The PKI series of products are designed to meet the requirements of information security on the Internet, intranet and extranet. The goal is to build up a robust foundation of enterprise information security applications for ID control, electronic signature and data confidentiality. The Changingtec PKI places more attention on "simplified implementation of security control systems", "reduced management overhead", and "extended information security application scope" that may affect the core competence of enterprises. It provides both security control packages and tailored services to enhance business competitiveness, lower development costs required by security control systems, and enhance core values of business entities.
This product is a management center for digital certificate issuance. It serves as the core component of single- or multi-layer public key infrastructure built by specific enterprises.
Provide service requirements such as application, termination, extension, and renewal.
Provide a system for looking up the certificate status to provide a verification mechanism of certificate status for organizations or units.
KRS: The platform for key backup and recovery offers a safe encryption environment for organizations or units. It aims to avoid losing the key, and it would be impossible to recover important electronic documents.
Users may sign on with multiple certificates including internal, commercial, natural person, as well as financial and medical ones.
Working together with the certificate authority (CA), this system provides batch certificate release and creation function.
Together with the Hardware Security Module (HSM), the SS features applications encryption and decryption as well as signature applying and verification mechanism.
Ensure document security within enterprises by fending off unauthorized access while maintaining convenient access by outsiders.
Provide application systems for multiple verification systems of digital certificate.
A product of modularized design for secured transmission and automatic processing. The Audit Management Module keeps complete audit trail.
"Featuring "unpredictability, non-repetition, and discard-after-use" the MOTP is a solid protection lock with dual factor authentication.
Changingtec's PKI (Public Key Infrastructure) products can seamless integrate with wide range of business applications including; internal ones like remote secure sign-on, email client, and mobile security control as well as external ones like order exchange, electronic notes, electronic purchasing, and electronic billing. In addition, every PKI product features one cross platform security control component for improved customization flexibility. This ensures all customized systems developed in future can enjoy the benefits of PKI by employing the application interfaces that came along with the security module. This PKI series supports scores of leading database systems and directory servers and can provide the best application possibility as all of them can be embedded in embedded systems bearing more restrictions.
Changingtec's PKI products can operate in varying enterprise information environments of today. It integrates with existing information structure by integrating with a wide range of applications or products directly and supporting most leading back-end database and directory server systems.
Integration flexibility of the PKI series enables direct client-end application integration as required to save implementation costs. Custom adjustments are also available for seamless integration with customers' application systems. The user friendly web interface for system management of Changingtec's PKI products reduces operation overhead of enterprise system administrators and maintenance costs in future.
The PKI (Public Key Infrastructure) series is designed to comply with information security standards including: X.509v3, MS-CAPI, PKCS#7, PKCS#10, PKCS#11, PKCS#12 and OATH. The goal is to ensure enterprises implemented with series products can connect to the global network and enjoy the benefits of the PKI system continuously.
Changingtec's PKI products fully support many leading brand hardware devices including HSM (turbocharged signature encryption card), USB Security Token, IC Card, and myPass USB drive for improved private key security at both server and client ends. This helps prevent key loss caused by system failure or key leakage from software key. PKI system integration module
Signature encryption components, file security control components, XML security control components, PDF security control components, ID authentication components, and IC card security control components.
IC card initialization,ard printing management and password slip printing
Online certificate status polling system (OCSP)
Immediate Search of Certificate
Key management, signature encryption performance enhancement, and load balance/fail-over.
Support varies certificates: MOICA, GCA, MOEACA, HCA, FXML CA, and in-house CA/p>
IC card、USB token、HSM
security certificate device
Convenient online filing services./ Single signon integration solution / Official document / Signature Security control development kit / Electronic bill/receipt solution / Security control development kits for personnel attendance system / Document image management system (DIMS)
Banking security control platform / FXML security control system / FEDI security control system / Electronic bill security control system / Online securities trading security control system / Mobile securities trading security control system / Online underwriting security control system / Electronic statement solution
Hospital certificate management system / EMR solution / HIS security control development kits / Electronic timestamp integration kits
Enterprise certificates management system / Electronic purchasing security control platform / Electronic billing integration system / Secure email solution / DIMP integrated bank operation platform / Form recognition system / Access control integration
Digital certificate management mechanism
This product is a management center for digital certificate issuance. It serves as the core component of single- or multi-layer public key infrastructure built by specific enterprises. Based on relevant certificate issuance standards, this subsystem can process certificate application, revoke, lock, unlock, extend, and update requirements posed by a verified certificate registration system (RA) or lower tier CA system. In addition, this product provides the certificate revocation list (CRL) distribution service to ensure certificate validity assured by the certificate application system.
Enterprises can issue digital certificates to users, employees, partners and clients based on their own decisions to enjoy the benefits of policy autonomy and zero card lossing risk.
The Net-Sphinx network security control center creates robust and complete PKI for enterprises.
The security control center validates each users' ID and permission to ensure that only authorized users can enter relevant pages for certificate processing.
You may set up this system to be accessible by multiple certificate center supervisors to enable branches of global enterprises with their own certificate supervisors to engage in certificate issuance and management.
The certificate management mechanism contains operations of certificate issuance, revocation, update, extension, and query in simple and easy pages through browsers. The system administrator may create a certification center and manage certificates while users may run a full range of personal certificate operations with ease.
This system is designed in a 3-tier structure for direct horizontal expansion when the system is overloaded by growing certificate requirements from users.
Common attributes of digital certificates set up by system administrators may cover key length, validity span, and certificate issuer basic data with optional key length of 2048 / 4096 bit or more.
This system supports key escrow mechanism, ensuring all issued digital certificates are logged and saved for full back / recovery services. In case of lost key or forgotten password the certificate administrator may replace it with a new one or change the password after careful review.
user identification, accepts requests for certificate application.
Serving as the primary service window for general certificate users, this product authenticates general certificate user identification, accepts requests for certificate application, termination, extension, and renewal, relays these requests to the CA certificate management system for processing, and readies the certificate generated by the CA for users' downloads.
Microsoft CAPI and RSA PKCS standards compliant, supports functions most CA systems lack, e.g. PIN code replacements and dynamic data write-in.
Download and manage certificates through I.E.、Chrome、Edge、Firefox browser directly.Supports key gener
The client software supports RSA/ECC key generation function. Keys generated can be placed in files, USB tokens, IC cards, and HSMs.
Supports SSL 3.0/TLS 1.0、1.1、1.2 standards and accepts HTTPS connection at client end for secured connection channel.
System administrators may carry out administration tasks of operation history query, certificates statistics reporting, system status monitoring, and abnormality feedback through web-based interface to learn up-to-date system status.
Supports certificate application with Certificate Signing Request.
Support wide range of public certificates management center Government validation specification compliant Easy deployment
The multi-certificate authentication system.This is a validation server for digital signature. It serves as a multi-certificates validatio mechanism for portals and application systems and composes an ideal PKI process along with cross-platform security control components. Together with PKI relevant standards supports this product can manage certificate revocation list (CRL) issued by Public CAs and provides online certificate status protocol (OCSP) function.
Support GCA, MOICA, MOEACA, XCA, HCA, FXML certificates (by TFCA), and MCA (by MoD).
Providing a comprehensive cross-platform service.
1.SOAP webservice。 2.RESTful API。Supporting access interfaces for different system development environments, including C/C++, VB/ASP, .NET, JSP, Delphi, etc., to facilitate the integration of certificate application mechanisms in various application systems.
Compliant with certificate validation items given in Public Key Certificate Processing Security Checklist release by the GCA Management Center, Research, Development and Evaluation Commission, the Executive Yuan.
Integrable with the online approval operations of the official document management system and compliant with the File Management Information System Validation speciofication released by the National Archives Administration (NAA).
The electronic signature and validation function must support RSA and DSA algorithm.
Support symmetric encryption and decryption, including DES, 3DES, and AES.
Supports the Ministry of the Interior's Natural Person Identity Confirmation Service (ICS).
Through the use of Natural Person Certificates, it establishes a connection with the Ministry of the Interior's Identity Confirmation Service to verify the correctness of the identification number.
Validation standards (Security Toolkits)
Support X509 certificate relevant validation standards, e.g. CRL and OCSP.
Support PKCS standards
1.Data format should comply with international PKCS#7 and NAA's XML specification.
2.Support PKCS#11 and certificate token (Smart card, USB Token) of Microsoft CAPI CSP.
Comply with RFC 3161 (TSP) and support time stamp server request time stamp for GCA.
Features user friendly web based management interface for administrators' query and customer and certificate information management.
Every piece of signature data and transaction log is saved in the audit log database of VA. Each record is uniue numbered to ensure auditability and nonrepudiation.
1.Provide Challenge-Response certificate ID authentication.
2.Valid date of certificate can be validate.
3.Once the user-generated signature value is verified, the user's identity can be retrieved through the agreed-upon certificate lookup.
Features backup mechanism, support software auto fail-over and software load balance software load balance functions.
Provide rack-mount server (plug-n-play), or VM server.
Security mechanism application like electronic invoice platform and signature verification.
Security mechanism application like electronic official document online approval systen, signature verification and digital packaging.
Security mechanism application like lectronic purchasing platform and signature verification.
Provide SSO, integrates with digital signature and validation, for security applications.
Electronic document archive and retrieval system integration.。
Electronic medical records signature verification integration.