|
|
Sequoia® v2 is a complete product suite for secure electronic Identity Management for governments, administrations, industry, and end users. It covers all needs for protection of electronic information and sensitive data.
Sequoia® V2 is available in two modes:
On premises Mode: Software solution installed a license on premises. Adapted to all customer requirements, Sequoia® enables clients to manage themselves their Public Key Infrastructure and
allows implementing a large variety of business cases.
SaaS Mode (Software as a Service): Service managed on a multi-tenant platform, hosted in Keynectis’ high-secure data center.
Based on its expertise as Certified Trust Service Provider (French label “PSCE/PSCO”), Keynectis assures highest requirements in terms of high availability and security for the benefit of its customers.
Sequoia® suite contains three software components:
Keyseed (version 2.6.2)
Offline software module in charge of CA lifecycle management, connected to a Hardware Security Module (HSM). This module enables in particular, CA key pair generation, CA certificate signature, Authority Revocation Lists (ARL) Signature, import and export of secret keys.
Trust.Center (version 2.3.5)
Software module in charge of end user certificate life cycle management, i.e certificate template
definition, certificate and certificate revocation lists (CRL) generation.
K.Registration (version 2.6.7):
Software module in charge of end user certificate lifecycle management workflows (enrollment,
validation, issuance, pickup, revocation, renewal
These modules can be used in combination to implement a complete PKI. It is also possible to use them independently. Following configurations are possible:
- KeySeed® only
- Trust.Center® only
- Trust.Center® in combination with KeySeed®
- Trust.Center® in combination with K.Registration® and KeySeed®
Certification
Sequoia® v2 (composed of KeySeed® v2.6.2, Trust.Center® v2.3.5 and K.Registration® v2.6.7) was qualified by ANSSI at standard level on octobre 2010, 5th (certificate #2544/ANSSI/SR/RGL) based on a Common Criteria EAL4 + (ALC FLR.3 – Flaw remediation). The cryptography implementation was assessed by ANSSI that declared its compliancy with its recommandatons.
Certification services
The Sequoia software suite implements following services for digital certificate life cycle management
and certificate revocation lists generation :
- Enrollment Service
- Certificate Request Service
- Certificate Production Service
- Certificate Pickup Service
- Revocation Service
- Publication Service
- Trusted Roles Creation and Management (Administrator, Operator, Auditor)
- Logging and Audit Service
For more information please visit the ANSSI product page.
Additional Notes
Required Hardware and Operation Systems
| Sequoia software module |
Hardware |
Operating System
|
| Keyseed® |
Workstation (PC) |
Windows 2000 (Windows XP SP 3 recommended)
Linux Ubuntu 10.04 or Redhat 5 with PDF reader
|
| K.Registration® and Trust.Center® |
Solaris v240 or T200 Server
or
HP ProLiant DL380 G5 or
DL360 G6 |
Solaris 10 or Linux Redhat ES5 |
Required Third Party software
| Sequoia software module |
Software |
Recommended version
|
| K.Registration® Web Server |
Apache |
httpd-2.2.3-22.el5
|
| |
mod_ssl |
mod_ssl-2.2.3-22.el5 |
| |
mod_jk (connector Apache /
Jboss) |
ks-mod_jk22-1.2.28-FCS |
K.Registration®
Application Server RA Proxy Server
Trust.Center®
Application Server Crypto Server (HSS) |
Java JDK |
jdk-1.5.0_11-fcs
crypto librairies Sequoia.security v 2.4.0 and bouncycastle (Java) v 1.43 |
K.Registration® and Trust.Center®
Data Base Server |
Oracle including CLI sqlplus for the
execution of sql scripts during installation |
11g |
| Trust.Center® Web Server |
Apache |
httpd-2.2.3-22.el5 |
| |
mod_ssl |
mod_ssl-2.2.3-22.el5 |
| |
openSSL |
0.9.8l |
| |
mod_jk (connector Apache /
Jboss) |
ks-mod_jk22-1.2.28-FCS
|
Workstation for TOE Actors
The workstations for actors are as follows :
Operator Workstation :
- Hardware : Workstation type PC
- Software : Microsoft OS (Windows 2000, XP Professional Version 2002 Service Pack 3 recommended), Web browser (Internet Explorer 7.0 upwards or Mozilla Firefox 3.6 upwards)
System Engineer Workstation:
- Hardware : Workstation type PC
- Software : Microsoft OS (Windows 2000, XP Professional Version 2002 Service Pack 3 recommended) or Linux, Web browser (Internet Explorer 7.0 upwards or Mozilla Firefox 3.6 upwards)
Certificate Holder workstation
The equipment is as follows (not limited to):
- Hardware : Desktop or laptop
- Software : Browser and email tool : Lotus Notes Compatible PKCS#11, version 6.5 upwards, Mozilla for versions 1.0 and higher, Outlook 2000 for versions Outlook 2000, 2002 and 2003, Outlook Express for versions 5 and higher. Operating System: Windows 2000, XP (Service Pack 3), Vista and higher, Mac.
Supported Smart Cards
- GemXPRESSO (TP IS v2) Gemalto
- Ypsid card sscd (Sagem Orga)
- TPC IMCY (Axalto)
- ActivCard (ActiveIdentity)
- AuthentIC V4 (Oberthur)
- ID One Cosmo (Oberthur)
- Instant EID IP2 Setec
Supported HSMs
- Bull Trustway, Proteccio
- Luna SA, CA, CA3, CA4, SP and XP, PCI
- Thales NCipher NShield
- Crypto module ANSSI (IGC/A) only in conjunction with KeySeed®
|