Trust Management

Connected objects identity management

Metapki

Atos, a European actor in IS security, provides metapki, a complete solution to create electronic certificates and manage their life cycle.

Information system security is an essential issue for organisations moving to paperless exchanges, whether for internal communications or for relationships with partners and customers. Electronic certificates respond to this need as they allow applications to support security services such as user authentication, non-repudiation of transactions, and confidentiality of data exchanges.

Managing security and trust

From strong authentication to access to all metapki functional entities to recording of all actions, enciphered sensitive information and private and public keys protected using Hardware Security Modules (HSM), metapki ensures data security.

Certifications

Metapki is EAL 3+ Common Criteria Certified and is also RGS basic level certified

Accompanying growth

As a European security leader, Atos has metapki’s modularity and sales conditions enable the smooth deployment of a solution tailored to the organisation’s needs: new types of certificate, new management processes, new organisational units and new Certification Authorities may be added as required.

System requirements

►  Linux Platform (e.g. Red Hat or SUSE)
►  Open source international components delivered with metapki: Apache, OpenSSL, PostgreSQL and PHP
►  LDAP Server: when the CA publishes certificates and/or LCR in a directory
►  SMTP Mail Server: when metapki sends notifications related to the management of certificates

Norms and standards

►  Certificate compliance with ITU-T X.509v3 and RFC 5280
►  Certificate enrolment protocols: SCEP, CMP (RFC 2510 et RFC4210), CCEP
►  Certificate profile compliance with ETSI TS 101 862, Netscape and Microsoft
►  Revocation information compliance with ITU-T X.509v2 LCR and OCSP Protocol (RFC 2560)

►  Certification request format: PKCS#10, SPKAC
►  Key exchange format: PKCS#12
►  Connectivity: LDAP, HTTPS, SMTP
►  HSM interface: PKCS#11

Environment

Hardware & Software for metapki hosting
►  Physical Servers: 32/64 bits platform with at least 4 Go of RAM, 10 Go of available disc memory, 2 Ethernet ports
►  Virtual Machines: VMWare, HyperV
►  Operating System: Red Hat 5 and 6 (32 or 64 bits) / SUSE SLES 10 and 11 (32 or 64 bits)
►  LDAP Server: CAs publish the certificates and/or the LCR in a LDAP directory

►  Mail Server: Email sending is possible for each step of certificates life cycle

Working station for metapki users
►  Navigator: Internet Explorer 8 version and later, Firefox, Chrome
►  Java Runtime Environment: 1.6 (superior to update 19), 1.7 et 1.8

Smart Card
►  All smart cards with PKCS#11 interface and particularly: CardOS, Gemalto ID PRIME MD840, Gemalto IAS TPC, Gemalto Classic TPC IM, Gemalto
►  Cyberflex Access 64k v2, Morpho vpsID SmartCard Ux, ActivIdentity ActivCard 64K V2C

HSM
►  All HSM with PKCS#11 interface and particularly: Bull crypt2pay profil Protect, Bull TrustWay Proteccio®, Bull TrustWay Box

Electronic certificates may be used to support:
Strong authentication for users with smart cards or USB tokens (two factor authentication)
Strong authentication for web servers (SSL/TLS)
Strong authentication for VPNs (Virtual Private Networks)
Electronic signatures to provide integrity and non-repudiation of transactions
Data confidentiality for data in transit or in storage.
Users and applications are provided with one or more key pairs (a public key and a private key) and public key certificates, generated by a Certification Authority (CA), that associate the registered user or application with the public key.
Metapki supports one or more Certification Authorities that may be independent, or subordinate CAs.
A whole range of security profiles for public certificates is supported by metapki. For each profile, the registration process may be tailored to the specific needs of the organisation and integrated with the existing IS.
A workflow manager handles the registration process in order to minimise the time to produce and manage the certificates through the use of one or more Local Registration Authorities (LRA).
A Card Management System (GesCard) for managing smart cards: customisation, PIN unblocking…
A validation authority (VeriCert) for checking the validity of a certificate against a validation policy

Related resources and actuality

Factsheet metapki

For managing certificates creating and managing secure identities

Information system security is an essential issue for organisations moving to paperless exchanges, whether for internal communications or for relationships with partners and customers…

Newsroom

The « Assises de la Sécurité »

October 11-14th 2017, Monaco
Meet us on the Atos-Bull booth n°11

Partners program

Infineon

Atos provides products in the field of embedded device security in the context of Infineon Security Partner Network with a solution for connected cars.

LoRa Alliance

Atos is members of the LoRaAlliance and provides trust security services to deliver keys and certificate for IoT.

Private zone for customers and partners

Bull support consists of an international team of experts who will help you get optimal use out of our products in your specific environment every day.

 

Other Trust Management solutions

Device Security CardOS

Secure authentication and trusted identity delivering assurance and efficiency to every sector.
Visit product page >

Metasign

Creating and verifying secure transactions.
Visit product page >

Metatime

A reliable time-stamping solution for transactions and archives generating time-stamp tokens (TSTs).
Visit product page >

Metacrypt

Protecting sensible data by supporting the encryption and decryption of electronic documents.
Visit product page >

Vericert

Centralizing the validation of public key certificates.
Visit product page >

Cryptographic Data Preparation Device

Managing the creation and security of EMV smart card personalization elements.
Visit product page >

Interested in our metapki solution?