OSI.KMS is a group of products for safe implementation of various cryptographic operations and managing cryptographic keys that are necessary within smart cards mass production system, within processes of secure exchange of cryptographic keys between systems or for specific operations such as tokenization of data within processes of electronic processing of security-sensitive information.
Key Management Server
OSI.KMS.Enterprise is a product for secure implementation of various cryptographic operations needed for secure generation of cryptographic keys, secure export and transfer of cryptographic keys, derivation of keys, generation of cryptographic keys based on passwords and hash functions, generation and secure transfer of PIN codes, generation of RSA cryptographic keys for electronic passports, generation of EC cryptographic keys for electronic passports and other cryptographic operations depending on specific needs of each customer.
Product supports all standard cryptographic mechanisms such as RSA, EC, AES, DES, 3DES, SHA1, SHA256, SHA512, … The final set of mechanisms depends on the used hardware security module (HSM). The solution is based around cryptographic core, which has an extensible configuration scheme of profiles, within which properties of individual cryptographic object and operation are described. All cryptographic operations are performed only on hardware security modules using the protocol PKCS#11. The solution supports the use of hardware security modules of different producers.
Modules of OSI.KMS
OSI.KMS.CMS provides comprehensive management of cryptographic keys and digital certificates within automated process of massive production of smart cards based identities.
OSI.KMS.CMS has a role of integration module between user enrollment systems, Certification Authority, OSI.KMS.Enterprise for preparation of cryptographic keys and system for printing or electronic personalization of smart cards. The open design of integration interfaces allows connection with external systems through various mechanisms such as web services, message queuing or specific application development interfaces (API).
Typical implementaion includes installation of OSI.KSM.CMS core and customization for specific environment that includes definition of interfaces, specification to external systems and implementation of external interfaces.
OSI.KMS.CMS.Enterprise is a system for managing OSI.KMS.CMS smart cards, adapted to be used in companies or environments where use of the system for massive smart cards issuance is not adequate or efficient. It provides functions for preparation of individual smart card or a small set of smart cards.
Typical use is in connection with smart cards desktop printer that enables visible data printing and electrical personalization at the same time. Electrical personalization includes generation of cryptographic keys on smart cards, forwarding the request for issuing digital certificate to Certification Authority and import of a digital certificate on a smart card.
Additional functions could be secure storage of keys for de-encryption for needs of recovering a lost card, secure generation of PIN code and / or PUK and derivation of specific keys for managing a smart card (Eg.: For managing on Java Card Manager level).