Citizen ID (SEQUOIA v2 Software Suite)

Sequoia® v2 is a complete product suite for secure electronic Identity Management for governments, administrations, industry, and end users. It covers all needs for protection of electronic information and sensitive data.

Sequoia® V2 is available in two modes:

On premises Mode: Software solution installed a license on premises. Adapted to all customer requirements, Sequoia® enables clients to manage themselves their Public Key Infrastructure and
allows implementing a large variety of business cases.

SaaS Mode (Software as a Service): Service managed on a multi-tenant platform, hosted in Keynectis’ high-secure data center.

Based on its expertise as Certified Trust Service Provider (French label “PSCE/PSCO”), Keynectis assures highest requirements in terms of high availability and security for the benefit of its customers.

Sequoia® suite contains three software components:

Keyseed (version 2.6.2)

Offline software module in charge of CA lifecycle management, connected to a Hardware Security Module (HSM). This module enables in particular, CA key pair generation, CA certificate signature, Authority Revocation Lists (ARL) Signature, import and export of secret keys.

Trust.Center (version 2.3.5)

Software module in charge of end user certificate life cycle management, i.e certificate template
definition, certificate and certificate revocation lists (CRL) generation.

K.Registration (version 2.6.7):

Software module in charge of end user certificate lifecycle management workflows (enrollment,
validation, issuance, pickup, revocation, renewal

These modules can be used in combination to implement a complete PKI. It is also possible to use them independently. Following configurations are possible:

  • KeySeed® only
  • Trust.Center® only
  • Trust.Center® in combination with KeySeed®
  • Trust.Center® in combination with K.Registration® and KeySeed®


Sequoia® v2 (composed of KeySeed® v2.6.2, Trust.Center® v2.3.5 and K.Registration® v2.6.7) was qualified by ANSSI at standard level on octobre 2010, 5th (certificate #2544/ANSSI/SR/RGL) based on a Common Criteria EAL4 + (ALC FLR.3 – Flaw remediation). The cryptography implementation was assessed by ANSSI that declared its compliancy with its recommandatons.

Certification services

The Sequoia software suite implements following services for digital certificate life cycle management
and certificate revocation lists generation :

  • Enrollment Service
  • Certificate Request Service
  • Certificate Production Service
  • Certificate Pickup Service
  • Revocation Service
  • Publication Service
  • Trusted Roles Creation and Management (Administrator, Operator, Auditor)
  • Logging and Audit Service

For more information please visit the ANSSI product page.

Additional Notes

Required Hardware and Operation Systems

Sequoia software module  Hardware

Operating System

Keyseed®  Workstation (PC)

Windows 2000 (Windows XP SP 3 recommended)

Linux Ubuntu 10.04 or Redhat 5 with PDF reader

K.Registration® and Trust.Center® Solaris v240 or T200 Server
HP ProLiant DL380 G5 or
DL360 G6
Solaris 10 or Linux Redhat ES5

 Required Third Party software 

Sequoia software module  Software

Recommended version

K.Registration® Web Server Apache


  mod_ssl mod_ssl-2.2.3-22.el5
  mod_jk (connector Apache /
Application Server RA Proxy Server

Application Server Crypto Server (HSS)
Java JDK jdk-1.5.0_11-fcs
crypto librairies v 2.4.0 and bouncycastle (Java) v 1.43
 K.Registration® and Trust.Center®
Data Base Server
Oracle including CLI sqlplus for the
execution of sql scripts during installation
Trust.Center® Web Server Apache httpd-2.2.3-22.el5
  mod_ssl mod_ssl-2.2.3-22.el5
  openSSL 0.9.8l
  mod_jk (connector Apache /



Workstation for TOE Actors

The workstations for actors are as follows :

Operator Workstation :

  • Hardware :  Workstation type PC
  • Software :  Microsoft OS (Windows 2000, XP Professional Version 2002 Service Pack 3 recommended),  Web browser (Internet Explorer 7.0 upwards or Mozilla Firefox 3.6 upwards)

System Engineer Workstation:

  • Hardware :  Workstation type PC
  • Software :  Microsoft OS (Windows 2000, XP Professional Version 2002 Service Pack 3 recommended) or Linux,  Web browser (Internet Explorer 7.0 upwards or Mozilla Firefox 3.6 upwards)

Certificate Holder workstation

The equipment is as follows (not limited to):

  • Hardware : Desktop or laptop
  • Software : Browser and email tool : Lotus Notes Compatible PKCS#11, version 6.5 upwards, Mozilla for versions 1.0 and higher, Outlook 2000 for versions  Outlook 2000, 2002 and 2003, Outlook Express for versions 5 and higher. Operating System: Windows 2000, XP (Service Pack 3), Vista and higher, Mac.

Supported Smart Cards

  • GemXPRESSO (TP IS v2) Gemalto
  • Ypsid card sscd (Sagem Orga)
  • TPC IMCY (Axalto)
  • ActivCard (ActiveIdentity)
  • AuthentIC V4 (Oberthur)
  • ID One Cosmo (Oberthur)
  • Instant EID IP2 Setec

Supported HSMs

  • Bull Trustway, Proteccio
  • Luna SA, CA, CA3, CA4, SP and XP, PCI
  • Thales NCipher NShield
  • Crypto module ANSSI (IGC/A) only in conjunction with KeySeed®
Product Images

Product Categories

Security Mechanism Groups

General Information




Product Documents

Icon Product Sheet
Type: Product Sheet
317.09 KB

Product QR Code

Last Update Time:
28-Oct-2013 01:48 PM
Please enter a search term !