Interface definitions v. 2.7, 2004. BankID: DTD definitions v. 3.0, Bankgirocentralen 2010. HSM for key generation is certified to FIPS 140-2 level 2 with level 3 as an option. PKCS#7, PKCS#8, PKCS#10, X509 v3.