Title: Outsourcing Services of Key Certification Center
1Outsourcing Services of Key Certification Center
KEY CERTIFICATION CENTER CRYPTOMACH
2Advantages of Electronic Document Management (EDM)
- Automation of the internal business processes
- Saving of the material and time resources
- High speed of the document processing and the
decision making - Possibility of the real-time interaction with the
remote employees and branches - Possibility of the documents control throughout
all life cycle - Automation of the external mutual relations
- Business-to-Business
- Business-to-Customer
- Business-to-Government
DSCA CRYPTOMACH
3EDM Internal Processes
Business-to-Business
Business-to-Government
Government Institutions
Business-to-Customer
REPORTING
4EDS Application in Electronic Document Management
ELECTRONIC DIGITAL SIGNATURE
Validation of electronic document
Confidentiality support by the transmission and
storage of documents
Functions of the involvement and nonrefusability
Control of the integrity and authenticity of the
electronic documents
Control of the signing (visaing) priority of the
electronic documents
Authentification of EDM system participants
Cryptoprotected system audit
5EDS Application in Electronic Document Management
- EDS is equated to the autograph signature or
company stamp on legal status - Close out the possibility of uncontrolled
modification of the signed document - Practical impossibility of a fake of EDS (in
comparison with the usual signature or stamp) - Simplicity of creation and check of EDS
- Possibility to automate the procedure of the
digital signature check - Possibility of routed enciphering of documents
for a certain communicant
DSCA CRYPTOMACH
6EDS Application in Electronic Document Management
BRANCH
COMPANY
DEPARTMENT 1
DEPARTMENT 2
SERVER
INTERNET
ELECTRONIC ARCHIVE
CONTRACTOR
- Internal electronic document management
- Creation of electronic documents archives
- Interaction with remote branches
- Interaction with partners and clients
- Reporting in the electronic form to
- authorities (STI, PFU, USR)
AUTHORITIES
7Normative Legal Base of EDS Application
- Laws of Ukraine
- About Electronic Documents and Electronic
Document Management - ?851-IV dated 22.05.2003
- About Electronic Digital Signature
- ?852-IV dated 22.05.2003
- Orders of the Cabinet of Ministers of Ukraine
- About Approval of Procedure of Key Certification
Centers Accreditation - ?903 dated 13.07.2004
- About Approval of Regulation about Central
Certifying Authority - ?1451 dated 28.10.2004
- About Approval of Regulation of Electronic
Digital Signature Application by Governmental
Authorities, Local Government Authorities,
Enterprises, Establishments and Organizations of
State Form of Ownership - ?1452 dated 28.10.2004
- About Approval of Typical Regulation of
Realization of Electronic Document Management in
the Bodies of Executive Power - ?1453 dated 28.10.2004
DSCA CRYPTOMACH
8NATIONAL MANAGEMENT SYSTEMOF EDS PUBLIC KEYS
CENTRAL CERTIFYING AUTHORITY
CONTROLLING AUTHORITY
KCC
AKCC
AKCC
AKCC
AKCC
AKCC
APPLICANTS JURIDICAL AND INDIVIDUAL PERSONS
DSCA CRYPTOMACH
9Advantages of Accredited KCC Services
Reporting in electronic form to the state
authorities
Usage of the enforced certificates makes EDS the
fully legitimate replacement of the personal
signature or stamp
Signing of contracts in electronic form
Usage of EDS in banks
DSCA CRYPTOMACH
10Main Services of KCC Cryptomach
Full range of complex services connected with
EDS usage
- Service of certificates blocking, renewal,
recall on demand of the client - Providing of information about the certificate
status - Creation of time tags
- Possibility of certificates usage for creation of
confidential communication channels - Providing of the certificated tools of EDS
creation and check
DSCA CRYPTOMACH
11- Certificate of
- Accreditation
- Series ?? ?8 dated 25.11.2008
12Advantages of KCC Cryptomach
- KCC Cryptomach Feature ?
- Providing of the active key carrier based on
smart-cards to the customers - Providing of the additional software for
operation with smart-cards
Smart cards made on the basis of special chips
are the most reliable key carriers for today.
DSCA CRYPTOMACH
13Personified smart-card
- Of support of corporate IT-system safety
- Of social protection of company employees
- Of social protection of citizens (pensioners and
teenagers) - Of stimulation of loyalty of population target
groups (for example, employees to the employer)
DSCA CRYPTOMACH
14Mutual Pilot Project
Cryptomach Ltd. Key Certification Center
services Software-hardware tools of Information
cryptoprotection
KJSC Zembank Payment application NSMEP check
CJSC PC SOLDI Processing Center of Loyalty
System
DSCA CRYPTOMACH
15System Structure
- Plastic smart card with two interfaces
- Infrastructure of acception and service of cards
- Uniform centre of keys certification with remote
points of registration - Processing centre SOLDI
- Hardware-software complexes of cards personal
usage
DSCA CRYPTOMACH
16Card Functions
Identification of the card owner
Creation of the electronic digital signature
Creation of a confidential data line with a server
Payment tool (NSMEP "check")
Storage of the emergency medical information
Access control to the personal information
Contactless identity for systems of physical
access control (ACS)
Support of loyalty systems and the prepaid
services on contactless technology
17Card Structure
Contact chip (Infineon SLE66C42P)
Contactless chip (NXP DESFire EV1 ) with
integrated antenna
Plastic with printed personal information on the
back side of a card
DSCA CRYPTOMACH
18Conformance to Standards
ISO International Organization
for Standardization
Cards interfaces conform to the following
standards
Contact part ISO 7816 1-4
Contactless part ISO 14443A 1-4, ISO 7816-4
Plastic physical specifications ISO 7810 (ID-1)
DSCA CRYPTOMACH
19Supported Cryptoalgorithms
- Digital signature DSTU 4145-2002 with key length
191 bit - Framing of a common session secret on the base
of DSTU 4145-2002 - Symmetric enciphering and message authentication
code computation GOST 28147-89 - Hashing function GOST 34.311-95
- Authentification and traffic protection on the
contactless interface Triple-DES
DSCA CRYPTOMACH
20Identification of Card Owner
Contact chip of card stores
- Registration number of the customer in the system
- Surname, name, patronymic of the owner
- Date of birth of the owner
- Citizenship of Ukraine
- Identification code of the owner
- Date of card issue
- Blood group and Rhesus factor of the owner
DSCA CRYPTOMACH
21Emergency Medical Information
- Medical information for emergency help is
available to doctor 's reading after
authentification on the SAM-module only
- Upgrade of medical data is possible after mutual
authentification with a server only - Mutual authentification is possible after
PIN-code input only - Data are transmitted to card in ciphered mode
DSCA CRYPTOMACH
22Access Control to Personal Information
- Possibility of usage of a card as one of units of
multifactor authentification for protection of
local data of the user - Usage of one password for protection of many
storages of the information - Restoring of the protected data at loss or damage
of a card with usage of temporal restoring card
DSCA CRYPTOMACH
23Payment Application
Usage order of NSMEP "check" application is
defined by National bank of Ukraine
- Application allows the owner to get access to the
card account in the bank-emitter after
authentification on PIN-code - Cash withdrawal in cash dispenses and payments on
payment terminals - Implementation of the salary project
DSCA CRYPTOMACH
24Access Control System (ACS)
- Realized on contactless technology
- Card allows to realize multifactor
authentification card PIN and/or biometrics - Authentification can be fulfilled by the reader
completely - "Cloning" of ACS card is practically impossible
- One card supports several ACS without mutual
discredit
DSCA CRYPTOMACH
25Loyalty Systems and Prepaid Services
Information about amount of services prepaid by
the client or stored "bonuses" in some system (On
card contactless part)
- Level of card cryptoprotection allows to build
completely off-line systems of cards receipt - One card supports about 28 various operators of
services - Possibility of initialization of applications "in
the field" or through the Internet by means of
the contact chip
DSCA CRYPTOMACH
26Smart Card Readers
- Contact Readers
- Desktop and inside versions
- Versions with PIN-keyboard and fingerprint
readers - Desktop Contactless Readers
- Identification applications
- Applications of loyalty and control of prepaid
services - Readers for Access Control Systems
- Card only
- PIN-keyboard
- biometric reader
- Data Terminal Equipment
- Required equipment with SAM-modules
- Optional operation with two cards
- Applications bank, health care, loyalty
DSCA CRYPTOMACH
27Structure of KCC Cryptomach
- Personaliser
- Remote poits of registration
- Call-centre
- Centre of remote authentification
- Subdividings of KCC Cryptomach Ltd. ensure
continuous support of the client at all stages of
mutual relations
DSCA CRYPTOMACH
28Personaliser and Call-center
Technological capacity of our personaliser allow
to fulfill electrical and graphics
personification up to 40 thousand cards/months
- Call-center ensures round-the-clock and
operative support of clients of the company
requirements accept for blocking of certificates,
consultations about products and services
DSCA CRYPTOMACH
29Center of Remote Authentification
- Authentification of cards independet from
presence of valid certificate of KCC - Creation of an authentic and confidential data
link between the client, centre and services
provider - Upgrade of medical data on a card (optional)
- Data recovery protected by means of the lost card
DSCA CRYPTOMACH
30Software
- Each user receives a package of software
- KCC client (performance of all main functions of
operation with EDS and certificates) - Client of synchronisation with a medical server
- Tool of cryptography protection of local storages
of the information - Additional software, depending on a range of
services on which he is signed - Upgrade software is available on web-site
constantly
DSCA CRYPTOMACH
31Other Company Activity
- Development of ICP software
- Development of ICP hardware
- Development of complex information protection
systems - Theoretical researches
- Consulting services
DSCA CRYPTOMACH
32Contacts
- Cryptomach Ltd. (central office)
- Akademika Proskury Str., 1
- Kharkov, 61070, Ukraine
- Tel. 380 (57) 315 44 70
- E-mail mail_at_cryptomach.com
- Web www.cryptomach.com
- AKCC Cryptomach
- Chernyshevskaya Str., 4
- Kharkov, 61057, Ukraine
- Tel. 380 (57) 766 33 77, 763 33 77
- Fax 380 (57) 706 20 87
- E-mail mail_at_my-pki.com
- Web www.my-pki.com