We have PKI solutions ready to fit your business.
Your major source for SafeNet hardware and consultancy.
We are fully experinced in the design, deployment and installation of the Ncipher netHSM product range.
UniCERT is another one of our successful World Class PKI application deployments.
We have successfully deployed a range of Entrust Authority installations, and are conversant with the range of optional Entrust components.
We are specialists in the installation, configuration and deployment of the RSA KEON Certificate Authority. We are fully conversant with the interoperability of RSA KEON with other Certificate Authorities, including Microsoft.
With over fourteen years experience advising, designing and deploying Public key Infrastructure (PKI) solutions for financial, pharmaceutical, government and specialized agencies, we have the knowledge your business requires.
Building single root PKI hierarchies to very complex cross certified mesh PKI hierarchies using FIPS-2 and EAL accredited Hardware Security Modules (HSMs) and industrial strength Certificate Authority software - this is the cornerstone of our business.
Helping you decide to outsource or develop in-house solutions, bringing our expertise to accelerate your understanding of which PKI trust model fits your business, this is where we excel.
We are vendor neutral, and are experts at finding the right Certificate Authority (CA) product for your company. Microsoft, Entrust, RSA KEON, UniCert, VeriSign and many more. We are in a unique position to advise on all the leading players.
Whatever PKI design we recommend, it will always be flexible, robust, proven, extensible, scalable and adaptable so that it grows with your business needs. If you already have a tactical in-house solution, we are the perfect partners to develop this into a strategic world class solution to meet all your future certificate requirements.
Public Key Infrastructure (PKI) compliance documentation and legal policy development is another important service that we offer. We are particularly fluent in the construction of Certificate Policy documents (CP), Certificate Practice Statements (CPS) PKI Disclosure Statements (PDS), Subscriber and Relying Party agreements.
Certificate life cycle and key management, Identity life cycle management, smart card management, smart card deployment, it all falls within our remit.
Helping you acquire compliance through PKI is what we have been doing for many companies. PCI (DSS), E-SIGN, HIPAA, SOX and many more, interpreting your companies requirements and converting them into technical solutions is a particular quality we are proud of.
It's not just understanding the technology. It's equally, if not more important, to understand your business. This is one of the main reasons our solutions have been so successful.
Building compliant PKI infrastructures based on the revised NIST recommendations is our goal and we will help you understand why it should also be your goal.
We can help you understand and migrate your crypto estate to the stronger NIST recommendations. Specifically, understanding the NIST definition of terms: what is acceptable, what is deprecated, what is disallowed and what legacy-use means.
We will help you identify and understand what algorithms are affected and which key size is appropriate during the transition phase.
Transitioning keys from 1024 bits to larger key sizes, as stipulated by NIST, is a big challenge for many in-house security teams. A great deal of testing may be required to bring crypto estates into compliance. This is especially important when upgrading SHA-1 for digital signature estates?
The implications are wide and the potential to impact production systems which depend on non-compliant PKI infrastructures is very real. We are very experienced in rebuilding, transitioning or re-keying existing PKI infrastructures.
We can rebuild your PKI infrastructure or transition it so that it is compliant with the new NIST recommendations. We have had much success building parallel PKI infrastructures for companies and performing protracted upgrades. Contact us now for more information.
Are you still using SHA-1 in your PKI and certificate estate? Itís time to switch to SHA-2 Now! SHA-1 is becoming at risk SHA-1 is a hashing algorithm that has been adopted on a global scale. There are, however, mathematical shortcomings of this cryptographic hash algorithm that are solved by SHA-2. Starting in 2016, things will change from Microsoft regarding supporting SHA-1. This has implications for Code Signing Certificates, Web Server certificates, CA hierarchies and strategic PKI installations. This includes all manner of end-entity certificate applications and certificate dependencies. Certificate Authority Server and PKI infrastructures are especially at risk if servers are still using SHA-1
Heartbleed (CVE-2014-0160) is a security bug in the open-source OpenSSL cryptography library, when it is exploited it leads to the leak of memory contents from the server to the client and from the client to the server. This bug can expose private keys and other secrets to the Internet. What is so serious is the long exposure, the ease of exploitation and that attacks leave no trace. The encryption of signatures in the X.509 certificates can be bypassed. Recovery from this leak requires patching the vulnerability, revocation of the compromised keys and reissuing and redistributing new keys. However, even doing this may still leave any traffic intercepted by the attacker in the past still vulnerable to decryption. Contact us now to help you understand how to mitigate this serious problem and secure your private keys against further attacks.
We have advised many large corporations on the challenges of deploying digital signature solutions. We can help you overcome the challenges of incorporating digital signature solutions that comply with the 1999 EU Signature Directive and help you with ISO 32000-1.
We are the perfect partners to help develop your PKI Policy and Governance
How Does the PKI Governance Work?
The growing list of companies and organizations that have used our consultancy services over the past 15 years: