|
Public Key Infrastructure (PKI) Group Test (Edition 6) This report is no longer available on line. However it is still available for purchase in PDF, CD or print versions. Click here to purchase on line using our secure server. Foreword Welcome to the sixth edition of The NSS Group PKI Group Test. For this edition, we have once again divided the report into two sections, one devoted to PKI software, and the other covering PKI hardware (hardware security modules). We have also updated the introductory material to provide additional background information on the implementation and uses of PKI. Demand for, and interest in, our previous PKI reports has been tremendous, and we have had well in excess of 25,000 downloads since the first edition of the report was published. Feedback confirms we are providing a major source of much needed information and advice to security professionals, and the NSS Group PKI reports are considered the definitive guides to the PKI market place. The sixth edition of our PKI report provides independent and comprehensive technical evaluations of the current leading products in the market place, and we hope you find this latest edition as useful and informative as those which preceded it. Bob Walder TABLE OF CONTENTS INTRODUCTION
When is a PKI System Not A PKI System
Cryptography
Secret Key Cryptography
Public Key Cryptography
Digital Signatures
Digital Certificates
How Are Digital Certificates Used
Certificate Enrolment
Authentication vs.Authorization
Alice Does e-Commerce
Certificate Validation
Certificate Revocation List (CRL)
Online Certificate Status Protocol (OCSP)
Basic Constraints
Validation Process
Other Uses For Digital Certificates
Public Key Standards
Certificate Management Protocol (CMP)
Simple Certificate Enrolment Protocol (SCEP)
Web-Based Enrolment
PKCS 10
Application Support
Securing The CA Root Keys
In-House vs Outsourcing
Responsibility and Liability
The Division of Authority
Brand Awareness
Product Reviews Product Reviews Baltimore Unicert 5
Architecture
UniCERT Certification Authority
UniCERT Certificate Authority Operator
UniCERT Certificate Status Server
UniCERT Publisher
UniCERT Registration Authority
UniCERT WebRAO
UniCERT RA eXchange
UniCERT Protocol Handlers
UniCERT Token Manager
UniCERT Advanced Technology
Installation
Certification Authority
PKI Editor
RP Editor
Registration Authority
Register
Authorise
Collect
Status
Auditing and Reporting
Client
Checklist
Pricing
Verdict
Contact Details BT Ignite Managed PKI 4.5.1
Architecture
End User
Managed PKI Administrator
Issuing Centre
Local Hosting
Automated Administration
Passcode Authentication
Trusted Web Transactions for Web Applications
Personal Trust Agent
Certificate Management Tools
Online Certificate Status Protocol
Key Management Service
Trusted Messaging for Microsoft Exchange
Trusted IPSec for Check Point
Secure Server Managed PKI
Global Server Managed PKI
Managed PKI for IPSec
Installation
Certificate Authority
Registration Authority
Configuration
Certificate Management
Auditing and Reporting
Client
Personal Trust Agent (PTA)
Certificate Validation Module (CVM)
Trusted Messaging for Microsoft Exchange
Checklist
Pricing
Verdict
Contact Details RSA Keon 6.5
Architecture
Keon Certificate Authority
Keon Registration Authority
Keon KRM
Keon OneStep
Keon WebSentry
Installation
Certificate Authority
Registration Authority
Auditing and Reporting
Client
Keon Web Passport
SecurID Passage
e-Sign
Checklist
Pricing
Verdict
Contact Details Safelayer KeyOne 2.1
Architecture
Private Secure Store (PSS)
KeyOne CA
KeyOne RA
KeyOne RRA
KeyOne CA Online Server
KeyOne CA Online Browsing Server
KeyOne LRA
KeyOne WEB
KeyOne Desktop
KeyOne Toolkits
Scryptor
Installation
Certificate Authority
Off-line CA
On-line CA
Registration Authority
KeyOne RA
KeyOne LRA
Auditing and Reporting
Client
Personal Certificate Operations
KeyOne Desktop
Checklist
Pricing
Verdict
Contact Details SSH Certifier 2.0.6
Architecture
SSH Certifier
Administration Service
CMP Service
External Enrolment Client Service
OCSP Responder Service
Publishing Service
SCEP Service
Web Enrolment Service
ODBC
LDAP
Hardware Security Modcules (HSM)
SSH Token Master
SSH Accession
Certification Request Processing
Installation
Certificate Authority
Registration Authority
Auditing and Reporting
Client
Checklist
Pricing
Verdict
Contact Details Hardware Product Reviews AEP SureWare Keyper Professional V2.2
Introduction
Hardware
Firmware
The Adapter Authorisation Key (AAK)
The Storage Master Key (SMK)
Application Keys
Keyper Administration
Load Balancing
Auditing
Verdict
Contact Details Chrysalis-ITS Luna SA
Hardware
K3 Chrysalis Crypotgraphic Engine
Luna PED
Firmware
K3 Chrysalis Cryptographic Engine
HSM Partitions
Clients
Network Trust Links (NTL)
Secure Command Line Interface (SCLI)
Secure Authentication and Access Control (SAAC)
Secure Backup Token
Secure Identity Management (SIM)
High Availability and Load Balancing (HA)
Updates
Administration
Auditing
Programmability
Verdict
Contact Details nCipher nShield
Hardware
Software
Security World
KeySafe
Applications
Cryptographic Acceleration
Web Services (XML)
SSL Web Servers
SSL Virtual Private Networks
PKI
Database Encryption
Secure Code Execution
SEE Application areas
Verdict
Contact Details Summary Appendix A Appendix B |
