Azenru

SPKIS – Digital Signature Solutions

Overview of the solution

“SPKIS-Digital signature solutions” is a software complex for providing digital signature, encryption, security of information systems and other similar solutions. E-signature solutions were developed on basis of rules determined by numerous cryptographic algorithms and international standards based on principles of PKI technology. It should be noted that during the preparation of the system special attention was paid to the issue that all the features of the system meet the requirements indicated in the articles of the law of The Republic of Azerbaijan "On Electronic signature and electronic document" signed by the President of The Republic of Azerbaijan on March 9th, 2004. The software complex includes certification centre, e-signature devices, multifunctional libraries’ package for e-signature and encryption.

Main organizations and activity of areas for application of SPKIS Digital Signature Solutions:

  • Taxes services
  • Customs control
  • Ministries
  • Banks
  • Universities
  • Electronic elections
  • Electronic trading
  • Payment systems
  • Strong authentication services (two factor authentication)
  • Electronic document management
  • Mail security
  • SSL certification

System Architecture:

SPKIS – the general architecture for creation of Certification Centre is given in the below picture:

 

 

CA-DB

Central Database to be used for storing and managing the information of the Centre

CA Administrators

Windows application working in local network. It is used for management of certificates

CRL Service

Mail Service

Service for periodic publication of CRLs and for sending email notifications. It works in local network.

Web ES

Web application designed for registration and receiving of certification requests.

HSM Service

Service realizing the integration of Certificate Centre with HSM.

LDAP, HTTP directories

Service for management of LDAP and HTTP directories.

RA Manager

Web application for managing the Registration Centre

Integrated systems

Systems to be integrated with electronic certificates. The integration is done by cryptographic libraries.

 

  • System basic features:

    • Creation and management of more than one certification center in one server;
    • Creation public/private key and submission of digital certificate request by  web enrollment service of certification centre;
    • Full integration with HSM for the purpose of security of CA keys;
    • User keys can be generated and stored in smartcards and eTokens;
    • The secure management service for registration authority;
    • Registration of all transactions log;
    • System is developed on the base of international standards and local legislations for digital signature;
    • Software for generation of digital signature and library for cryptographic  methods;
    • Technical functionalities for accreditation with government Root CA;
    • Support of different range of cryptographic algorithms (RSA, DSA, SHA1, SHA2, ECDSA).
  • There are different information systems in the areas of E-signature and certification centre. During the development of SPKIS system similar systems were analyzed and their shortcomings were investigated and these issues were taken into consideration in the process of system development. The main distinctive features of “SPKIS” system from the other certificate centre systems are the following:

    • It is possible to create and use any number of root and sub-certification centre in one physical server;
    • The registration of certficate requests in the system is done not on paper, but electronically over the internet which serves for maximum simplification of the process;
    • The strongest symmetric and asymmetric cryptographic algorithms and caching algorithms are used in the system. RSA, AES, SHA1, SHA512, etc. can be shown as an example;
    • The system allows certificate owner to generate e-signature creation information and independently send certificate request to the centre for certification purposes;
    • There are multifunctional Java and C# libraries in the system meant for integration of different information systems inside the system with e-signature;
    • The system works in the integration environment with SmartCard, eToken, HSM and other similar cryptographic devices.

    • “SPKIS – CA Manager” – Management system for Certification Authority;
    • “SPKIS – RA Manager” – Management system for Registration Authority;
    • “SPKIS – Enrollment Service (ES)” – Registration system of certificate requests (web application);
    • “SPKIS – Audit” – Investigation centre of arguments related with digital signature;
    • “SPKIS - eSigner” – software for signing/verifying and encryption/decryption of electronic documents;
    • “SPKIS - AzTrustCryptoLib– Cryptographic library (Java & C#) for integration of information systems with digital signature;
    • SPKIS-HSM Service – HSM integration module;
    • “SPKIS-LDAP” – Software for publishing of digital certificate and CRLs to LDAP directories;
    • “SPKIS - CAS” – Management service for Certification Authority.

Selected innovative software

Our Partners