We have turned a world-leading PKI system into a product that you can launch and get it all setup and ready for the first certificate without any hassle.
Enigma Bridge provides physical security for your private keys. The protection is provided with FIPS140-2 Level 3 certified hardware that makes your keys untouchable.
EB PKI gives you a complete control for your key management. From the number of CAs and sub-CAs to certificate profiles.
The keys used by the PKI system are only available in secure hardware. They neither leave it nor get stored on disk or memory.
Dynamic user authentication with strong encryption via HTTPS security or PKI’s virtual private network
Logs of PKI private keys are available for audit and inspection.
EB PKI is designed for internal public key management and you can start issuing your own certificates within 20 minutes. Fast, cost efficient, and secure PKI system for everyone.
Certificates are signed by secure hardware to ensure high-level of security while you get all the benefits of the cloud.
Enigma Bridge brings you a fully featured and simple PKI system with a certification authority and an OCSP responder supported with FIPS140-2 Level 3 hardware-protected keys. Includes an out-of-the-box HTTPS with a browser trusted certificate.
All prices are exclusive of VAT.
* we guarentee only up to 100,000 OCSP verifications in 24 hours.
The main threat to key management systems is loss or compromise of management keys.
you significantly limit your exposure to this threat if you use secure hardware providing secure environment with strong physical security.
You can decide whether the security appliance is in your datacenter, or in a cloud. Our systems ensure that your keys are always protected.
Specialised security hardware is far superior to software solutions from the security point of view. The downside is the cost - capital as well as operational.
The Enigma Bridge technology solves the cost problem of key management, including its scaling. The service is multi-tenancy while still physically separating user secrets. It features a native web service API and an enrolment process that can be fully automated.
Former Head of Security Architecture at Barclaycard
The key management system is powered Enigma Bridge hardware encryption platform and the EJBCA PKI application from PrimeKey (an enterprise PKI system).
Certificate Authority – an X.509 certificate authority supporting a wide range of protocols including X.509, PKIX (RFC5280), SCEP, or CMP (RFC4210 and RFC4211).
Registration Authority – a front-end for manual approvals of certificate requests.
OCSP Responder – on-line certificate validation according to RFC2560, RFC6960 and RFC5019.
Physical security of PKI keys – keys for issuing certificates are protected with secure hardware with FIPS140-2 Level 3 and Common Criteria EAL4+ or EAL5 certifications.
Domain Name with HTTPS – out-of-the-box HTTPS to your new PKI system with DNS records instantly and securely updated each time you restart the EC2 instance.
For a full of the features of EJBCA PKI application, please visit the PrimeKey website.
Everyone trusts their own software applications because, well - they are ours and we “know” we got them right. The issue is how to make others trust our applications, especially if the sole purpose of those applications is to protect data.
Security validations and how to conduct them is one of the problems with no simple solution. Secure hardware has been the main answer for more than 20 years.
While there is no perfect solution for verifying security, the best current benchmark is an independent validation of the quality of a cryptographic product or application. There are currently two main standards suitable for validation of critical key management functions.
Federal Information Processing Standard (FIPS) 140-2 - implemented by National Instituted of Standards and Technology (NIST), a US government agency, to validate security of cryptographic products.
A successful validation results in compliance with:
Level 1 - lowest level of security
Level 2 - shows evidence of tampering (hosting provider detects)
Level 3 - responds to attempts at physical access (users detect)
Level 4 - highest level of security
An international standard, where compliance is demonstrated by national authorities in Canada, US, UK, Germany, and Spain
A successful validation results in an assurance level (EAL):
EAL1, EAL2 - functionally tested, structurally tested
EAL3 - methodically tested and checked
EAL4 - methodically designed, tested, and reviewed
EAL5 - semiformally designed and tested
EAL6 - semiformally verified designed and tested
EAL7 - formally verified designed and tested
HTTPS/TLS protocol used by all secure websites points at vulnerabilities. It leaks sensitive information about cyber security management and can help hackers or government agencies extract sensitive data.
Until now, it has been widely believed that use of HTTPS:// on web sites does not provide any sensitive information that would endanger the security of the web service. No one expected that it could leak internal information about security management.
I am puzzled why people are not all over this - enormous implications. I discussed it in my organization yesterday.
Daniel Bilar - Information Security Specialist at VISA
This work on fingerprinting the software that generated RSA keys (from public keys!) is a must read.
Co-founder of CBX Group, co-founder of TrueCrypt audit project.
Our co-founder, Petr Svenda, published research results of his team's discovery that SSL public keys leak information on how they were generated at USENIX Security Symposium and it received the best paper award. Their suprising results imply that freely available public encryption keys can put companies at risk. This public information provides details on their cybersecurity management, which to date has been considered a safe secret.
Ross Anderson, professor of security engineering
at the University of Cambridge