HARDWARE AND SOFTWARE COMPLEX OF THE SUBSYSTEM OF CERTIFICATION CENTERS

The hardware-software complex of the subsystem of certification centrs (PAC PUC) is desing to implement the services management of public key certificates (PKC), PKC storage in the database (DB) to odtain accurate time and to perform cryptographic operations and storage of certificatr of certification center (CC) in the hardware-software unit (APU).

19

 

Main parameters and characteristics:

PAC PUC provides for:

  • creation of key pair (private and public key) for users;
  • release and review of PKC;
  • CC key generation and production of PKC CC;
  • authentication of CC administrator of registration centre (RC);
  • PKC strorage and certificate revocation lists (CRL), providing access to them;
  • suspension and revival of PKC;
  • output of CRL;
  • formation of PKC;
  • providing access to the stored PKC and CRL;
  • long-term storage of PKC and CRL output from the operational treatment;
  • preparation and printing of cards of CC's public key administrator, RC administrator and users;
  • report generation on the issued and withdrawn PKC;
  • backup and restore of CC database;
  • publication of issued CC by the PKC;
  • publication of issued CRL;
  • ensuring access for authorized users and applications;
  • support of online check protocol of PKC status in real time;
  • providing the current real sttus of the certificate and access to CRL via OCSP;
  • time synchronization of fuctional components of the CC sybsystem from external source of accurate time;
  • confidentiality and integrity of software tools (ST) of CC;
  • maintain audit records protected from unauthorized modification using the reference performance;
  • collection of registration information about users of the system through the application for issue of PKC.

HSC provides the following key functions:

  • protect and store private keys;
  • signing of PKC and CRL;
  • publishing of PKC CC;
  • cryptographic data processing;
  • generation of random data;
  • support of cryptographic algorithms GOST 28147-89, STB 34.101.31-2011, STB 1176.1-99, STB 1176.2-99, STB P 34.101.45-2011;
  • clearing of memory of the device in case of opening the case;
  • generation of personal and public key, signature and indentification in accordance with the requirqments of STB T 34.101.45-2011, STB 1176.2-99.

ST of CC consist of server and client ends. All components of the ST CC are interconnected through software interfaces.

ST of CC function under OS RedHat Enterprise Linux 5.2, Suse Linux Enterprise Server 10.

Interaction between the RC administrator and St of CC is carried out through a web interface, and encryption provider carries out user registration installed on the user's computer, using standard protected communication protocols SSL/TLS.