Asymmetric keys enable the wide scale use of encryption. Messages, such as e-mail, are encrypted with the public key of the recipient(s), and only said recipient(s) can decrypt the message using their private key(s).
However, the private key used for decryption can be compromised, unavailable or approaching expiration. In such cases, a key recovery solution must be employed to ensure that protected information is safely retrieved. In other words, to make sure the unencrypted data is restituted.
The product is available as a software solution or a service delivered by KEYNECTIS.
K.Recovery® is an autonomous module of the Sequoia® suite featuring web services interfaces for easy integration with applications. It is natively integrated with the other Sequoia® suite modules, including K.Registration® for enrollment management, and K.Smart® for device personalization.
Thanks to the flexibility provided by the web services interfaces, K.Recovery® complies with your confidentiality key management policy. In particular, it can be functionally and/or geographically dissociated from the PKI.
> Uses
> Principles in service mode
> Features
> Product benefits
- Protect envelopes for electronic invitation to tender procedures
- Secure e-mail
- Encrypt files or drives
- The contracting customer for issuing encryption certificates is the Registration Authority (RA)
- The RA delegates technical production and secure escrow operations to the KEYNECTIS KPC (Key Producing Center) and certificate producing infrastructure
- Keys can be produced and restituted on a software device (password-protected PKCS#12 envelope) or hardware device (PIN code-protected USB cryptographic token)
- Creation of PKCS#8 or PKCS#12 certificates, protected by a random password accessible by authorized operators only
- Loading of the PKCS#12 certificate to the physical device
- Generation of secure keys on FIPS 140-2 Level3 or CC EAL4+ certified HSM (Hardware Security Module; PKCS#11 interface) with secure erasure function
- Secure management through distinct administration roles. Access to the service for each operation is governed by authorizations granted to the operators concerned, via the administration interface. For every operation, the user must be authenticated through an HTTPS connection with mutual authentication (SSLv3).
- Secure escrow : secure electronic storage of keys using cryptographic procedures (encrypted envelope)
- Recovery by user : recovery of PKCS#12 file and associated activation code via the K.Registration® interface following user authentication
- Recovery by operators : there are two operator profiles (PKCS#12 file recovery operator and PKCS#12 activation code recovery operator). Depending on the customer organizations concerned, a single operator may or may be granted additional rights to recover an end-user certificate.
- Renewal of certificates with recovery management
- Secure key generation, escrow and recovery processes
- Modularity (can be used in generation-only mode or escrow/recovery mode)
- Flexible integration thanks to web services interfaces
- Turn-key availability thanks to integration with Sequoia®
- Compliance with security policies
- Simple recovery using secure communications
- Available in service mode
If you would like to receive further information about our products and services, please complete the following form :
> Find out more
