OSI.KMS

Key Management Server

OSI.KMS is a group of products for safe implementation of various cryptographic operations and managing cryptographic keys that are necessary within smart cards mass production system, within processes of secure exchange of cryptographic keys between systems or for specific operations such as tokenization of data within processes of electronic processing of security-sensitive information.

OSI.KMS.Enterprise

OSI.KMS.Enterprise is a product for secure implementation of various cryptographic operations needed for secure generation of cryptographic keys, secure export and transfer of cryptographic keys, derivation of keys, generation of cryptographic keys based on passwords and hash functions, generation and secure transfer of PIN codes, generation of RSA cryptographic keys for electronic passports, generation of EC cryptographic keys for electronic passports and other cryptographic operations depending on specific needs of each customer.

Product supports all standard cryptographic mechanisms such as RSA, EC, AES, DES, 3DES, SHA1, SHA256, SHA512, … The final set of mechanisms depends on the used hardware security module (HSM). The solution is based around cryptographic core, which has an extensible configuration scheme of profiles, within which properties of individual cryptographic object and operation are described. All cryptographic operations are performed only on hardware security modules using the protocol PKCS#11. The solution supports the use of hardware security modules of different producers.

Modules of OSI.KMS

OSI.KMS.CMS

OSI.KMS.CMS provides comprehensive management of cryptographic keys and digital certificates within automated process of massive production of smart cards based identities.

OSI.KMS.CMS has a role of integration module between user enrollment systems, Certification Authority, OSI.KMS.Enterprise for preparation of cryptographic keys and system for printing or electronic personalization of smart cards. The open design of integration interfaces allows connection with external systems through various mechanisms such as web services, message queuing or specific application development interfaces (API).

Typical implementaion includes installation of OSI.KSM.CMS core and customization for specific environment that includes definition of interfaces, specification to external systems and implementation of external interfaces.

OSI.KMS.CMS.Enterprise

OSI.KMS.CMS.Enterprise is a system for managing OSI.KMS.CMS smart cards, adapted to be used in companies or environments where use of the system for massive smart cards issuance is not adequate or efficient. It provides functions for preparation of individual smart card or a small set of smart cards.

Typical use is in connection with smart cards desktop printer that enables visible data printing and electrical personalization at the same time. Electrical personalization includes generation of cryptographic keys on smart cards, forwarding the request for issuing digital certificate to Certification Authority and import of a digital certificate on a smart card.

Additional functions could be secure storage of keys for de-encryption for needs of recovering a lost card, secure generation of PIN code and / or PUK and derivation of specific keys for managing a smart card (Eg.: For managing on Java Card Manager level).

OSI.KMS.TachoCA

OSI.KMS.TahoCA is a specially developed solution for managing cryptographic keys and digital certificates within the system for issuing cards for EU digital tachographs. The solution is built around own development of software libraries for creating, signing and verifying digital tachographs specific CV (Card Verifiable) digital certificates.

OSI.KMS.Tokenizator

OSI.KMS.Tokenizer is a dedicated module for generation, transmission, management and tracking accesses of e-tokens and data that are connected with tokens. Tokens enable masking of security sensitive information within electronic processing and transmission. At processing security sensitive information, real data is replaced by token, that is generated by KMS.Tokenizator and which safely connects it with the actual content.

Want more information?