|
Public
Key Infrastructure
(PKI)
Group Test�(Edition
4)
Foreword
Welcome to the fourth
edition of The NSS Group PKI Group Test.
This edition sees a
departure from the format adopted so far, in that with the inclusion of
some new outsourced PKI services, we felt it prudent to divide the report
into two sections to make it easier to follow: one dealing with
software-only solutions and one with managed PKI services.
The inclusion of the
nCipher nShield Hardware Security Module presented us with something of a
dilemma. We eventually decided to create a new section for HSM devices,
and hope to add to that in the future, perhaps even spinning it off into a
separate report.
These changes have
also forced us to expand the introductory material to cover in more detail
such areas as in-house vs outsourced PKI, and root key security. This
means that there should be plenty of interest in the Introduction even for
those who have read previous versions of the report.
Note that both BT/VeriSign
and IBM were approached to update their entries for this edition, and both
replied that their product offerings had not changed significantly since
we last looked at them.
Baltimore has been
through changes in recent months which prevented its participation this
year, but we hope to include its UniCERT V5 product in Edition 4 of our
PKI report (Q1 2002). We had also hoped to include Chubb managed PKI
services in this edition, but the timing of the Baltimore takeover
prevented that from happening.
On the other hand, we
have new entries for RSA Keon, Entrust and Safelayer in the product
section, and De La rue Interclear in the managed services section. nCipher,
for now, is the sole entry in our HSM section.�
We have had well in
excess of 10000 downloads since the first edition of the report was
published. We hope you find this latest edition as useful and informative
as those which preceded it.
Bob
Walder
Table of Contents
Introduction
When is a PKI System Not A PKI System
Cryptography
Secret Key Cryptography
Public Key Cryptography
Digital Signatures
Digital Certificates
How Are Digital Certificates Used?
Certificate Validation
Public Key Standards
Application Support
Securing The CA Root Keys
In-House vs Outsourcing
Responsibility and Liability
The Division of Authority
Brand Awareness
Product Reviews
Product Reviews -
Software Only
Baltimore
Unicert 3.0.5
Architecture
UniCERT Core
Modules
UniCERT
Advanced Modules
UniCERT
Associated Modules
Installation
Certificate
Authority
Policy Definition
Registration
Authority
Auditing and
Reporting
Client
Checklist
Pricing
Verdict
Contact Details
Entrust/PKI
5.0
Architecture
Installation
Certificate
Authority
Administration
CA Signing Keys
Cross Certification
Timestamping
Certificate
Revocation
Registration
Authority
Roles and Policies
Users
AutoRA
Keys
Key Recovery
Roaming Users
Auditing and
Reporting
Client
TruePass
Connectors
Checklist
Pricing
Product Costs
Sample Prices
Summary
of Entrust Pricing Model
Verdict
Contact Details
IBM
Trust Authority 3.1
Architecture
Trust Model
Installation
Certificate Authority
Registration Authority
Auditing and Reporting
Client
Checklist
Pricing
Verdict
Contact Details
RSA
Keon 5.7
Architecture
Keon Certificate
Authority
Keon Registration
Authority
Keon KRM
Keon OneStep
Keon WebSentry
Keon Web PassPort
The Keon Security
Server
Keon Desktop
Keon Agents
Installation
Certificate Authority
Registration Authority
Auditing and Reporting
Client
Keon Security Server
Keon Desktop
Checklist
Pricing
Verdict
Contact Details
Safelayer
KeyOne 2.1
Architecture
Private
Secure Store (PSS)
KeyOne CA
KeyOne RA
KeyOne RRA
KeyOne CA
Online Server
KeyOne
CA Online Browsing Server
KeyOne LRA
KeyOne WEB
KeyOne Desktop
KeyOne Toolkits
Scryptor
Installation
Certificate
Authority
Off-line CA
On-line CA
Registration
Authority
KeyOne RA
KeyOne LRA
Auditing and
Reporting
Client
Personal
Certificate Operations
KeyOne Desktop
Checklist
Pricing
Verdict
Contact Details
Product Reviews -
Outsourced PKI
BT
TrustWise OnSite 4.5
Architecture
Installation
Certificate
Authority
Registration
Authority
Configuration
Certificate
Management
Auditing and
Reporting
Client
Checklist
Pricing
To 1000 Seats
Over 1000 Seats
Verdict
Contact Details
De
La Rue InterClear ClearCert
Architecture
Physical Access
Access to
Computers
Fire Precautions
Network Security
Installation
Certificate
Authority
Registration
Authority
Auditing
and Reporting
Client
Checklist
Pricing
License Fee
PKI Set-Up Fee
PKI
Registration Authority and other User Service Options
PKI
Tailoring Options
Sample PKI Costs
Verdict
Contact Details
Product Reviews - HSM
nCipher
nShield
Hardware
Software
KeySafe
Applications
Cryptographic
Acceleration
PKI
Secure Code
Execution
Verdict
Contact Details
Summary
The Market
The Products
Appendix A - PKCS Standards
Appendix B - Glossary
|
