World-class IT security solutions delivered with passion and expertise Without even knowing it, you are probably using PrimeKey PKI technologies on a daily basis. Hacking and data loss is a clear and present threat today. Have you taken the necessary precautions to ensure that your data is safe? IT security doesn’t need to be a headache. PrimeKey’s process guarantees a bulletproof solution and your peace of mind. Our PKI software is Open Source, which brings another level of security for you. PrimeKey has some of the very best minds within PKI and IT Security and we gladly share our knowledge. We do not believe in lock-in or closed standards. Our products offer flexibility and agility for your benefit. PrimeKey has been working with PKI for over 15 years and we have a track record of many successful implementations. Ourftware products scale easily as you grow, regarding instances, VMs, servers, etc. PrimeKey Support comes from experienced experts who’ve participated in developing our products. PrimeKey is a pioneer in open source security software that gives businesses and organizations around the world the ability to implement security solutions, such as e-ID, e-Passports, authentication, digital signatures, unified digital identities and validation. PrimeKey’s vision is a world where the Internet is a secure place for sensitive information and communication. For this to become true, IT security needs to be available to all. Through open source solutions, we come one step closer to this vision. Today’s world relies heavily on PKI. From governments to innovative tech startups to world-leading enterprises, PKI is the backbone of most IT security solutions today. Our solutions for your use case. PrimeKey’s technology is used by organizations and enterprises to securely implement PKI solutions used for ePassports, eBanking, ePayments, IoT and more. Read more Read more Read more Read more Read more Read more Read more Read more li|Share page st|Creating trust PKI protecting your data and customers The importance of IT Security IT Security Solutions How can we help? h1|for the connected society h2|Our most popular products Success stories from PKI implementations around the globe Benefits for your business This is PrimeKey Open Source PKI & Public Key Infrastructure IT Security Solutions Join our team and help make the Internet a safe place for sensitive communication Trusted by enterprises and governments all over the world Contact us h3|Welcome 5G opens up options for new IoT application areas and security becomes fundamental for longterm trust PrimeKey and i4p announce a new technology partnership Get involved with our partnership program 5G, edge & security for the connected factory Market Trends: IoT Edge Device Security h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions EJBCA Enterprise EJBCA Appliance SignServer Enterprise The Faroe Islands – Creating a Future-Proof National e-ID Siemens – The PKI foundation for Siemens digital growth opportunities Bank-Verlag – Launching an eIDAS-compliant trust center for the German banking industry Swisscom – Becoming eIDAS compliant and migrating from RSA to EJBCA Enterprise Enabling Innovations – Transforming Healthcare ZetesConfidens – A Qualified Trust Services Provider at your service Dimension Data ensuring secure mobile communication for the German people Siemens – Ingenuity for life and safe communications ITCARD – Smooth sailing with secure Point of Sales Open source Expertise Flexibility Proven quality Scalability Support Senior QA / Test Automation Engineer Experienced Scrum Master Senior Java Developer with IT-security interest Software Developer DevOps Engineer Senior Software Developer Senior Software Product Developer DevOps Engineer - Based in Sweden Wellington Central, Hong Kong Accra Lilongwe Faroe Islands Hanoi Tel Aviv Zürich Zaragoza Ankara Wien Weingarten Warszawa Waltham Vantaa Valence Unterhaching Singapore Tunis Trondheim Thatcham Tbilisi Taucha Tallin Tadworth Suwanee Surrey Stockholm Sonera Solna Barcelona San Mateo Roding Rijswij Rapperswil Puteaux La Défense Praha Porto Portland Ponte San Pietro Plano Paterna Paris Padova Paderborn Osnabrück Osaka Toronto Nuth North Reading Newark Naila München Miraflores Maurepas Mantova Manama Madrid Lysaker London Linz Lima Les Ulis Lehi Kuala Lumpur Kista Kiruna Khartoum Kathmandu Bagmati Istanbul Irving Idstein Houston Herndon Hannover Hamilton Groningen Göteborg Cairo Giza Geneva Gemenos Frankfurt am Main Falls Church Eschborn Eindhoven Duisburg Dubai Colombes Chisinau Charenton-le-Pont Casablanca Capellen Budapest Bucharest Brussels Bromma Bristol Blackwood, South Wales Berlin Basingstoke Hampshire Bamberg Baku Bad Homburg Baar Austin Arnhem Ariana Amersfoort Allschwil Algiers Addis Abada Aachen Amsterdam Warszawa Kuala Lumpur San Francisco Stay up to date with our newsletters PrimeKey headquarters h5|BLOG NEWS Partnership WEBINAR Gartner report EJBCA Enterprise, SignServer Enterprise IoT EJBCA Enterprise, PKI Appliance EJBCA Enterprise, Becoming an eIDAS (Q)TSP IoT, IIoT, EJBCA Enterprise eIDAS, Qualified Trust Service Provider, QTSP, Qualified Certificates Mobile communication, LTE IoT Point of Sales, PKI Appliance sp|PrimeKey * * * * * * PrimeKey * * * * * * We deliver you news, blogs and upcoming events 2021-04-06 @primekeyPKI PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|How can we help? h1|Get the latest h3|Welcome Webinar: 5G, edge & security for the connected factory Twitter updates h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * IIoT stands for Industrial Internet of Things. NPKD stands for . HTTPS stands for Hypertext Transfer Protocol Secure. HTTPS is an extension of HTTP and is used for secure communication over a digital network, most often the Internet. Learn more about IT security and PKI (Public Key Infrastructure), the backbone of most IT security solutions today: SSL stands for Secure Sockets Layer. TLS stands for Transport Layer Security. MRTD stands for Machine Readable Travel Document. PKCS stands for Public Key Cryptography Standards. CSR stands for Certificate Signing Request. CRL stands for Certificate Revocation List. VA stands for Validation Authority. RA stands for Registration Authority. CA is short for . PKI stands for Public Key Infrastructure. Learn more about PKI: Android application signing is based on certificates and RSA or ECDSA keys. Android application signing is an essential part of securely developing, distributing and installing android applications and it is a pre-requisite for any application that is to be installed on an Android device. The technology used for Android application signing has continuously evolved by the introduction of new signing schemes. The core idea here is that, while developing and distributing apps within the Android eco system, security and trust for the signing schemes should be maintained by a crypto agile code signing approach. In addition to the original v1 signing schema that is identical to JAR signing, Android applications may now be signed with v2, v3 and v4 signing schemes. Android versions until Android 6 used Android v1 signing scheme. Android 7 introduced v2 signing scheme. Android 9 introduced v3 signing scheme and Android 11 introduced v4 signing scheme. For maximum compatibility and security, Android developers are recommended to sign their applications with all signing schemes. Features in the later signing schemes also improve user experience when installing Android applications. Read our Tech Update to learn more: Crypto Agility is a principle for gradually improving security and attack resistance in a secure infrastructure based on cryptography. Any cryptographic algorithm has weaknesses. As cryptographic research and computing power evolves the ability of existing algorithms to protect data privacy and integrity is reduced. In an eco system for distribution and deployment of code, the use of multiple code signatures in parallel enables the code signing system to be crypto agile. New cryptographic algorithms are introduced and new deployment environments are set up to require signatures with stronger cryptography. By increasing the lowest cryptographic strength supported in any target environment where the code is deployed, the use of legacy algorithms may be phased out and the security of the eco system is kept strong enough to resist attacks. Learn more: A digital certificate is a digitally signed document and can be compared with the physical identity card or a passport in the analog world. A digital certificate is used to provide and prove the identity of a user, server or thing when communicating over untrusted networks. X.509 is a PKI standard for digital certificates and public key certificates. It verifies that a public key belongs to a specific user, server or other digital entity. Certificate validation services can include access to Certificate Revocation Lists (CRL), Online Certificate Status Protocol (OCSP) and CA chain certificate downloads. A Certificate Authority is responsible for feeding the Validation Authority with certificate status updates based on the defined policy. A Certificate Authority (CA) issues, renews, manages and revokes digital certificates. A CA signs certificates with its private key and is the trust anchor for the issued certificates. The Certificate Authority private key is normally stored in a Hardware Security Model (HSM). A Certificate Authority usually operates in hierarchies where a Root CA certifies itself (self signed) and a subordinate CA is certified (signed) by a superior CA. Most Certificate Authority software solutions work with standard interfaces and protocols so that interoperability can be guaranteed. A Certificate Authority works together with a Registration Authority where the RA issues a certificate request to the CA via a user-friendly GUI or via integration friendly APIs and standard protocols. PrimeKey offers an industry-first solution, for implementing an RA directly into a smart manufacturing environment. . The was adopted by the European Parliament on July 6th, 2016, and entered into force in August 2016. Member states had to transpose the directive into their national laws by May 9th, 2018 and identify operators of essential services by November 9th 2018. For organizations to meet the obligations of NIS, the task can be separated into administrative and technical measures. Administrative measures are implemented through the accordance of security standards like ISO/IEC 27001 Information Security Management System (ISMS). These are supported by administrative actions and risk management measures including ongoing user training, security audits and ethical hacking to ensure security competency and to improve organization’s level of cyber readiness from both business and regulatory perspectives. Technical solutions include the implementation and continuous development of cyber situational awareness solutions such as SIEM (Security Incident and Event Management), secure identity confirmation tools, and data communications security solutions. Only a combination of administrative and technical measures is enough to comply with the NIS authoritative requirements. To meet the fundamental requirement under NIS for “appropriately authenticated and authorized” access, organizations need a method of defining and enacting controls that is both secure and can be deployed across disparate infrastructure and processes. Public Key Infrastructure (PKI) is the most widely adopted form of technology for establishing the identity of people, devices, and services – enabling controlled access to systems and resources, protection of data, and accountability in transactions. PKI includes a set of hardware, software, policies, processes, and procedures required to create, manage, distribute, use, store, and revoke digital certificates and public keys. Certificates are issued to entities such as users, devices, web servers, passports, smartcards and IoT devices. The provisioning of certificates to either devices or tokens enables two benefits. Firstly, it gives a device or a token an identity, and secondly, it provides the means to setup a secure encrypted communication channel. PKI and certificates deliver a method as required by the NIS directive to identify, trust and securely communicate with any entity throughout an entire organization, partners, and customers. PKI also underpins technologies, such as digital signatures and encryption for use cases as diverse as e-commerce and the growing . Digital signatures can secure additional activities, such as signing PDFs, code or other information assets, to ensure the origin of the document/code or to ensure that a transaction was in place at a certain time. Digital Signatures can allow an organization to track who exactly performed the signature and at what time. To learn more, download our white paper: The directive on security of Network and Information Systems (NIS) ensures member states are prepared, and provides legal measures to boost the overall level of cybersecurity in the EU. NIS requires member states to be appropriately equipped in several ways, including Computer Security Incident Response Teams (CSIRT) and a competent national NIS authority. Businesses that are identified as Operators of Essential Services (OES) have to take appropriate security measures and notify serious incidents to relevant national authority. Key digital service providers including search engines, cloud computing services and online marketplaces also have to comply with the security and notification requirements under the NIS directive. that ensures that software on devices and computers is trusted and unmodified. Code signing is used to sign scripts and executables – it confirms the software author and guarantees the code has not been altered since it was signed. Code signing and are most commonly used to provide security when deploying software, such as installing and updating applications on your computer, smart phone, tablet or home appliances. When building new solutions for IoT, it is important that you can trust each component in the solution from the cradle all the way to when it is being revoked or discontinued. This process begins with establishing one or several secure identities within each IoT component. A starts the trust chain and can be leveraged during the lifecycle of the component to enable secure automatic on-boarding – when changing the owner of the component or when a factory reset is required. It is responsible for receiving certificate signing requests – for the initial enrollment or renewals – from people, servers, things or other applications. The Registration Authority verifies and forwards these requests to a Certificate Authority (CA). A Registration Authority is also responsible for receiving other functions. For example, revocation. The RA implements business logic to accept requests, including methods for verifying the origin of the requester and the party that should have the certificate. A Registration Authority is usually separated from the Certificate Authority for accessibility and security reasons. The RA is accessed via a user-friendly GUI or via integration friendly APIs and standard protocols. that can be comparable with a physical identity card or a passport used in the analog world. A PKI certificate is a trusted digital identity. It is used to identify and authenticate users, servers or things when communicating over untrusted networks. A PKI certificate is also called a digital certificate. PKI certificates use private and public key encryption, where the public key is stored in the certificate together with information about the owner and some administrative data. The certificate is signed by the issuing CA and the signature is attached in the certificate. X.509 is the standard for the most commonly used digital certificate formats. The purpose of PKI certificates is to create a secure digital world where each certificate works as gatekeeper for secure sharing of digital information. is governed by a set of policies and procedures that defines the level of security. A PKI typically includes a combination of software and hardware components, and together they implement functions for Certificate Authorities, Registration Authorities and Validation Authorities. These, in turn, are then responsible for issuing and lifecycle manage trusted identities for users, servers and things. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|SSL certificates Code signing certificates Email signing certificates IoT certificates Personal authentication certificates Logging in to your bank account Shopping on an e-commerce site Using an e-passport. Share page st|PrimeKey Wiki A Validation Authority (VA) is a provider of certificate validation services. A Certificate Authority manages the certificate lifecycles for people, servers or things. The Network and Information Systems (NIS) directive is an initiative developed to protect the economy of the European Union from major cyberthreats PKI & code signing help meet NIS compliance Code signing is a digital signature digital birth certificate A Registration Authority (RA) is a function for certificate enrollment used in . A PKI certificate is a digitally signed document Different types of PKI and digital certificates include: PKI stands for Public Key Infrastructure and is the set of roles, policies, hardware, software and procedures that build a framework to issue trusted digital identities to users, servers and/or things. In everyday life, you use PKI when doing things online such as: How can we help? h1|Find your answers here h2|or Acronyms Concepts h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * When asking people at PrimeKey what word they connect with the company, answers range from “Cake” to “Open Source”. The most common word, however, is “Friends” and that is important to us. We’re a friendly company full of experts who enjoy their work and like making a difference in the world. Many other words that come up describe our passion for what we do, and for doing it right. PrimeKey is known for high quality, in both solutions and people, and this is reflected in everything we do. Our deep technical knowledge may in fact make some describe us as “geeks” and this is something we take pride in. PrimeKey is growing fast and we need more brilliant people to join us. If you’re a skilled IT Security geek, don’t hesitate to give us a call. And if you’re a bit more novice in the field, we know that it can be a bit daunting but we will make sure you develop into an expert. Are you up for the challenge? Location: Solna, Sweden PrimeKey headquarters is located just outside of Stockholm, in Solna, Sweden. This is our largest office where we develop our software and where most of sales, professional services, and management is located. The office is situated in a nice, modern building, close to public transportation such as bus and subway. We have an open layout with lots of light. If you’re quick enough, you can snatch one of the bean bags for a day. Location: Aachen, Germany The PrimeKey office in Aachen is where we develop our hardware solutions. Located near the city centre, we have a quiet office building with our own lab and space to grow. We have a friendly and open work environment with an office full of Raspberries, Lego bricks and other toys. Location: San Mateo, CA, USA C2 Company is the U.S. headquarters for PrimeKey. Located in San Mateo, at the heart of the San Francisco Bay Area, this office provides PrimeKey sales and professional services. The newly remodeled office park has plenty of parking and convenient access to the major highways for Silicon Valley commuters. Location: Melbourne, Australia Business areas: Home of open source libraries of the Legion of the Bouncy Castle and their Java cryptography and C# cryptography resources. We offer a flexible working environment where work-life balance is important. PrimeKey has some of the very best minds in IT Security, and we believe in knowledge sharing. Since the very start, PrimeKey has developed the market and we keep pushing innovation. We are proud to say that the people at PrimeKey come from many different backgrounds, countries and cultures. Work with well-known enterprises and governments with the highest security needs. The market for IT Security and our solutions is booming with activity and growth. These are exciting times! PKI Specialist I’ve worked with PrimeKey for 4 years, and have installed PKI solutions in several different countries for governmental and public organisations. I enjoy taking the PKI implementation from the very beginning in the design phase to customer site acceptance. Chris has a background as a project engineer installing air traffic systems and configuring systems to customer specifications. He is now part of the Professional Services team at PrimeKey where he supports, designs, trains and implements PKI systems all over the world. Quality Assurance Manager I realize again and again how much I like to work in such a respectful and valuing culture. Katharina is managing the QA of PrimeKey and says that she is “happy to guide a team of excellent QA people”. She has over 15 years of experience in software quality assurance and is an iSQI-certified agile tester and an ISTQB-certified test manager. Katharina has studied Electrical Engineering with a focus on Engineering Computer Science and now spends her days assuring the quality of PrimeKey in Aachen. Quality Assurance Engineer I like that management is effective at PrimeKey. They understand the importance of hiring good people and then simply clearing the way so their team members can do what they do best with few obstacles. Ebrahim has three MSc from three universities in three different countries: Armenia, Sweden and Canada. All of them within Software Engineering and Computer Science. He developed a passion for software quality assurance when he realized that he could explore how software is built and tested in top tech companies, such as PrimeKey. Ebrahim is an ISTQB certified tester and now works with software quality assurance at PrimeKey, which he finds fascinating. When feature designs are complete, he starts his test strategy and plan. This is done through collaborating with developers, understanding the changes/implementation and building the test strategy accordingly. System Architect Working at PrimeKey is a rare opportunity to work independently in a very versatile team. Manuel has nearly 20 years of professional experience in the security field. He has been part of PrimeKey since the start of PrimeKey Labs, the German subsidiary, and has previously spent his days with physical hardware and computer security. Manuel is now a Software Architect for PKI Appliance and PrimeKey SEE. We are committed to our work, to our colleagues and to delivering excellent solutions that help both PrimeKey and our customers excel. PrimeKey is in the business of providing trust in insecure environments. We are a trustworthy partner to our customers. PrimeKey is a work place where we trust and rely on each other. PrimeKey is open to the community with our Open Source technology. We are open towards each other with our knowledge, our time and our ideas. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|How can we help? h1|Join our team h2|We’re always looking… An open community of security geeks Our offices Why work at PrimeKey? Our Values Join our team h3|Welcome Sweden Germany USA Australia Meet some of us Chris Job Katharina Willmann Ebrahim Shirvanian Manuel Dejonghe Excellence Trust Openness h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions PrimeKey Solutions AB PrimeKey Labs GmbH C2 – a PrimeKey Company Crypto Workshop – A PrimeKey company Flexibility Expertise Influence & Innovation Diversity Interesting customers Booming business Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey We’re always looking… PrimeKey * * * * * * Thinking about buying our products and services? Fill in the questionnaire below or call us directly for sales support. EMEAA: The Americas: Thinking about becoming a partner? Fill in the form or call us directly at With a valid support contract, you can contact PrimeKey Support. For support inquiries, email or call us during SLA specified hours: Phone: Or fill in the form below: See the Crypto Workshop product sheet for more information. Read more about PrimeKey Support below or contact . Solna Access, Plan A8 Sundbybergsvägen 1 SE-171 73 Solna Sweden Krantzstr. 7 (Entrance B) 52070 Aachen Germany 951 Mariners Island Blvd., Suite 210 San Mateo, CA 94404 650-357-0100 USA 520 Bourke Street, Level 2 Germany Melbourne, VIC 3000 Australia Contact any member of the Fill in the form or call us directly at PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|If you don't have a valid support contract, I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|How can we help? PrimeKey Headquarters PrimeKey Labs GmbH C2 – A PrimeKey company Crypto Workshop – A PrimeKey company How can we help? h2|Sales inquiries Partnership inquiries Support inquiries Information about support services for Bouncy Castle Not yet a Support Customer? Office addresses Management inquiries Other inquiries h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey Contact us * * * * * PrimeKey * * * * * * PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|How can we help? h1|PrimeKey h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey Explore the world of PrimeKey * * * * * * September #PKTechDays PrimeKey Tech Days is your opportunity to keep up with widespread changes in cryptography, PKI, and related IT-security topics. This is a unique hardcore tech event that brings together PKI and security leaders from all over the world. There will be presentations from experts at leading global companies and demos from practitioners showing PKI in action. Sign up now to learn from excellent speakers, network with your peers from all over the globe, and why not take the chance to talk to PrimeKey product managers, support agents and crypto nerds. Tickets are not yet available, but sign up below to get a notification when tickets released. Follow us on and for event updates. Agenda for 2021 is not yet available. Attend PrimeKey Tech Days to listen to distinguished speakers from leading international companies and organizations. We are excited to continue to plan the 7th edition of the event that gives experts in PKI, Crypto, Open Source, eIDAS, Digital Signing and other areas of IT security an opportunity to connect and share knowledge on widespread changes and more. The speakers for 2021 is not yet released. To keep updated, follow us on and . PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. li|Tech Days AI-based user identification in the eIDAS world, SK ID Solutions and TUV TRUST IT Trust Services – new compliance approach, SEALWeb eIDAS compliant Remote Signing Service, 3Key Company and Esysco EU Cybersecurity Act, ENISA Future (Agile Crypto / Agile PKI), AppViewX Identity Authority Manager – Experiences from the pilot projects, Siemens OpenSource is all around us, but how is it commercialised?, OpenUK Structured crypto to keep society running, Ericsson The Connected Car: PKI’s Role in Securing Next-Generation Vehicles, Keyfactor Share page st|Date: Social media: How can we help? h1|PrimeKey Tech Days 2021 h2|PrimeKey Tech Days PrimeKey Tech Days 2021 h3|Welcome Interest in Tech Days 2021 h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey 2021 The topics are very high level and I really like the networking. * * * * * Speakers 2020 PrimeKey * * * * * * PrimeKey’s vision is a world where the Internet is a secure place for sensitive information and communication. For this to become true, IT security needs to be available to all. Through open source PKI solutions, we come one step closer to this vision. Everybody benefits from openness and we believe that our users can feel an increased trust for us and our solutions knowing that the source code is open. There are no back doors, no secrets, and no hidden agenda. We are in the business of creating trust and we believe that trust and openness go hand in hand. Open source is not only a reflection of our worldview but it has actual business benefits for our users. If you’re an open source geek like us, you probably already know this, but for all others; some benefits include: PrimeKey use Open Standards for our PKI and signing software, providing you with crypto agility. What this means is that you don’t bind yourself to a certain standard or way of handling your security. There is no lock-in and you have the freedom to adapt and evolve as needed. When you invest in a security solution you want to be sure you can rely on it in the future. With open source PKI and signing software, you have access to the source code of the software and this gives you insurance from unforeseen events. Should something happen to the company behind it, you still have access to the software and you are protected from business aspects affecting your security solution. As part of the PrimeKey open source strategy we provide our software in LGPL licensed free editions. With EJBCA Community you get a basic open source PKI software for free and SignServer Community includes audit logging, basic Time-stamping and document signing. Read more about the community editions below. The PrimeKey Community edition software are used globally and have a large community with thousands of users that download, test and use each new release. As part of the open source policy they also provide their feedback to PrimeKey. In other words: our open source PKI software and signing software has thousands of active quality assurance agents. As part of our open source policy, we offer our software in free community editions. This means that you can download EJBCA Community and SignServer Community from SourceForge, both under LGPL licence. Read more about LGPL The two Community editions are of course developed with the consistent high-quality focus of PrimeKey, but are limited to the core functionality. They are great tools for those who want to learn and use basic PKI without any need for advanced functionality or certifications. Fill in your contact information below and we will get in touch with you. EJBCA Enterprise covers all your needs for Public Key Infrastructure (PKI) and Certificate Management. A server-side digital signature software used to sign digital documents, PDFs and code. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. li|Share page st|How can we help? h1|Open Source h2|Next level security with our Open Source PKI software Community offering Contact us for more information about Open Source PKI solutions h3|Welcome Flexibility and freedom with Open Source PKI Insurance of access Quality assurance with Open Source PKI EJBCA Enterprise SignServer Enterprise h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PKI software The PrimeKey worldview * * * * * * PrimeKey * * * * * * Cybersecurity incidents can impede the pursuit of economic activities, generate substantial financial losses, undermine user confidence and cause major damage to the economy of the European Union. In response to this threat, the Directive on Security of Network and Information Systems, NIS Directive in short, was adopted by the European Parliament on July 6th, 2016, and entered into force in August 2016. Member states had to transpose the directive into their national laws by May 9th, 2018 and identify operators of essential services by November 9th 2018. The NIS Directive provides legal measures to boost the overall level of cybersecurity in the EU by ensuring member states’ preparedness. It requires them to be appropriately equipped in several ways, including Computer Security Incident Response Teams (CSIRT) and a competent national NIS authority. Businesses in these sectors that are identified by the member states as Operators of Essential Services (OES) will have to take appropriate security measures and to notify serious incidents to the relevant national authority. Key digital service providers including search engines, cloud computing services and online marketplaces must also comply with the security and notification requirements under the new directive. OES’s are public or private sector organizations that are dependent upon network and information systems to provide an essential service to society, which could be significantly disrupted by a cyber incident. Although NIS is a relatively new regulatory requirement, many of its concepts have already been codified in existing compliance and best practice for industries including financial services and telecoms. In these industries, PKI has already been successfully deployed and widely supported, which has led to a high degree of interoperability. In telecoms for example, PKI is used to build chains of custody from the supplier of a network element where a device is ‘born’ to adoption into a network where the unit is used. For other sectors like cloud services, NIS has put cybersecurity and accountability in the limelight. Investing in a competent PKI and code signing solution such as PrimeKey’s EJBCA and SignServer reduces the information security risks involved around NIS and related compliance regimes such as GDPR. This enterprise-wide capability reduces operation and maintenance costs compared to other point solutions, secures valuable business models and future-proofs organizations in all industries. To meet the fundamental requirement under NIS for “appropriately authenticated and authorized” access, organizations need a method of defining and enacting controls that is both secure and can be deployed across disparate infrastructure and processes. Public Key Infrastructure (PKI) is the most widely adopted form of technology for establishing the identity of people, devices, and services – enabling controlled access to systems and resources, protection of data, and accountability in transactions. PKI includes a set of hardware, software, policies, processes, and procedures required to create, manage, distribute, use, store, and revoke digital certificates and public keys. Certificates are issued to entities such as users, devices, web servers, passports, smartcards and IoT devices. The provisioning of certificates to either devices or tokens enables two benefits. Firstly, it gives a device or a token an identity, and secondly, it provides the means to setup a secure encrypted communication channel. PKI and certificates deliver a method as required by the NIS directive to identify, trust and securely communicate with any entity throughout an entire organization, partners, and customers. PKI also underpins technologies, such as digital signatures and encryption for use cases as diverse as e-commerce and the growing . Digital signatures can secure additional activities, such as signing PDFs, code or other information assets, to ensure the origin of the document/code or to ensure that a transaction was in place at a certain time. Digital Signatures can allow an organization to track who exactly performed the signature and at what time. Public Key Infrastructure and signing is a technology that has been around for more than 30 years. PKI is driven by industry-wide standards. Deployments have been proven at scale and it is widely used by large organizations today. Traditionally, PKI has been used for so-called corporate access use cases with the primary goal of controlling humans’ access to information resources. Increasingly, the use case has expanded to machines, servers, sensors, applications, controllers and network devices. PKI is most effective when an organization adheres to a structured methodology of implementing and managing cyber security best practice. The Swedish Civil Contingencies Agency, for example, recommends that organizations structure and develop methods and processes around existing standards on information security management systems. The ISO 27000 series, mainly ISO 27001 and ISO IEC 27002 are relevant examples of best-in-class information security management systems. Although PKI has a mature technology community, organizations considering deploying or expanding use of PKI should look for the following vendor criteria: For more information on how PrimeKey can help your organization successfully deliver PKI and signing in support of NIS compliance, fill in your contact information below and we will get in touch with you. All organizations defined as requiring NIS compliance must also report security incidents and threats. A breach of the NIS regulation and failure to report an incident can result in a financial penalty imposed by the local government regulator. The fines for non-reporting vary greatly between nations. Germany can fine organizations up to 50,000 euros, the Netherlands up to 5 million euros and the UK up to 17 million pounds – for a NIS failure that could have led to loss of life. However, the reputational damage inflicted on an OES that has been deemed to lack adequate security control can have significantly larger ramifications on brand and customer trust. Each member state has a duty to enact NIS within corresponding local legislation. As of April 2019, 11 out of the 27 EU nations have met this mandate. However, it is expected that another six will have complete transposition into local law by the end of 2019. Across all localized versions of the directive, there are four major strategic requirements that regulated OES must comply with: Capabilities to minimize the impacts of a cybersecurity incident on the delivery of essential services including the restoration of those services where necessary. To meet these core criteria, every NIS compliant organization understands, documents, and controls access to systems and functions supporting the delivery of essential services. Users (or automated functions) that can access data or services should be appropriately verified, authenticated, and authorized. In addition, users, devices, and systems should be appropriately authenticated and authorized before access to data or services is granted. For highly privileged access, NIS indicates that it might be appropriate to include approaches such as two-factor or hardware authentication. Unauthorized individuals should be prevented from accessing data or services at all points within the system. This includes system users without the appropriate permissions, unauthorized individuals attempting to interact with any online service presentation, or individuals with unauthorized access to user devices. For organizations to meet the obligations of NIS, the task can be separated into administrative and technical measures. Administrative measures are implemented through the accordance of security standards like ISO/IEC 27001 Information Security Management System (ISMS). These are supported by administrative actions and risk management measures including ongoing user training, security audits and ethical hacking to ensure security competency and to improve organization’s level of cyber readiness from both business and regulatory perspectives. Technical solutions include the implementation and continuous development of cyber situational awareness solutions such as SIEM (Security Incident and Event Management), secure identity confirmation tools, and data communications security solutions. Only a combination of administrative and technical measures is enough to comply with the NIS authoritative requirements. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. li|Companies offering cyber security products and services should be certified according to ISO 27001 and ISO 27002 for information security management and quality systems. In addition, ISO 9001 certification suggests a supplier that supports ensuring long term quality and efficiency. Product certifications such as Common Criteria adds additional reassurance of product security and quality to ensure that critical infrastructure and IT services are maintained in all modes, even during an IT attack. Finally, knowing that the product is already installed in several customers installations with audited systems assures that the product can operate in a controlled way within a real-world customer environment. Managing security risk through appropriate organizational structures, policies and processes in place to understand, assess and systematically manage security risks to the network and information systems supporting essential services The continual use of proportionate security measures that are in place to protect essential services and systems from cyber attacks Capabilities to ensure security defenses remain effective and to detect cybersecurity events affecting, or with the potential to affect, essential services. Share page st|How can we help? h1|NIS Directive h2|How the NIS Directive affects critical infrastructure, businesses and organizations Goals of the NIS Directive and current outlook How PKI & code signing help meet NIS compliance Learn about a few of our customer implementations Key considerations for successful PKI deployment Get help with PKI and signing in support of NIS compliance Penalties for non-compliance Critical controls Administrative and technical solutions h3|Welcome Our most popular products h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions DigiSign – Growing business more safely and quickly Malaysian bank opts for PrimeKey PKI Appliance SGS – When you need to be sure Siemens – Ingenuity for life and safe communications EJBCA Enterprise EJBCA Appliance SignServer Enterprise Stay up to date with our newsletters PrimeKey headquarters h5|Certificate Authority, Time Stamping Internal CA system, Integrated Turn-Key PKI platform Document Signing, Inspection, Verification, Testing, Certification IoT sp|PrimeKey * * * * * * PrimeKey * * * * * * PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|How can we help? h1|PKI and Digital Signature Software in the cloud h2|Software available in the cloud h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions EJBCA Cloud SignServer Cloud EJBCA SaaS Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * One of the world’s leading companies for , PrimeKey has developed successful technologies, such as EJBCA Enterprise, SignServer Enterprise and PrimeKey EJBCA Appliance. PrimeKey is a pioneer in open source security software that provides businesses and organizations around the world with the ability to implement security solutions, such as e-ID, e-Passports, authentication, digital signatures, unified digital identities and validation. Continents with partners and customers Percent average yearly growth Years of history Nowadays, we all use digital signatures whenever we log into our bank account, show our e-passport or use our credit card at the shops. This would not be possible without Public Key Infrastructure (PKI) enabling us to communicate securely on an insecure public network such as the Internet. Tomas Gustavsson, CTO The history of PrimeKey starts in the 1990’s when co-founder Tomas Gustavsson started focusing his attention on crypto­graphy The PrimeKey management team are hand-picked for their expertise and their commitment. Among them are some of the most experienced PKI experts you can find. At PrimeKey, we always strive to be better. If you want to know how we do that, have a look at our Policy of Operational Excellence below. Our customers and partners take security, quality and the environment seriously. So do we. As of 2017, we are certified according to ISO 27001, ISO 14001 and ISO 9001. Looking back on 2019, we can say that it was a fantastic year in many ways. We gained a large number of new customers in many areas, including manufacturing, medical, telecommunications, data communication, retail, finance and transport sectors. Take a look at our most recent annual report below to find out more. We are committed to our work, to our colleagues, and to delivering excellent solutions that help both PrimeKey and our customers excel. PrimeKey is in the business of providing trust in insecure environments. We are a trustworthy partner to our customers. PrimeKey is a work place where we trust and rely on each other. PrimeKey is open to the community with our Open Source technology. We are open towards each other with our knowledge, our time and our ideas. Location: Solna, Sweden Precedence: Parent company Established: 2002 Owners: (64%), employees and board members (36%) Business areas: Leading technology within open source enterprise PKI Company reg no: 556628-3064 VAT no: SE 556628306401 Location: Aachen, Germany Precedence: Subsidiary Established: 2012 Owner: PrimeKey Solutions AB (100%) Business areas: Laboratory and R&D for PKI Appliances for PrimeKey’s product portfolio, services and solutions and related products. Company reg no: HRB 17621 VAT no: DE 284348004 Location: San Mateo, CA, USA Precedence: Subsidiary Owner: PrimeKey Solutions AB (100%) Business areas: Premier provider of advanced consulting and professional services in PKI, Security and Network. Location: Melbourne, Australia Precedence: Subsidiary Owner: PrimeKey Solutions AB (100%) Business areas: Home of open source libraries of the Legion of the Bouncy Castle and their Java cryptography and C# cryptography resources. PrimeKey also has satellite offices in Paris, Washington D.C. and Singapore. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|How can we help? h1|PrimeKey 0 0 0 h2|Worldwide security solutions Key Statistics The PrimeKey Company Structure h3|Welcome Our History Management Team Operational Excellence ISO-certification 2019 PrimeKey Annual Report Partner with PrimeKey Career at PrimeKey h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Excellence Trust Openness PrimeKey Solutions AB PrimeKey Labs GmbH C2 – A PrimeKey Company Crypto Workshop – A PrimeKey Company Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey This is values PrimeKey * * * * * * In all communication with customers, suppliers, other stakeholders and co-workers, we want to be clear how their personal data is used. Therefore, we: Personal data is processed in the intended registers required for the purpose arising from agreements or consent. Personal data means any information that can directly or indirectly identify a specific person. In our case it can be name, social security number, postal address, telephone number, electronic addresses, delivery and payment and purchase information and information based on the use of digital services. The information is used by us for marketing, product delivery, as a basis for statistics, product development and billing, as well as our partners to customize content, ads, and offers to your company. The data can also be analysed and grouped for selection, prioritization and planning of the personal information, so-called profiling. This may also include information we receive through cookies and plugins on our home page. Personal data can be provided to partners with whom we have personal data assistant agreements and to authorities if they are requested by law or by government decision. Personal data is always saved for a specific purpose and deleted after the business relationship has expired or when the registry has revoked its consent. The registrant may also request correction / deletion of any incorrect information or in writing request information about the personal data we stored about them. This is done in writing according to routine. In order to protect personal data, we have appropriate physical, technical and organizational security measures for handling and transferring personal data, including appropriate security measures to protect such data from accidental or illegal destruction, accidental loss, misuse, alteration, unauthorized disclosure or access, and all other illegal forms of processing. This policy is a commitment for management and all personnel to process personal data in accordance with this policy and current regulation. Further information and requests for information about our handling of personal data are provided by our GDPR representative, Website cookies make it easier for you to browse the web. Here you get brief information about how cookies are used on www.primekey.com. Cookies are used on primekey.com to ensure that the website is as accessible and as usable as possible. Some cookies are necessary for primekey.se to work and have already been temporarily stored on your computer. Cookies are used to give visitors access to various functions and if you do not allow cookies, you may receive a poorer user experience. A cookie is a small text file which the website you visit saves on your computer. Some cookies will disappear soon after the browser is closed. Others may be stored for a longer period of time. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. PrimeKey uses to get a picture of how visitors use this site. Google Analytics use information such as your IP address, browser type and unique identifiers stored in (first party) cookies on your device to record how you interact with our website. Data storage regarding cookies, user-identifiers and ad identifiers is 26 months. Some cookies are used to determine the length and number of page views on the site, and are removed shortly after each visit. Other cookies are used to identify unique visitors and may be stored for longer periods of time .The purpose of the collected data is to evaluate how the site is used, in order to improve the content, navigation and structure accordingly. We do not share this data for the use of any third party unless required by law. PrimeKey uses to identify businesses for future relationships. APSIS Lead use information such as your IP address and unique identifiers stored in (first/third party) cookies on your device for the purpose of identifying your business/employer. On our website we may show some webcasts from our Youtube channel. The films are shown with the YouTube movie player and when the films are played cookies are used by youtube.com. Learn more in the . If you wish to stop receiving marketing communications from us then please click on the “unsubscribe” link at the bottom of the relevant newsletter. If you would like to know what personal data we hold about you or would like us to delete your personal data from our records, then please contact us at marketing@primekey.com. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Privacy policy inform about use and purpose, respect and protect the personal data we receive, informs about the individual’s right to- give and withdraw consent – request registry extracts, – oppose the use of personal data – request corrections and deletions of personal data – request transfer of personal data to another controller. only save personal data to meet legal requirements as long as required in time, only use personal data for other purposes with the consent of the concerned person, save personal data for third party if this does not involve disproportionately more work for us supervise our processing of personal data. Share page st|How can we help? h1|Privacy Policy h2|Cookies Analysis tools YouTube movies Marketing h3|Welcome About cookies h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey PrimeKey * * * * * * There’s no better time than the present. Let’s talk. Find out how our partners can help you out PrimeKey is one of the market leading companies in PKI and our field within IT Security. We have a long history with proven quality of both our products and our people. In fact, asking our current customers and partners why they work with us shows that we are one of the very best there is. We are growing fast and aim to do so even more, with the help of our partners. With PrimeKey as a partner you will gain access to enterprise level security products used by thousands of companies globally. As a partner you will be capable of selling and implementing these advanced projects to customers. There is a very high demand for our products, so for the right company, partnering with us will be a strong addition to your product portfolio. , which gives both our partner and our joint customer an extra level of openness and reliability. PrimeKey’s inventory includes Software and Hardware, support & maintenance, and professional services to establish world-class PKI. By becoming a reselling partner, you will extend your own offer to include some of the best IT security products out there. As a partner of PrimeKey, our friends are your friends. In other words, you will gain access to a worldwide network of IT security experts. Partners are entitled to a discount on PrimeKey products and solutions list prices depending on the partner level. The PrimeKey partners are chosen very carefully. They need to demonstrate their skills and know-how on PKI. Being a Certified Partner ensures the end customer of your abilities. Products from Primekey can be interoperable and run with your applications, resulting in synergies for your offering. Including PrimeKey’s products and solution into your offer, you have the possibility to win a bigger piece of the “bid cake” and gain more control on deliveries for your customer projects. Join PrimeKey at trade shows and expos, or have a PrimeKey PKI expert in your booth. This will enable you to strengthen your brand and answer any complex PKI questions. Partners will get access to the PrimeKey Online CA instance for testing and demonstration purposes at customers. Gain access to experienced PKI experts and learn how to best offer the right setup of PKI solutions to your potential customer. With the help of a dedicated account manager you will get assistance in new sales leads and business development. Companies joining PrimeKey’s Partner Program will receive a two-day “Sales Skill Up” training about PrimeKey’s products and solutions. Partners are entitled to use PrimeKey’s marketing materials, such as product sheets, logos, banners, etc. within their media. Partners will be listed on the PrimeKey website with contact details, their logo and a link. PrimeKey has a long history in the field of IT Security and PKI. The first edition of our PKI Software EJBCA was launched in 2001. Since then PrimeKey has been a pioneer in open source security. PrimeKey is an Open Source company. We are in the business of creting trust and we believe that openness is a key aspect of trust. Our openness is found in the open code, in our corporate values and in the way we act towards our customers and partners. We strive towards excellence. Our products are of proven outstanding quality and we are passionate about delivering the very best. As a reseller partner of PrimeKey, you are able to actively resell the PrimeKey product portfolio. Strengthen your product portfolio and gain access to world-class PKI products to offer your customers. We will help you become an expert and feel secure in delivering high-end IT Security solutions that meet all requirements. Partners are chosen very carefully and need to demonstrate their PKI skills and knowledge. Some of the criteria we look at are: If you have a solution that uses PKI or that interacts with PKI, you may be applicable to join the Technology Partner program. As a Technology partner of PrimeKey, your products either run with PrimeKey PKI in the background of your delivery to customers, or as part of the customer projects you deliver. For technology partners, as well as for reselling partners, we have high standards of companies we choose to work with. Selected criteria we look at are: 3Key Company possesses a great ability to apply knowledge, experience, and skills to create unique solutions that anyone can rely on. The focus is put… 3Key Company possesses a great ability to apply knowledge, experience, and skills to create unique solutions that anyone can rely on. The focus is put on information security, data intelligence, and consulting. 3Key Company helps to streamline business activities and protect critical assets. Trusted and recognized professionals with innovative technologies can show you how to improve performance and reduce costs. achelos is a manufacturer-independent software development and consulting firm based in the German city of Paderborn. Founded in 2008, the technology expert offers cross-sector solutions… achelos is a manufacturer-independent software development and consulting firm based in the German city of Paderborn. Founded in 2008, the technology expert offers cross-sector solutions for security-critical fields of application with core competencies in embedded development and subscription management. The company develops and operates highly specialised products, solutions and services for the international market. achelos is ISO 9001 and ISO 27001 certified and offers comprehensive expertise in development, Testing as a Service (TaaS) and certification. A key focus is security and prevention. achelos produces test concepts for conformity-assessment with technical specifications and BSI guidelines, and prepares evaluations and certifications according to security standards such as common criteria and PCI-DSS. References include electronic ID systems and electronic health cards, digital tachographs, smart cards for banking, the digital signature (eIDAS), and public key infrastructures. B3 is a Swedish consultancy firm with senior consultants within IT and management. B3 helps companies to better utilize their IT by developing technology, processes,… B3 is a Swedish consultancy firm with senior consultants within IT and management. B3 helps companies to better utilize their IT by developing technology, processes, strategy and organization through smarter IT solutions. Cogito Group is an Australian and New Zealand based company that specialises in authentication services (identity, access and credential management) and data protection. We are… Cogito Group is an Australian and New Zealand based company that specialises in authentication services (identity, access and credential management) and data protection. We are digital security experts that focus on enabling technology that keeps your physical, logical and cloud based data and infrastructure safe. Cryptas is an Austrian Security Solution Expert operating offices in Vienna, Graz, Düsseldorf and Stockholm. The mission of Cryptas is, to strengthen digital transformation by… Cryptas is an Austrian Security Solution Expert operating offices in Vienna, Graz, Düsseldorf and Stockholm. The mission of Cryptas is, to strengthen digital transformation by providing security concepts, solutions and key technology in the are of digital identities. Cryptas is committed to provide proven high level experience, implementing Crypto-based solutions for a wide range of business areas, like PSD2, critical infrastructures, eIDAS or legally qualified identities. The solution offering is provided in different shapes, beginning from on premise implementations, managed services at the customer side, private cloud offerings and even public cloud services. Cryptas has a strong focus on customer services and is used to offer services for global large enterprises, but for SMEs as well. Founded in 2014, Digitalberry is a software publisher operating in the digital trust field. From secure user authentication, data integrity and process traceability to non-repudiation… Founded in 2014, Digitalberry is a software publisher operating in the digital trust field. From secure user authentication, data integrity and process traceability to non-repudiation of operations, digital trust is a keystone of digital transformation. Digitalberry’s software provides Digital Certificate Management, Strong Authentication, Electronic Signature and Digital Evidence Collection through the Digitalberry Proof and Verification platform. Rely on the highest cryptographic technologies such as PKI, HSM, and blockchain to create, handle, report and verify probative digital evidence. Encryption Consulting is a dedicated consulting firm that focuses on providing all the aspects of Encryption such as PKI, Hardware Security Module, Code Signing, Enterprise… Encryption Consulting is a dedicated consulting firm that focuses on providing all the aspects of Encryption such as PKI, Hardware Security Module, Code Signing, Enterprise key management, Transparent Data encryption, Element level format preserving encryption, Tokenization, etc. We have developed a custom framework for doing Assessment, Strategy, and Implementation of Encryption based on best practices of Encryption, NIST standards, etc. which act as an accelerator and help our customer deploy Encryption at the Enterprise level with ease. We believe in a data centric approach of protecting the data using Encryption and helping the customer meet their goals concerning Data Protection. We support companies and organisations with world-leading, innovative solutions based on cryptography. Our team specializes in areas such as Digital Transformation, eIDAS electronic signatures, e-administration,… We support companies and organisations with world-leading, innovative solutions based on cryptography. Our team specializes in areas such as Digital Transformation, eIDAS electronic signatures, e-administration, PKI, Certificate Management, Virtual SC, PSD2, Data Protection, strong and reliable security with 2FA and SSO authentication, IoT as well as Identity and Access Management with the aim of providing services at the highest level of quality and security. As a system integrator and technology provider for crypto based products and services, we support companies and public organizations in protecting sensitive data and information using advanced technology solutions. NTT Ltd. drives the engagement with PrimeKey from Germany and acts as a hub for Global activities around PKI and Code Signing. We provide PKI… NTT Ltd. drives the engagement with PrimeKey from Germany and acts as a hub for Global activities around PKI and Code Signing. We provide PKI Solutions for various industries around the globe, integrated with our comprehensive portfolio of consulting, technical, hosting and managed services. We are part of e-shelter’s Innovation Lab in Frankfurt/Germany, and showcase with both PrimeKey Appliances and Virtualized Solutions. Join us for a PrimeKey demonstration or bring your own PrimeKey Proof of Concept to our Innovation Lab. NTT Ltd. is a leading global technology services company bringing together 28 brands including NTT Communications, Dimension Data, and NTT Security. We partner with organizations around the world to shape and achieve outcomes through intelligent technology solutions. For us, intelligent means data driven, connected, digital, and secure. As a global ICT provider, we employ more than 40,000 people in a diverse and dynamic workplace that spans 57 countries and regions, trades in 73 countries and regions, and delivers services in over 200 countries and regions. Together we enable the connected future. OGIS-RI, Osaka Japan – by offering complete solutions backed by advanced capabilities in both technology and business, OGIS-RI – an Osaka Gas company – is… OGIS-RI, Osaka Japan – by offering complete solutions backed by advanced capabilities in both technology and business, OGIS-RI – an Osaka Gas company – is able to match the best possible e-business solution to each and every client. Procilon GROUP, based close to Leipzig, with subsidiaries in Berlin and Dortmund, is one of the leading German providers of IT security solutions for business,… Procilon GROUP, based close to Leipzig, with subsidiaries in Berlin and Dortmund, is one of the leading German providers of IT security solutions for business, institutions, the public services sector as well as industry and judicial systems. For more than 15 years, our software products have been securing digital identities and communication. Based on intelligent security platforms, the latest encryption methods and top-notch infrastructure, our GROUP establishes automated compliance with data privacy, information security regulations and trustworthiness. Our product range comprises everything from simple encryption of documents for cloud services to eIDAS-compliant signature applications and qualified digital identities at trust service providers. Verifiable data retention with qualified signatures in conformity with the law and secure management of access and identities are our priority. procilon software products have been audited multiple times and are certified in accordance with CC EAL 4+ VAN5 (high attack potential). SecureMetric, Kuala Lumpur Malaysia – is proud to be the top rated digital security solution provider within Southeast Asia, with specialisation in PKI. With offices spread… SecureMetric, Kuala Lumpur Malaysia – is proud to be the top rated digital security solution provider within Southeast Asia, with specialisation in PKI. With offices spread around Southeast Asia, SecureMetric is able to serve more than 20 Certificate Authorities in the region. Softline Solutions GmbH is a specialized and sustainably growing IT-consulting company. As a subsidiary of the internationally operating Softline Group, the company advises holistically and… Softline Solutions GmbH is a specialized and sustainably growing IT-consulting company. As a subsidiary of the internationally operating Softline Group, the company advises holistically and independently, from strategic conceptions and the implementation of processes to the operation of technologies. With the goal – to realize IT-compliance, control and cost savings for our customers. The certified security experts at Softline Solutions meet the growing demands on information security with individual and sustainable protection concepts. In the dedicated »Security@Softline Workshops«, they examine the initial situation of customers, define solutions and accompany security measures, such as the introduction of an information security management system (ISMS) or a company-wide public key infrastructure (PKI). Softline Solutions is part of Softline Group and focuses on Information- and IT-Security, Software Asset Management (SAM), Virtualization and Infrastructure Management. Businesses and governments rely on Thales to bring trust to the billions of digital interactions they have with people. Our identity management and data protection… Businesses and governments rely on Thales to bring trust to the billions of digital interactions they have with people. Our identity management and data protection technologies help banks exchange funds, people cross borders, energy become smarter and much more. More than 30,000 organisations already rely on Thales solutions to verify the identities of people and things, grant access to digital services, analyse vast quantities of information and encrypt data. In early 2019, we acquired the international security company, Gemalto and have combined it with our existing digital assets to create a new leader in digital security. Every organisation around the world is in the midst of a digital transformation and stands to benefit from our joint innovations. As the world becomes more connected, Thales makes it more secure. AppViewX CERT+ is a next gen enterprise key and certificate management suite that enables streamlined and endless upward scalability and cryptographic agility. The solution also… AppViewX CERT+ is a next gen enterprise key and certificate management suite that enables streamlined and endless upward scalability and cryptographic agility. The solution also provides enterprises with advanced PKI self-service, private key protection and policy enforcement both, on and off the cloud via strong integrations with leading PKI, IAM, cybersecurity, and DevOps solutions. AppViewX is headquartered in New York, U.S. with additional offices in U.K., Australia and India. For more information, visit . B3 is a Swedish consultancy firm with senior consultants within IT and management. B3 helps companies to better utilize their IT by developing technology, processes,… B3 is a Swedish consultancy firm with senior consultants within IT and management. B3 helps companies to better utilize their IT by developing technology, processes, strategy and organization through smarter IT solutions. Cryptomathic is a global provider of secure server solutions to businesses across a wide range of industry sectors, including banking, government, technology manufacturing, cloud and… Cryptomathic is a global provider of secure server solutions to businesses across a wide range of industry sectors, including banking, government, technology manufacturing, cloud and mobile. With over 30 years’ experience, we provide systems for Authentication & Signing, EMV and Crypto & Key Management through best-of-breed security solutions and services. Founded in 2014, Digitalberry is a software publisher operating in the digital trust field. From secure user authentication, data integrity and process traceability to non-repudiation… Founded in 2014, Digitalberry is a software publisher operating in the digital trust field. From secure user authentication, data integrity and process traceability to non-repudiation of operations, digital trust is a keystone of digital transformation. Digitalberry’s software provides Digital Certificate Management, Strong Authentication, Electronic Signature and Digital Evidence Collection through the Digitalberry Proof and Verification platform. Rely on the highest cryptographic technologies such as PKI, HSM, and blockchain to create, handle, report and verify probative digital evidence. Infineon designs, develops, manufactures and markets a broad range of semiconductors and system solutions. The focus of its activities is on automotive electronics, industrial electronics,… Infineon designs, develops, manufactures and markets a broad range of semiconductors and system solutions. The focus of its activities is on automotive electronics, industrial electronics, RF applications, mobile devices and hardware-based security. Infineon is a world leader in semiconductors. Combining entrepreneurial success with responsible action, at Infineon we make the world easier, safer and greener. Barely visible, semiconductors have become an indispensable part of our daily lives. We are playing a key role in shaping a better future – with microelectronics that link the digital and the real world. Our semiconductors enable smart mobility, efficient energy management and the secure capture and transfer of data. Intercede® is a cybersecurity company specializing in digital identities, derived credentials and access control, enabling digital trust in a mobile world. Headquartered in the UK,… Intercede® is a cybersecurity company specializing in digital identities, derived credentials and access control, enabling digital trust in a mobile world. Headquartered in the UK, with offices in the US, and APAC resources, we believe in a connected world in which people and technology are free to exchange information securely, and complex, insecure passwords become a thing of the past. Our vision is to make the highest levels of cybersecurity available to organizations and consumers alike, solving complexity and scalability issues by managing high volumes of digital credentials. i4p is an outstanding innovator in the field of IT security solutions and an expert of protecting your cryptographic keys and secrets. i4p is the… i4p is an outstanding innovator in the field of IT security solutions and an expert of protecting your cryptographic keys and secrets. i4p is the vendor of TRIDENT hardware security module and its main activity is the development of applied cryptography solutions. The company aims to develop highly secure hardware and software solutions, as well as related services capable of disrupting the IT security market. Its mission is to provide a technological background to new regulations on data security and data protection and to develop and launch distributed cryptographic processes and distributed platforms based on them. i4p is the first company to offer a certified hardware security module with multi-party cryptography* that provides the highest level of data protection required in business. The company’s founders and experts possess a uniquely high level of professional expertise including significant experience in cryptographic development, product and service development as well as project management. *patent pending Keyfactor empowers companies of all sizes to escape the impact of breaches, outages, and failed audits that come from mismanaged digital certificates and keys. Powered… Keyfactor empowers companies of all sizes to escape the impact of breaches, outages, and failed audits that come from mismanaged digital certificates and keys. Powered by an enterprise PKI as-a-service platform for certificate lifecycle automation and IoT device security, IT and InfoSec teams can easily manage certificates and keys at scale. PrimeKey and Keyfactor Solution Briefs: PrimeKey and Keyfactor Press Release: Mocana provides comprehensive and compliant IoT device security solutions to protect critical infrastructure. Mocana TrustCenter™ and TrustPoint™ automate and simplify the management of the IoT… Mocana provides comprehensive and compliant IoT device security solutions to protect critical infrastructure. Mocana TrustCenter™ and TrustPoint™ automate and simplify the management of the IoT security lifecycle. Our proven cybersecurity software development tools simplify the integration of mission-critical security. Mocana protects more than 100 million devices and is trusted by the largest aerospace, industrial, energy, healthcare, and communications companies. nCipher Security, a leader in the general purpose hardware security module market, is now an Entrust Datacard company, delivering trust, integrity and control to business… nCipher Security, a leader in the general purpose hardware security module market, is now an Entrust Datacard company, delivering trust, integrity and control to business critical information and applications. Today’s fast-moving digital environment enables enterprises to operate more efficiently, gain competitive advantage and serve customers better than ever before. It also multiplies the security risks. Our cryptographic solutions secure emerging technologies – cloud, IoT, blockchain, digital payments – and help meet new compliance mandates. Using the same proven technology that our customers depend on today to protect against threats to their sensitive data, network communications and enterprise infrastructure. We deliver trust for your business critical information and applications, ensuring the integrity of your data and putting you in complete control – today, tomorrow, and at all times. The addition of nCipher to the Entrust Datacard family further extends its ability to provide customers with solutions that meet their demand for high assurance, as well as addressing the increased demand for data security stemming from regulations such as the EU General Data Protection Regulation (GDPR) and the electronic identification, authentication and trust services (eIDAS) regulation. Red Hat is the world’s leading provider of enterprise open source software solutions, using a community-powered approach to deliver reliable and high-performing Linux, hybrid cloud,… Red Hat is the world’s leading provider of enterprise open source software solutions, using a community-powered approach to deliver reliable and high-performing Linux, hybrid cloud, container, and Kubernetes technologies. Red Hat helps customers integrate new and existing IT applications, develop cloud-native applications, standardize on our industry-leading operating system, and automate, secure, and manage complex environments. Award-winning support, training, and consulting services make Red Hat a trusted adviser to the Fortune 500. As a strategic partner to cloud providers, system integrators, application vendors, customers, and open source communities, Red Hat can help organizations prepare for the digital future. Thales Trusted Cyber Technologies (Thales TCT) protects the most vital data from the core to the cloud to the field. We serve as a trusted,… Thales Trusted Cyber Technologies (Thales TCT) protects the most vital data from the core to the cloud to the field. We serve as a trusted, U.S. based source for cyber security solutions for the U.S. Federal Government. Our solutions enable agencies to deploy a holistic data protection ecosystem where data and cryptographic keys are secured and managed, and access and distribution are controlled. Businesses and governments rely on Thales to bring trust to the billions of digital interactions they have with people. Our identity management and data protection… Businesses and governments rely on Thales to bring trust to the billions of digital interactions they have with people. Our identity management and data protection technologies help banks exchange funds, people cross borders, energy become smarter and much more. More than 30,000 organizations already rely on Thales solutions to verify the identities of people and things, grant access to digital services, analyze vast quantities of information and encrypt data. In early 2019, we acquired the international security company, Gemalto and have combined it with our existing digital assets to create a new leader in digital security. Every organization around the world is in the midst of a digital transformation and stand to benefit from our joint innovations. Unbound Tech equips companies with the first pure-software solution that protects secrets such as cryptographic keys, credentials or other private data by ensuring they never… Unbound Tech equips companies with the first pure-software solution that protects secrets such as cryptographic keys, credentials or other private data by ensuring they never exist anywhere in complete form. Founded in 2014, Unbound has been recognized with numerous industry awards and named in multiple Gartner Hype Cycle Reports. Interacting “things” in the Internet of Things (IoT) need to trust each other. Utimaco is a leading manufacturer of hardware security modules (HSMs) that provide… Interacting “things” in the Internet of Things (IoT) need to trust each other. Utimaco is a leading manufacturer of hardware security modules (HSMs) that provide the Root of Trust to the IoT. We keep your cryptographic keys and digital identities safe to protect critical digital infrastructures and high value data assets. Our products enable innovations and support the creation of new business by helping to secure critical business data and transactions. Utimaco delivers a general purpose HSM as a customizable platform to easily integrate into existing software solutions or enable the development of new ones. With professional services, we also support our partners in the implementation of their solutions. Founded in 1983, Utimaco HSMs today are deployed across more than 80 countries in more than 1,000 installations. Utimaco employs a total of 170 people, with sales offices in Germany, the US, the UK and Singapore. Since then, thousands of enterprise and infrastructure companies rely on Utimaco to guard IP, critical business data and applications against internal and external threats. Our HSMs help protect millions of consumers globally. Put your trust in Utimaco – today and in the future. Venafi is the cybersecurity market leader in machine identity protection, securing the cryptographic keys and digital certificates on which every business and government depends to… Venafi is the cybersecurity market leader in machine identity protection, securing the cryptographic keys and digital certificates on which every business and government depends to deliver safe encryption, authentication and authorization. Organizations use Venafi key and certificate security to deliver safe machine-to-machine connections and communications. Download the adaptable driver at https://marketplace.venafi.com. Versasec is an Identity and Access Management (IAM) provider that helps businesses of all sizes manage their access-enabling devices, including smart cards, mobile, tablets, virtual… Versasec is an Identity and Access Management (IAM) provider that helps businesses of all sizes manage their access-enabling devices, including smart cards, mobile, tablets, virtual tokens and RFID/NFC Yubico sets new global standards for simple and secure access to computers, servers, and internet accounts. Founded in 2007, Yubico is privately held, with offices… Yubico sets new global standards for simple and secure access to computers, servers, and internet accounts. Founded in 2007, Yubico is privately held, with offices in Australia, Germany, Singapore, Sweden, UK, and USA. Yubico is a leading contributor to the FIDO2, WebAuthn, and FIDO Universal 2nd Factor (U2F) open authentication standards, and the company’s technology is deployed and loved by 9 of the top 10 internet brands and millions of users in more than 160 countries. li|Partner Program Technical and Product skills Demonstrated references Clean record of transparent business conduct Demonstrated record of financial stability Ability to sell and deploy PrimeKey products and solutions Project Support Role Technical and Product skills in the field of IT Security Demonstrated references Clean record of transparent business conduct Share page st|How can we help? h1|your business? h2|Become a partner Contact our partners PrimeKey as a partner 13 reasons to partner with PrimeKey Two ways to partner with PrimeKey The PrimeKey Interested in becoming a partner? h3|Welcome Extensive Experience Open Source Excellence Reseller Partner Technology Partner 3Key Company achelos B3 Cogito Group Cryptas Digitalberry Encryption consulting ESYSCO NTT Ogis-ri procilon SecureMetric Softline Solutions Thales Digital Identities and Security (DIS) AppViewX B3 Cryptomathic Digitalberry Infineon Intercede i4p Keyfactor Mocana nCipher Security Red Hat Thales Trusted Cyber Technologies (Thales TCT) Thales Cloud Protection & Licensing (CPL) Unbound Tech Utimaco Venafi Versasec Yubico h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions 1 Extended portfolio 2 Become a member of the PrimeKey community 3 Discount on PrimeKey’s products 4 Strengthened company image 5 Increasing synergies 6 Increasing revenue 7 Side-by-side at trade shows and expos 8 PrimeKey’s EJBCA Online CA Access 9 PrimeKey Pre-Sales Support 10 Dedicated Account Manager 11 Sales Skill-up 12 Marketing Support 13 Online Marketing Support How to become a partner? How to become a partner? Reseller partners Technology partners Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey Ready to expand partners * * * * PrimeKey * * * * * * is governed by a set of policies and procedures that defines the level of security. A PKI typically includes a combination of software and hardware components, and together they implement functions for Certificate Authorities, Registration Authorities and Validation Authorities. These, in turn, are then responsible for issuing and lifecycle manage trusted identities for users, servers and things. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Logging in to your bank account Shopping on an e-commerce site Using an e-passport. Share page st|PKI stands for Public Key Infrastructure and is the set of roles, policies, hardware, software and procedures that build a framework to issue trusted digital identities to users, servers and/or things. In everyday life, you use PKI when doing things online such as: How can we help? h1|What is PKI? h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|How can we help? h1|PKI and Digital Signature Software h2|Learn more about our digital signing and PKI software products h3|Welcome Dedicated PKI software h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions EJBCA Enterprise SignServer Enterprise PrimeKey NPKD EJBCA Validation Authority Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|How can we help? h1|PKI and Digital Signature Hardware h2|PrimeKey PKI and digital signature hardware products for advanced security h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions EJBCA Appliance SignServer Appliance SEE Identity Authority Manager – Industrial Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|How can we help? h1|IT Security h2|Our IT security solutions for your use case h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions ePassport PKI Solution Code Signing Solution Certificate Life Cycle Solution Smart Meter Security Becoming an eIDAS (Q)TSP IoT and IIoT PKI Migration Secure supply chains Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey Solutions PrimeKey * * * * * * X.509 is a PKI standard for digital certificates and public key certificates. It verifies that a public key belongs to a specific user, server or other digital entity. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|How can we help? h1|What is x.509? h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * IT Security is a moving target and it is crucial to keep your solution up to date in order to keep a high level of security. With PrimeKey Support & Maintenance, you will get continuous updates of your PKI solution and professional support for any questions you may have. PrimeKey developers are passionate about maintaining the high quality of EJBCA through continuous updates and upgrades. Each new release contains improvements and upgrades to the EJBCA functionality, improving the software and keeping it up to date with current regulations. By subscribing to PrimeKey support and maintenance, you will automatically gain access to these new releases and upgrades, ensuring the highest quality of your PKI implementation. As with any software, and especially with security software, it is important to keep EJBCA updated with continuous releases and security patches. Having a subscription to PrimeKey Support will not only give you access to new upgrades and features but also ensure that your software is kept up to date when it comes to security. In short, PrimeKey Support will keep your software at the highest security standards. Through a PrimeKey Support subscription, both your management and your customers can sleep sound, assured that audit and policy requirements are fulfilled. And in case of issues with your PKI, or simply new demands on it, you have timely access to, and support from, our skilled PKI professionals. Contact Rubina Akram, PrimeKey , and our skilled support team here: IT Security is in constant development as new standards, new requirements and new threats come frequently. Malicious attacks often aim at known limitations where their targets have fallen behind in updating their security solutions. Having the PrimeKey Support & Maintenance you can feel secure in your PKI being up to date with the latest releases, patches and updates. PrimeKey developers are passionate about maintaining the high quality of our products through continuous updates and upgrades. Each new release contains improvements and upgrades to the product functionality, enhancing the software and keeping it up to date with regulations. By subscribing to PrimeKey support and maintenance, you will automatically gain access to these new releases and upgrades, ensuring the highest quality of your PKI implementation. If you experience a problem with your software or hardware (for PKI Appliance), PrimeKey Support & Maintenance gives you access to support straight from the source. That means that the same PKI professionals who developed your solution are there to help you solve your problem. Support pricing will depend on the following variables: * = Non-holidays only. ** = In place assistance is available on PrimeKey’s decision and surcharge PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy td|What do I get? Software Software and Hardware Software downloads, incl. patches Enterprise level Enterprise level Online documentation X X Support portal access X X Number of incidents Unlimited Unlimited Security and critical patch notifications X X Hotfix and emergeny patches X X Firmware updates, incl. patches – X Installation, basic advice during X X Installation, complete (additional charges) X X Raise support case via web and e-mail X X Raise support case via phone (8×5 or 24×7) X X Guaranteed response time X X Professional services (additional charges) X X Hardware maintenance and replacement – X Support times (Swedish local time or PST) 9am-5pm Mon-Fri * 24x7x365 Response times Next business day 4 hours Assistance Remote Remote or in place ** Product expert advisory and help X X Deployment and maintenance X X Access to technical documentation X X Issue tracker X X Feature request Limited X th|SUPPORT SERVICE SOFTWARE SUPPORT APPLIANCE SUPPORT TYPE OF SERVICE STANDARD PREMIUM li|Service Level Agreement Deployment size (defined by the number of users and installations) Duration of the contract (with multi-year and prepayment options) Keeps your security solution up to date New releases and updates for your software Hardware support if anything happens to your EJBCA Appliance box Support straight from the source with PKI professionals The fastest, most secure and reliable solutions; the PrimeKey Enterprise software The highest level of operational security for the core of your PrimeKey PKI Direct access to critical knowledge Developer-to-developer discussion and analysis Fulfilled audit and policy requirements … and more Share page st|How can we help? h1|Support & Maintenance h2|up to date and reliable in the future Highlights You get… Support Service level h3|Welcome Keeping your security up to date Take part of the latest releases Get support – straight from the source h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey for PrimeKey PKI Solutions Support Engineer & Acting Team Leader Global Support Keeping your security solution Services Agreements PrimeKey * * * * * * The ultimate trusted hardware platform for data and application confidentiality and integrity In today’s rapidly changing IT landscape, it is essential to keep track of the accelerating data and application security challenges. With PrimeKey SEE, you can host your container in a trusted environment, which guarantees the integrity and confidentiality of your data and application. PrimeKey SEE is a FIPS-certified, patented hardware that eliminates the concern that someone could copy your software or even modify your data without your knowledge. PrimeKey SEE is a safeguarded, rack-mounted Intel x86 server, designed to protect the entire application stack and data, from operating system to virtualization to application. Through implemented security procedures and the physical protection of the entire motherboard, the operating system as well as the applications are protected against changes, modifications, and eavesdropping at all times. No need to fear that someone will steal or copy your software. You can now deploy your product in places with public access or where you fear that someone would be interested in extracting your software with untoward outcome for your business. With PrimeKey SEE, you can place your software wherever it further advances your business. No need to fear that someone will copy your virtual machine, or steal your application and your data. PrimeKey SEE is an attack and temper-proof FIPS 140-2 Level 3 server. FIP 140-2 Level 3 compliant physical shield Secure boot ensuring the integrity of started systems and offering zeroization (factory reset) Non-deterministic random number generator (compliant with NIST SP-800 compliant hardware) KVM provides hardware assisted virtualization for a wide range of guest operation systems Complete physical protection of the customer application against unauthorized copying or manipulation. Do you want to know more about the use cases for the PrimeKey SEE? Download the paper below and let us guide you through an overview of the different application areas in which the SEE can be used. We will dive into three solution areas, how they can be designed, and look at the advantages that the SEE offers in each situation. Watch the PrimeKey Tech Days 2020 workshop recording to learn more about the PrimeKey SEE. Jiannis Papadakis, PrimeKey Senior Pre-Sales Engineer, and Oreste Panaia-Costa, PrimeKey Senior System Engineer, will give you background information about the PrimeKey SEE, take a deep dive into the architecture, and show a demo. Many applications are running in untrusted environments and there are obvious risks that someone could copy the software or that someone would get access to or modify data, without being caught. There are also, very often, obligations and demands on data center security, both physically and operational. External audits often raise concerns about application, data security as well as the Fill in your email address below and we will email you the recording. In this technical webinar, we will explore the architecture and the design principles of the PrimeKey SEE. Deep diving in to the platform, we will show you how we establish a trust anchor on top of a standard server platform to enable the first trusted Kernel-based Virtual Machine (KVM) environment. In addition we will guide you through the lifecycle process of the platform itself. All of this showcasing a techie’s view of the Fill in your email address and we will send you a link to the recording. I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|SEE 4-core Xeon 3,6 GHz Up to 64GB RAM 128 GB Internal storage Redundant, field replacable power suppliers Up to 4TB Field replacable encrypted storage 4 x GB Ethernet Out-of-band Management FIPS 140-2, Level 3 FCC CE FIPS 140-2 Level 3 compliant physical shield Secure Boot assuring integrity of started system and offering zeroization (factory reset) Non-deterministic random number generator (compliant to NIST SP-800 compliant hardware) Share page st|How can we help? h1|Secure h2|The need for a secure execution hardware Protect your application Benefits of SEE Hands-on experience SEE Webinars Contact us about secure execution hardware h3|Welcome Prevent software and data theft Prevent software and data theft Use Case Guide Workshop Recording Technical Specifications SEE Specifications Certifications Security Specifications Simplifying compliance audits What’s inside the PrimeKey SEE – a techie’s dream h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Certified hardware solution Trusted boot True random number generation Open Platform for any virtual machine Strong hardware protection Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey Execution Hardware from PrimeKey * corresponding management processes and procedures. When running the applications on the PrimeKey SEE, you take most of these concerns out of scope for the audits. The SEE is FIPS 140-2 Level 3 certified and designed to keep your application and data protected during runtime. In this webinar we will talk about a couple of examples on how applications in different verticals can benefit from being run on the PrimeKey SEE. * * FIPS 140-2, Level 3 certified PrimeKey SEE – helping you to run your applications anywhere you want in a secure and reliable way. * * * * * * * * PrimeKey * * * * * * Katharina is happy working at PrimeKey where her fellow employees care for developing PrimeKey’s PKI products as if those were their own babies. PrimeKey is growing, and we’re growing fast! Each day there are new and exciting possibilities for us to grow as a company and as individuals. We’re passionate about security and really do develop world-class security solutions. Do you want to join our journey and create trust for the connected society? Have a look at the open positions below. If you can’t find a position that fits your profile, send us your application anyway. We are always looking for talent! Send your CV and a cover letter to , and we’ll get back to you as soon as possible. Read more Read more Read more Read more Read more Read more Read more Read more PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Open positions Share page st|How can we help? h1|Join h2|We are currently looking for… h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Senior QA / Test Automation Engineer Experienced Scrum Master Senior Java Developer with IT-security interest Software Developer DevOps Engineer (Senior) Software Developer Senior Software Product Developer DevOps Engineer - Based in Sweden Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey PrimeKey * * * * * * ecurity solutions for Internet of Things (IoT) and Industrial IoT (IIoT) . Read more about how PrimeKey products offer a secure foundation for IoT: The capabilities delivered by open source based ensures authenticity and integrity of both data and code on devices. PrimeKey has vast knowledge and experience in partnering with globally leading software and hardware vendors, utility providers, car manufacturers and system integrators, to secure their software distribution chain. Learn more about SignServer Enterprise: By using the trusted execution environment, PrimeKey SEE, you can run your mission-critical application in any uncontrolled environment. PrimeKey SEE is a full-size rack-mount application server that comes with a patented FIPS protected execution environment where your application and data can only be accessed by an authorized security administrators, making it impossible to access, to extract or to modify by an unauthorized party. Learn about PrimeKey SEE: In a pilot project, PrimeKey and Infineon present a solution that enables the safe commercial use of multicopters. It combines Public Key Infrastructure (PKI) with the OPTIGA™ Trust X security controller and the SLS37 Ready-to-Connect eSIM for mobile IoT applications. Check out our joint white paper with Infineon about and our illustration explaining . li|IoT and IIoT Share page st|Protect IoT and IIoT devices Protect device communication Protect sensitive data and safeguard regulatory compliance Manage lifecycle and chain of custody Protect IoT and IIoT devices Ensure software integrity with PrimeKey SignServer Protect device communication Protect sensitive data and ensure regulatory compliance Manage lifecycle and chain of custody Scale over time How can we help? h2|PKI and Signing addresses the complex and diverse security challenges of IoT and IIoT IoT and IIoT security solutions built on open standards Get in touch about security solutions for IoT and IIoT h3|Welcome Key features of PrimeKey PKI solutions for IoT and IIoT h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Creating the future of PoS-solutions based on PrimeKey PKI Enabling Innovations – Transforming Healthcare Siemens – Ingenuity for life and safe communications Stay up to date with our newsletters PrimeKey headquarters h5|IoT, EJBCA Enterprise IoT, IIoT, EJBCA Enterprise IoT sp|PrimeKey Security solutions for I oT and IIoT based on Public Key Infrastructure (PKI) PrimeKey’s end-to-end take on s IoT and IIoT security solutions from PrimeKey PrimeKey is a pioneer in the open source PKI and Signing security software that provides businesses and organizations around the world with the ability to implement secure IoT and IIoT solutions in the healthcare industry, for smart factories, to secure supply chains and more. PKI has been the de-facto standard on the Internet for more than a decade and it has been proven to be both scalable and flexible. It is now also instrumental for secure IoT and IIoT solutions. PrimeKey’s solutions include: , , and the . Learn about our customer implementations Why are Security Solutions for IoT important to reduce threats? IoT is often defined as a network of physical objects that can interact with other Internet-enabled systems and devices to share information and perform actions. This means Internet of Things encompasses everything from cars to cooking devices, from MRI scanners to wind turbines. For businesses across a range of industries, Internet of Things provides opportunities for cost reductions and increased revenues. By 2024, there will be . So where do security solutions for IoT and IIoT fit in? There is no question that the impact of IoT and Industry 4.0 is transforming industries, businesses and ultimately, our lives. But as the physical objects around us become connected, they also become susceptible to a variety of cybersecurity threats. With IoT solutions maturing and taking on a key responsibility in the new revenue streams, workflows and value propositions of progressive businesses, IoT security becomes a central issue – and a complex one at that. It is imperative to provide a secure foundation for Internet-enabled physical objects that is able to: Assure the identity and authenticity of all devices. Make sure devices run only on authorized code. Manage the lifecycle of each device, ensuring the chain of custody. Enable safe over-the-air updates to maintain security and allow for new features over time. Protect communication across unsecure networks. Secure sensitive data and safeguard regulatory compliance. In addition to the functional aspects, security solutions for IoT and Industrial IoT (IIoT) must also be scalable, potentially handling billions of devices, and flexible enough to cost-efficiently integrate with IoT and IIoT platforms along with back-end enterprise systems. Because PKI and Signing solutions are the fundamental building blocks of IoT and IIoT security, it enables b usinesses developing IoT offerings to ensure the Internet of Things does not become an Internet of Threats. When developing IoT and IIoT security solutions, PKI and Signing are fundamental for security and compliance. It enables secure communication between parties and provides security through trusted identities that are necessary for authentication, integrity and confidentiality. Benefitting from the proven track-record of PKI and Signing, all aspects of IoT and IIoT security can be addressed: Guarantee that each device has a unique and traceable identity. Ensure that code running on devices – including firmware, operating system and applications – is authorized and not tampered with. Enable secure, over-the-air updates to add features, improve performance and ensure security over time. Safeguard communication through encryption, protecting data when in transit across unsecure networks. Validate the identity and authenticity of devices attempting to communicate with IoT and IIoT platforms and back-end systems. Enable sensitive data to be encrypted on the device when in transit and stored centrally, ensuring the ability to stay compliant with regulatory demands. Provision devices in manufacturing, establishing a unique and traceable identity of every device. Manage devices in operation, ensure correct authority to take action and handle how devices are decommissioned or repurposed, or if ownership changes. PKI and Signing are a proven way to protect valuable assets and functions within the complex and diverse security challenges of IoT. Learn how to succeed in IoT implementations by considering the full scope of IoT business solutions. Sign up for a complimentary Gartner report on For an end-to-end take on Internet of Things security, PrimeKey delivers IoT PKI, Signing and secure execution hardware solutions built on open standards, with proven scalability and more than 20 years of history protecting the world’s most valuable digital assets. EJBCA Enterprise is an open source based PKI that has been proven in a range of contexts — from critical telecom and power infrastructure to smart products from several of the world’s most recognized brands. EJBCA is proven as the leading security software for Certificate Issuance and Certificate Management across industries, including several of the most demanding use cases in the world. Due to mature and proven source code, EJBCA provides the least likelihood of disruptive software defects and it has been proven time and again to enable standards-based, cost-efficient integrations. * * * * * * Establish device identity Issue X.509 and RFC5280 certificates RSA and Elliptic Curve algorithms Supports both batch production and single-instance issuance Support both client- and server-generated keys CMS/PKCS#7 Authenticode for signing Windows executable files and installer applications. JAR signing for signing Java and Android files. Plain signature, for generic signing. Supports TLS certificates for both client and server to encrypt communication in transit RFC 5280, ETSI/eIDAS and WebTrust-compliant Support for HSMs from leading vendors Compliance support for NSA SUITE B algorithms Tamper-proof hardware for insecure environments with PrimeKey SEE Enabling GDPR-compliance across platforms and systems Future-proof and flexible to support regulatory demands of the future Full lifecycle support with certificate issuance, renewal and revocation Time-stamped digital signatures enabling traceability Support for vendor certificates and digital twins Ensuring identity and correctness in representation of digital twins Secure audit logs in all certificate lifecycle and digital signature operations Linear scalability for performance and high availability by adding multiple nodes High performance, >500 request s per second can be achieved on a single server Configurable to support a multitude of use cases Use standard SQL database, scaling infinitely Highly scalable Java Enterprise applications Proven to support billions of certificates in operation PrimeKey * * * * * * We all use digital signatures whenever we log in to our bank account, show our e-passport or use our credit card at the shops. This would not be possible without Public Key Infrastructure (PKI) enabling us to communicate securely on an insecure public network, such as the Internet. In the eighties, there was a young boy named Tomas Gustavsson growing up in Handen, a suburb south of Stockholm. Tomas quickly developed an interest in computer code, fuelled by films like . He tried a few times to hack into the accounts of his opponents in various computer games. His father bought him membership to the ABC Club, Sweden’s first computer asso­ciation. A lot of the discussions at the ABC Club were about IT security even back then. In 1994, Tomas focused his attention on crypto­graphy. He was already a research assistant at the School of Computer Science at the Royal Institute of Technology (KTH) in Stockholm. At this time, MIT released a standard for public key in­frastructure (PKI) with a central repository in Boston to create, store and distribute digital signatures. Soon, however, everyone in the cryptographic community realized that it was not viable to have only one certificate authority (CA). In 2001, Tomas and his team released the very first version of EJBCA. EJBCA is a PKI and CA software package. EJBCA became the most widely used PKI in the world today and is run by PrimeKey, the Swedish company which holds the copyright. In 2005, PrimeKey launched the very first version of SignServer. The software was originally developed to enable time-limited passports to be created in a fast and efficient way at airports. In this way, PrimeKey has helped forgetful travelers reach their destination for over a decade. SignServer has now grown to become advanced software for time stamping and code signing, digital documents, passport etc. In 2012, PrimeKey opened a subsidiary in Aachen, Germany. This was the birthplace of our hardware appliance products, which are groundbreaking solutions within PKI, Digital signing and security. With these appliances, you can now implement a PKI and Digital Signing solution in a fast, efficient and secure way. The use and development of our hardware appliance products has grown globally and now helps many companies install PKI in a smooth way. At the RSA show in 2017, PrimeKey showed PrimeKey SEE (Secure Execution Environment) for the very first time. The appliance drew a lot of attention and demand has been high since day one. The SEE is history in the making, and you can read more about it here. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|How can we help? h1|How it all h2|Cryptography The PrimeKey products h3|Welcome EJBCA SignServer EJBCA and SignServer Appliance PrimeKey SEE h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey began PrimeKey * * * * * * em|War Games Quality Assurance Engineer I like that management is effective at PrimeKey. They understand the importance of hiring good people and then simply clearing the way so their team members can do what they do best with few obstacles. Ebrahim has three MSc from three universities in three different countries: Armenia, Sweden and Canada. All of them within Software Engineering and Computer Science. He developed a passion for software quality assurance when he realized that he could explore how software is built and tested in top tech companies, such as PrimeKey. Ebrahim is an ISTQB certified tester and now works with software quality assurance at PrimeKey, which he finds fascinating. When feature designs are complete, he starts his test strategy and plan. This is done through collaborating with developers, understanding the changes/implementation and building the test strategy accordingly. CTO Tomas Gustavsson has a MSc from KTH in Stockholm and has been researching and implementing PKI systems since 1994. He is the founder and developer of the open source enterprise PKI project EJBCA, a contributor to numerous open source projects, and a member of the board of Open Source Sweden. As a co-founder of PrimeKey, Tomas is passionate about helping users worldwide find the best possiblelutions. PKI is the backbone of internet security and as such it is imperative for all of us that it is available to everyone who needs it. – Tomas Gustavsson PKI Specialist I’ve worked with PrimeKey for 4 years, and have installed PKI solutions in several different countries for governmental and public organisations. I enjoy taking the PKI implementation from the very beginning in the design phase to customer site acceptance. Chris has a background as a project engineer installing air traffic systems and configuring systems to customer specifications. He is now part of the Professional Services team at PrimeKey where he supports, designs, trains and implements PKI systems all over the world. VP Sales Jonatan Bunne is head of the PrimeKey sales team and has a degree in electric engineering. He has spent most of his career in technical sales. The sales team at PrimeKey helps enterprises and governments by guiding them to the right solution. This requires technical understanding and the ability to explain and educate. The possibility to work for a rapidly growing Swedish IT development company in an international, and fast paced environment is something that initially was very attractive to me and something that I still truly value at PrimeKey. VP Strategy & Partners, co-founder Admir Abdurahmanovic started working with applied cryptography as a mathematics student in 1989, in Sarajevo, Bosnia. Moving to Sweden, Admir continued working with implementations of crypto algorithms and protocols, specializing in applied PKI (Public Key Infrastructure). A co-founder of PrimeKey, Admir serves as VP at PrimeKey in charge of strategy and business development. As a co-founder, I am humbled that our company grew from local market focus to become international player in our field. Today, we are dynamic company that delivers mission critical security products to industries and governments. Quality Assurance Manager I realize again and again how much I like to work in such a respectful and valuing culture. Katharina is managing the QA of PrimeKey and says that she is “happy to guide a team of excellent QA people”. She has over 15 years of experience in software quality assurance and is an iSQI-certified agile tester and an ISTQB-certified test manager. Katharina has studied Electrical Engineering with a focus on Engineering Computer Science and now spends her days assuring the quality of PrimeKey in Aachen. System Architect Working at PrimeKey is a rare opportunity to work independently in a very versatile team. Manuel has nearly 20 years of professional experience in the security field. He has been part of PrimeKey since the start of PrimeKey Labs, the German subsidiary, and has previously spent his days with physical hardware and computer security. Manuel is now a Software Architect for PKI Appliance and PrimeKey SEE. CEO Magnus Svenningson has extensive experience from leading positions in the IT, telecom and identity management industries. He has a degree in Engineering from Lund University. PrimeKey has a global presence in the cybersecurity industry for more than 15 years and the need for our products and solutions is growing. We will continue to be a leading supplier in our technical niche as well as a great employer. – Magnus Svenningson VP Engineering Magnus Andrén holds a MSc in Computer Science and Engineering from Linköping University. He joined PrimeKey in 2016 with a background in Telecom. Magnus has previously worked in different management roles close to software development. By maintaining our technical expertise, we aim to continue to deliver our world-class products and services to customers around the world. VP Products Martin Oczko holds a diploma/MSc title in Computer Science and has over 15 years experience in IT security. He has been working in different technical and sales positions for globally acting IT security software and hardware vendors before joining PrimeKey in 2012. Since then Martin was responsible for the product management, development and production of PrimeKey’s hardware based products like the EJBCA Appliance and SEE. Martin is currently responsible for PrimeKey’s product portfolio and product strategy as well as the operations of PrimeKey Labs in Aachen, Germany. With a wide area of expertise and a highly motivated team, PrimeKey has an enormous innovation force. General Manager US Harry Haramis has more than 30 years of experience in the field of Information Technologies with extensive experience designing and developing state-of-the-art security technology solutions for the most complex and sensitive information systems. He has worked on projects of all sizes and in all areas of Network & Security infrastructure. As a proven leader, Harry has led teams of technical engineers to the successful conclusion of countless projects. He has published several white papers as well as hosted several seminars and presentations. He holds some of the industry’s highest certifications including CCIE #6772, CCNP, CCNA, CCSE, CISSP, CNE, VCP, and MCSE+I. With PrimeKey’s leading position in the PKI, Digital Signing, and Secure Execution Security space, it makes me extremely proud to be part of the team. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|How can we help? h1|Get to know some h3|Welcome Ebrahim Shirvanian Tomas Gustavsson Chris Job Jonatan Bunne Admir Abdurahmanovic Katharina Willmann Manuel Dejonghe Magnus Svenningson Magnus Andrén Martin Oczko Harry Haramis h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey faces PrimeKey * * * * * * The directive on security of Network and Information Systems (NIS) ensures member states are prepared, and provides legal measures to boost the overall level of cybersecurity in the EU. NIS requires member states to be appropriately equipped in several ways, including Computer Security Incident Response Teams (CSIRT) and a competent national NIS authority. Businesses that are identified as Operators of Essential Services (OES) have to take appropriate security measures and notify serious incidents to relevant national authority. Key digital service providers including search engines, cloud computing services and online marketplaces also have to comply with the security and notification requirements under the NIS directive. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|How can we help? h1|How does NIS work? h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * Driving transparency, interoperability and innovation across the European Union with eIDAS. The aim of eIDAS (electronic IDentification, Authentication and trust Services, ) is to spur digital growth within the EU. By creating standards to be eIDAS compliant for eIDAS electronic signatures, eIDAS advanced electronic signature, qualified digital certificates, electronic seals, time-stamps and other proof for authentication mechanisms, eIDAS enable electronic transactions with the same legal standing as transactions performed on paper. The eIDAS regulation has created an internal market area for trust services within Europe. Trust service providers (TSPs) are the companies or organization, that provides third-party trust services in the form of certificate issuance, signatures and authentication. The eIDAS regulation specifies the requirements that any public TSP operating within the EU must meet. This ensures the entire EU is operating using the same set of standards for certificate trustworthiness. eIDAS also introduces the concept of qualification for TSPs, where all TSPs across the EU must adhere to some basic requirements which are audited periodically at least every 24 months. PrimeKey’s Public Key Infrastructure and electronic signing solutions goes a long way in reducing the complexity of becoming an eIDAS compliant TSP. PrimeKey EJBCA eIDAS edition provides electronic certificate issuance, registration and validation services within the eIDAS context and is a proven solution to cost-efficiently establish core TSP capabilities. The PrimeKey EJBCA eIDAS edition, PrimeKey SignServer Time Stamp Authority and SignServer for electronic signatures and seals are available both as software and as hardware appliances. Enabling a broad adoption of in Europe will take more than a regulation. Delivering on the eIDAS vision requires a community of different actors, including trust service providers and technology providers, working together to support the eIDAS requirements. PrimeKey has numerous eIDAS and ETSI Webtrust audited customer installations and so far we have appreciated working with 30+ eIDAS (Q)TSPs. As one of the world’s leading companies for PKI and signing solutions, PrimeKey is committed to continuing to drive the adoption of digital signatures across Europe. PrimeKey is one of the world’s leading companies for PKI and electronic signing solutions, having developed successful technologies such as , SignServer Enterprise and PrimeKey EJBCA Appliance. The EJBCA eIDAS edition offers an easy and secure way of establishing the core capabilities of an eIDAS compliant TSP. The capabilities provided with EJBCA eIDAS edition include: PrimeKey understands that organizations have unique business challenges, including security requirements, compliance, budgets and the availability of internal resources. We give you the choice to combine software, hardware Appliance and Cloud deployments for your PKI solution. This means the infrastructure can be deployed in the manner best suited to your business needs and grow flexibly and expand over time. EJBCA Enterprise and SignServer Enterprise for eIDAS TSPs are available as: li|Becoming an eIDAS (Q)TSP Certificate Issuance Registration Point Validation Service High availability clustering Support for Common Criteria PP5 certified or FIPS 140-2 level 3 certified Hardware Security Modules (HSMs) , EJBCA Enterprise software including support for common criteria PP5 certified HSMs delivered as a turn-key hardware appliance, including Common Criteria PP5 certified HSM delivered as a turn-key hardware appliance including a FIPS 140-2 level 3 certified HSM delivered as a software appliance or a turn-key hardware appliance including a FIPS 140-2 level 3 certified HSM for electronic signing and electronic seals, delivered as a software appliance or turn-key hardware appliance, including a FIPS 140-2 level 3 certified HSM Registration authority with role-based access control and approval mechanisms Support for smart card protected crypto token activation Cryptographically protected audit log, recording all security events The standard EJBCA Appliance has a built in FIPS 140-2 level 3 certified HSM The EJBCA Appliance eIDAS edition has a built in Common Criteria PP5 certified HSM Reset-to-factory defaults mechanism including secure key zeroization Common criteria certified software components Built in backup and restore functionality SNMP monitoring Support for 2 and 3 node cluster setups offering fail-over or high-availability Dual Gigabit Ethernet ports with separation of management and application networks Redundant, field-replaceable power supply Easy to use update mechanism for firmware and application software SNMP monitoring Dual Gigabit Ethernet ports with separation of management and application networks Cryptographically protected audit log, recording all security events Registration Authority with role-based access control and approval mechanisms Support for operating multiple, independent PKI hierarchies within one installation Built in backup and restore functionality Share page st|How can we help? h1|eIDAS compliance and electronic signatures h2|Becoming a Trust Service Provider and eIDAS compliant PrimeKey’s role in the eIDAS community Benefits of PrimeKey EJBCA eIDAS edition for Trust Service Providers EJBCA Enterprise and SignServer Enterprise deployment options PrimeKey customers succeeding with eIDAS Get in touch with us about eIDAS h3|Welcome The eIDAS relevant core features of the PrimeKey eIDAS solutions to ensure auditability and trust Segregation of duties and access control Cryptographic controls Physical and environmental security, operational security Network Security Incident Management Compliance Selected blog posts ENISA Trust Services Forum and CA Day 2019 – My reflections from the events and the eIDAS evolution. [...] There are lots of practical lessons to learn from various countries who have implemented a digital society in different ways. [...] PSD2 – creating both opportunities and to-do’s h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions ZetesConfidens – A Qualified Trust Services Provider at your service Swisscom – Becoming eIDAS compliant and migrating from RSA to EJBCA Enterprise Bank-Verlag – Launching an eIDAS-compliant trust center for the German banking industry The Faroe Islands – Creating a Future-Proof National e-ID Stay up to date with our newsletters PrimeKey headquarters h5|eIDAS, Qualified Trust Service Provider, QTSP, Qualified Certificates EJBCA Enterprise, Becoming an eIDAS (Q)TSP EJBCA Enterprise, PKI Appliance EJBCA Enterprise, SignServer Enterprise eIDAS is truly a long-term vision and a journey Digitalization is based on security and open standards PSD2 is another step towards a digital single market in the EU. sp|PrimeKey * eIDAS and Trust Service Providers * * * * * * PrimeKey * * * * * * eIDAS (electronic IDentification, Authentication and trust Services) is an EU regulation (EU N°910/2014) on electronic identification and trust services for electronic transactions across the European Union. It was adopted in 2014, took effect in 2016 and provides a predictable regulatory environment to enable secure and seamless electronic interactions between businesses, citizens and public authorities across the digital European single market. The eIDAS vision centers around two core concepts, the first one being interoperability; member states are required under eIDAS to create a common framework that will recognize eIDs from other member states, while ensuring its authenticity and security. This is key in allowing citizens and companies to easily do business across borders. The second is transparency; if organizations are eIDAS compliant, eIDAS provides a clear and accessible list of trusted services that may be used within the centralized signing framework. This allows security stakeholders the ability to engage in dialogue about the best technologies and tools for securing digital signatures for the whole European single market. Read about becoming an eIDAS Trust Service Provider (TSP): PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|How can we help? h1|What is eIDAS? h2|Two core concepts of eIDAS h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * 2019-11-14 I attended two co-organized events in Berlin, The ENISA Trust Services Forum and CA Day, during the course of two days this year. It felt like one event because most people were there for both days, but nevertheless the focus for each is slightly different. The 2019 event was attended by more than 200 people, mostly from Europe but also from other parts of the world. The eIDAS regulation is attracting attention, as everyone is on the path toward further digitization of society, and it is a good practice to share experiences and learn what others are doing. You can easily say that the events were well organized and I can highly recommend attending. It is clear that eIDAS is truly a long-term vision and a journey aimed to bring great benefits to citizens, government, businesses and society at large. We have come a long way on this journey during the past few years, but it is also clear that there are further steps that need to be taken. The need for an improved internal market for e-transactions is obvious and from the data that was presented during the event there were still only a small number of e-transactions between member states. While eIDAS does a lot to tear down digital barriers for government communication and trade barriers for technology companies to provide services across Europe, the EU still consists of individual Member States who have a strong independence, different traditions and different short-term goals. This definitely sets some limits to the speed of which the EU wide changes can take place. Three topics that were discussed extensively and that I want to highlight: From my experience, the differences between audits in different countries and with different auditors were discussed as an issue in the times before eIDAS, under the old Directive, and it is still a hot topic. In addition to this, something that I learned is that the only mandatory document to fulfill in an eIDAS audit is the eIDAS regulation. The ETSI standard guiding technical implementations are not required by the law and the result is that a QTSP can implement the same regulatory requirement in different ways than suggested by the ETSI specifications, if the auditor, the CAB and the supervisory body approves it. Thus, finding conformity between audits is currently a far goal. Initial registration of individuals in many cases still require physical presence at some stage in the process. Remote identification for enrollment of individuals is a topic which has seen a lot of thought and innovation. In some member states, there are systems for remote identification, such as over a video link. This is not allowed in other member states. A conclusion from the event is that there is a clear desire for standardization in this area, both from technology vendors and TSPs. Finally, a mandatory review of the eIDAS regulation will be presented in 2020. The high level scope is to try to answer the following questions: My reflection is that eIDAS is already partly a success and the continued success of the regulation will depend on the level of reach and usage. Proper understanding and being able to measure aspects like usability for all, security and personal privacy and business drivers will be crucial for taking the next steps. On the more detailed level, the review will most likely include suggestions on modifications for some of the topics discussed above. Tomas has an MSc from KTH in Stockholm and has been researching and implementing PKI systems since 1994. Project founder and developer of the open source enterprise PKI project EJBCA, contributor to numerous open source projects, member of the board of Open Source Sweden. As a co-founder of PrimeKey, Tomas is passionate about helping users worldwide to the best possiblelutions. Contact Tomas: Driving transparency, interoperability and innovation across the European Union with eIDAS. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Conformity of audits used to gain the status of Qualified Trust Service Provider (QTSP) Remote initial identification of persons when issuing digital IDs Review of the eIDAS regulation Can we offer convenience? Can we offer consumer choice? Are we protecting data and privacy? Is there a level playing field for business? What is our global reach? Share page st|How can we help? h1|ENISA Trust Services Forum and CA Day 2019 – My reflections from the events and the eIDAS evolution h3|Welcome Author: Tomas Gustavsson Want to know more about our view on eIDAS? h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * PrimeKey is now offering a complimentary Gartner report to provide you with key findings and recommendations on IoT edge security. The IoT security market has an annual average growth of 20%. Spending is driven primarily by the manufacturing, automotive and transportation industries. According to Gartner, “Internet of Things (IoT) security spend patterns vary significantly across sectors, with areas such as manufacturing, automotive and transportation prioritizing security as a result of new risks from digital transformation initiatives.” Learn about key findings and recommendations that are especially relevant to Technology and service providers (TSPs). Read the full report to stay on top of the trends. Report Attribution Market Trends: IoT Edge Device Security, 2020, Ruggero Contu, Peter Middleton, Barika Pace, 3 March 2020 Infineon and PrimeKey teamed up to show how an implementation combining Secure Elements and PKI can eliminate threats like manipulation of multicopter “no flight zone” control software and enable trusted identities for multicopters. Because there are many modes of operations in IoT, it is important that a PKI system and the issuing of trusted identities (certificates) works in a multitude of deployment scenarios, both directly with devices and gateways, as well as through IoT platforms. If you are looking into IoT, think about security from the beginning and consider all the stakeholders in the ecosystem. PrimeKey can advise on existing frameworks to be reused to enable a trusted IoT solution over time. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|How can we help? h1|Market Trends: IoT Edge Device Security, 2020 h2|Sign up for the report h3|Welcome Learn more about security for IoT Drone safety via security: PKI in Action Security by Design – Master and implement your IoT business solution PKI Security supporting the full IoT ecosystem h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * Sign up on AWS: Already a customer? Log in here: EJBCA SaaS will provide you with the full power of , but without the need for managing the underlying infrastructure. Set up your EJBCA instance on AWS and we will make sure that your PKI infrastructure will be managed according to best practices and with the highest assurance. Choose your preferred subscription, leverage the elasticity and global presence of the service as you scale your infrastructure and rest assured that you will have a guaranteed SLA that you won’t have to maintain. Installing and maintaining a full blown Public Key Infrastructure (PKI) requires resources and expertise. Any Certificate Authority software, such as EJBCA, relies on a robust technology stack and as always when security and compliance are in focus, there is a constant need of monitoring, maintenance and updates. By choosing to deploy EJBCA SaaS you don’t need to worry about that. EJBCA SaaS reduces your internal need to manage yet another critical infrastructure component and it allows you to focus on your core business, whilst assured the highest level of security for your business critical application. Own your PKI but let us take care of the underlying infrastructure. EJBCA SaaS is just that; EJBCA. As a Service. And what do we mean by that? It means that you get access to all the advanced functionalities and abilities of EJBCA, something you normally won’t get with PKI aaS solutions. You can set up complex PKI use cases with large number of certificates, set up unlimited number of CAs and hierarchies and you can integrate and automate using any of the built in supported standard protocols or APIs. With EJBCA SaaS you are in full control of setting up your PKI and certificate services as needed for your use cases today and tomorrow. All customers have their own dedicated offline root – with full user activation / deactivation control. The service will provide you with the power of one of the most flexible and robust open source PKI products out there, without the need to manage the underlying technology stack. For full service transparency EJBCA SaaS includes monitoring and reporting services such as: EJBCA SaaS is offered on the AWS public cloud and setting up your solution starts with registering on the AWS marketplace. Once registered you will be directed to the EJBCA SaaS portal where the underlying infrastructure will be set up automatically for you. No need to discuss your solution with a sales representative and you are ready to go within 30 minutes. Through the EJBCA user interface you can then set up and manage your PKI solution as you prefer. Need any help? We have open and free quick start guides, how-to’s and product documentation for you to take part of, as well as 24/7 support services. Our skilled PKI professionals in Professional services can further support you with the PKI configuration and integration upon request. 1. Sign up for the services on the AWS marketplace 2. PKI Service set-up and configuration via the PrimeKey SaaS portal 3. Start your PKI set-up, define your CAs and leverage all protocols and open APIs, available for full application integration and automation and all of its features and flexibility. No sales process required AWS accounts holding private keys can be handed back if needed performance and capacity upgrades AWS KMS or AWS CloudHSM (coming soon) through dashboards EJBCA SaaS is available in different sizes where you can scale as you grow. For a full specification of the different options, see . Non-Production PoC/Lab/Dev/Test 99% 10 K 10 Certificates per second 25 OCSP responses per second 1 Region – US or EU or AP, 1 Availability zone Small production workloads and 99.95 % 250 K 25 Certificates per second 50 OCSP responses per second 1 Region – US or EU or AP, Typical production workloads, Manufacturing / IIoT, Large corporate IT workloads 99.95% 2.5 M 80 Certificates per second 100 OCSP responses per second 1 Region – US or EU or AP, Coming soon… Find all the detailed information you need – about the service, how to get started, product specifications, and more – on the PrimeKey Documentation pages. EJBCA SaaS can be deployed for advanced use cases in demanding situations. Some real life examples are: For large Med Tech companies providing medical technology monitoring vital values of patients in their everyday life, EJBCA SaaS can be used to provide security to their solutions. Key factors in a security solution for this use case is a need of a high level of security as it concerns the life and integrity of patients. It also needs to be globally available and elastic. And, finally it needs to be scalable as the amount of certificates grow. With no in house knowledge about PKI, many Med Tech companies hire external security consultants and aims to keep the billable hours low but the security level high. EJBCA SaaS, with its advanced PKI and minimal level of administration is thereby the optimal choice. The Internet of Things (IoT) has transformed the car industry, changing the way that people look at the driving experience. Electrical vehicles or connected cars offer the manufacturers, battery suppliers, insurance companies, and other service providers the opportunity to expand their offering while enabling them to gather important data about performance, maintenance, and driving behavior. However the data is of no use if it can not be trusted. PKI and EJBCA SaaS gives service providers the ability to engage in new and secure ways with the customer and their vehicles. Mobile devices store and transfer an incredible amount of corporate and personal data and more and more devices are entering enterprise networks every day. The IT department is responsible for making sure these devices are always secure. Intune is a Microsoft Mobile Device Management (MDM) enterprise solution that can manage devices and enable compliance with corporate security requirements. Using Certificates and PKI to enable strong authentication for mobile devices towards applications or networks is typically one of the fundamental security requirements and this is supported by Intune together with PrimeKey EJBCA SaaS as a certificate service. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|EJBCA SaaS PKI health status Total certificates generated, per month and day 24 hour chart showing certificate generation trends Quantity of certificates generated by profile Certificate expiration quantities over the next 30/60/90 days Select your EJBCA SaaS subscription and configure your contract details Set-up your account, enter a few configuration details and your PKI is ready to be deployed Share page st|Get your instance Run your PKI Use Case SLA Certificate capacity Certificate performance capacity with KMS OCSP performance capacity with KMS Geographic availability Use Case SLA Certificate capacity Certificate performance capacity with KMS OCSP performance capacity with KMS Geographic availability Use Case SLA Certificate capacity Certificate performance capacity with KMS OCSP performance capacity with KMS Geographic availability How can we help? h1|Hosted, Managed & Secure PKI: h2|Secure your access to resources and expertise World class PKI More than PKI as a Service Subscription offers Real life example of EJBCA SaaS h3|Welcome Advanced Certificate Authority technology It is really easy to get started! Med Tech Automotive Microsoft Intune h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions EJBCA SaaS Setup Full access to EJBCA Enterprise Instant subscription through the AWS Marketplace No vendor lock in On demand Choose your HSM Visibility and control Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey EJBCA SaaS * The full power of the EJBCA PKI without the headache of managing the underlying infrastructure Corporate IT workloads 2 Availability zones 2 Availability zones PrimeKey * * * * * * em|Coming soon Coming Soon that ensures that software on devices and computers is trusted and unmodified. Code signing is used to sign scripts and executables – it confirms the software author and guarantees the code has not been altered since it was signed. Code signing and are most commonly used to provide security when deploying software, such as installing and updating applications on your computer, smart phone, tablet or home appliances. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|Code signing is a digital signature How can we help? h1|What is Code Signing? h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * EJBCA Cloud; Powerful, flexible Certificate Authority and complete PKI, in the cloud. Public Key Infrastructure (PKI) is largely about managing secure digital identities that enables ways to protect data and know who is who when sharing information over untrusted networks. This is fundamental to most businesses and their applications today. PrimeKey’s extendable PKI covers all demands for digital identity issuing and management and it is proven to be both efficient and reliable. And now it’s also available in the AWS and Azure cloud. Strong encryption works if you do it the right way. Able to protect virtually any area of technology, our EJBCA software is used to meet all your needs for Public Key Infrastructure (PKI). PrimeKey’s EJBCA Cloud starts with just a few clicks, being a fully customized instance, tailored to your environment. Choose from several instance sizes, in many available regions so you get the perfect PKI solution for your organization. To get an introduction, see our complimentary . This online course walks you through how to get started. Read more about the EJBCA Enterprise software: Commonly referred to as a Certificate Authority (or CA), EJBCA Cloud PKI is an open source IT-security software for Certificate Issuance and Certificate Management. By keeping track on who to trust, EJBCA Cloud protects your data, allowing you to provide safe digital communication when needed. Extremely flexible, EJBCA Cloud is used for most imaginable PKI use cases. This is the one PKI software for any organization that needs to manage and operate its own serious, in-house PKI. Deployable today on your AWS or Azure cloud environments, EJBCA Cloud gives you full control of everything you do. Bundled with support and available services, it allows you to handle and maintain your PKI implementation successfully, despite your level of expertise with PKI. The support for HSMs brings the highest level of security by preventing unauthorized use of signing keys. PrimeKey EJBCA Cloud integrates with the FIPS 140-2 Level 3 certified AWS CloudHSM, AWS Key Management Service (KMS) and Azure Key Vault (FIPS 140-2 Level 2). Or if you prefer, you can also combine EJBCA Cloud with a standard on-premises HSM (Hardware Security Module) via, for example, AWS Direct Connect or Azure Express Route. In this highly-rated webinar, Alex Gregory, Director of Cloud Solutions at PrimeKey, lets you know all about PKI in the Cloud. See how EJBCA is deployed in the cloud and integrated into AWS CloudHSM to create Certificate Authorities and issue certificates. In this webinar on PrimeKey EJBCA in Azure, you will learn how to protect your CA keys in the Azure Cloud. Alex Gregory, Director of Cloud products at PrimeKey, fills you in on how to configure the Azure Key Vault for use with EJBCA Cloud and more. EJBCA Cloud VA offers a scalable, flexible, and cost-effective security solution. The OCSP protocol and CRLs provide validation for PKI, but typically require high volumes of connections that are geographically dispersed and require high server availability. All too often, customers are struggling to manage peak-hours of certificate validation requests without significantly adding to the cost of their PKI service. With PrimeKey’s EJBCA Cloud VA, customers can scale out their OCSP layer in a much more economical way. Rather than the incurring upfront and incremental investment associated with PKIs running in traditional, on-premise data centers, EJBCA Cloud VA offers the same functionality and the ability to scale out as the usage of the service changes and you only pay for the capacity that you use. EJBCA Enterprise is Common Criteria certified, as well as FIPS 201-2. Internal PrimeKey processes are ISO 27001, ISO 9001 and ISO 14001 certified. Thus enabling a turnkey PKI system for many government agencies looking for cloud solutions on AWS GovCloud and Azure Government. li|EJBCA Cloud Share page st|How can we help? h1|Cloud-based PKI to Prove Identity h2|Cloud-based PKI solution, EJBCA Cloud Webinars on EJBCA Cloud Webinar: Why PKI in the Cloud? Webinar: Azure Key Vault Integration Cloud-based Validation Authority (VA) on AWS AWS GovCloud and Azure Government Contact us about cloud-based PKI solutions h3|Welcome Security Infrastructure for any use case Control your own security with a cloud-based PKI Security and Control Many organizations today choose to deploy all or parts of their IT infrastructure and/or service offering in the cloud. Why? The ability to provide enterprises with these security services in an efficient way have resulted in an explosion in the popularity of PKI over the past couple of years. Browse EJBCA Cloud Documentation h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters h5|Blog: Why would you deploy your PKI in the Cloud? Blog: PKI for everything and in the cloud? sp|PrimeKey * * * * * * * PrimeKey * * * * * * . The was adopted by the European Parliament on July 6th, 2016, and entered into force in August 2016. Member states had to transpose the directive into their national laws by May 9th, 2018 and identify operators of essential services by November 9th 2018. For organizations to meet the obligations of NIS, the task can be separated into administrative and technical measures. Administrative measures are implemented through the accordance of security standards like ISO/IEC 27001 Information Security Management System (ISMS). These are supported by administrative actions and risk management measures including ongoing user training, security audits and ethical hacking to ensure security competency and to improve organization’s level of cyber readiness from both business and regulatory perspectives. Technical solutions include the implementation and continuous development of cyber situational awareness solutions such as SIEM (Security Incident and Event Management), secure identity confirmation tools, and data communications security solutions. Only a combination of administrative and technical measures is enough to comply with the NIS authoritative requirements. To meet the fundamental requirement under NIS for “appropriately authenticated and authorized” access, organizations need a method of defining and enacting controls that is both secure and can be deployed across disparate infrastructure and processes. Public Key Infrastructure (PKI) is the most widely adopted form of technology for establishing the identity of people, devices, and services – enabling controlled access to systems and resources, protection of data, and accountability in transactions. PKI includes a set of hardware, software, policies, processes, and procedures required to create, manage, distribute, use, store, and revoke digital certificates and public keys. Certificates are issued to entities such as users, devices, web servers, passports, smartcards and IoT devices. The provisioning of certificates to either devices or tokens enables two benefits. Firstly, it gives a device or a token an identity, and secondly, it provides the means to setup a secure encrypted communication channel. PKI and certificates deliver a method as required by the NIS directive to identify, trust and securely communicate with any entity throughout an entire organization, partners, and customers. PKI also underpins technologies, such as digital signatures and encryption for use cases as diverse as e-commerce and the growing . Digital signatures can secure additional activities, such as signing PDFs, code or other information assets, to ensure the origin of the document/code or to ensure that a transaction was in place at a certain time. Digital Signatures can allow an organization to track who exactly performed the signature and at what time. To learn more, download our white paper: PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|The Network and Information Systems (NIS) directive is an initiative developed to protect the economy of the European Union from major cyberthreats PKI & code signing help meet NIS compliance How can we help? h1|What is NIS Directive? h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * VA stands for Validation Authority. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|How can we help? h1|What does VA stand for? h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * RA stands for Registration Authority. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|How can we help? h1|What does RA stand for? h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * CA is short for . PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|How can we help? h1|What does CA stand for? h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * SSL stands for Secure Sockets Layer. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|How can we help? h1|What does SSL stand for? h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * TLS stands for Transport Layer Security. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|How can we help? h1|What does TLS stand for? h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * CSR stands for Certificate Signing Request. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|How can we help? h1|What does CSR stand for? h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * CRL stands for Certificate Revocation List. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|How can we help? h1|What does CRL stand for? h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * PKI stands for Public Key Infrastructure. Learn more about PKI: PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|How can we help? h1|What does PKI stand for? h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * Learn how to succeed in IoT implementations by considering the full scope of IoT business solutions. Sign up below to have the complete Gartner report emailed to you. This report is no longer available for download. Public Key Infrastructure (PKI) is now the de-facto standard for IoT. Find out how PrimeKey offers . Read more in our recent blog posts: PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|How can we help? h1|Complimentary Gartner report h2|Use the IoT platform solution reference model to design your end-to-end IoT business solutions PrimeKey IoT security solutions h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * 2019-06-20 Updated on: 2020-01-03 Because there are many modes of operations in IoT, it is important that a PKI system and the issuing of trusted identities (certificates) works in a multitude of deployment scenarios, both directly with devices and gateways, as well as through IoT platforms. New security protocols and standards are too often developed for IoT use cases. There is no need to reinvent the wheel when using PKI because existing standards fit most needs. Using existing standards gives quick access to well-tested, well-vetted, secure and robust technology. Application leaders and security experts should seek flexible security solutions and deployment options that will support their IoT implementation. Reasons why companies and organizations around the globe choose PrimeKey solutions and include: We help customers make unique and vigilant decisions about where and how to implement PKI and Signing in their solutions. However, other customers that PrimeKey meets have excellent IoT business solutions, but still struggle to understand the role IoT platforms play in the complete end-to-end solution. According to Gartner, “To succeed in IoT implementations, application leaders must thoroughly examine and understand the full scope of end-to-end IoT business solutions and the functional role of IoT platforms within them.” In order address these topics, we are offering the full report from Gartner which will help you design your IoT business solution. This report gives details on what application leaders and security experts should consider when choosing and deploying an IoT platform. In addition, you will learn about the IoT Business Solution Reference Model that can further help you identify where security needs to be applied. Being able to do this while a project is being defined enables you to understand how and when to protect sensitive data while managing the lifecycle of devices in the most cost-efficient way. “When choosing a strategic IoT platform provider, confirm whether or not the IoT platform can effectively support different deployment patterns to use as needed. Additionally, beware that different kinds of hardware can be used to support IoT edge computing, including embedded microcontrollers, industrial controllers (such as SCADA and PLCs), gateways, edge servers and micro data centers.” Gartner asserts. This report is no longer available. Malin Ridelius joined PrimeKey in March 2018 as Product Marketing Director. Malin has been working in product management/marketing and business development roles in several security companies including Giesecke & Devrient, HID Global and Nexus. She has 20 years’ experience in PKI, digital identities and electronic signatures, smart cards and related solutions. Contact Malin: Gartner, Use the IoT Platform Solution Reference Model to Help Design Your End-to-End IoT Business Solutions, Benoit Lheureux, Eric Goodness, Alfonso Velosa, 4 September 2018 PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Open standard protocols and integration interfaces to support certificate issuing and lifecycle management. The ability to enable certain PKI functions in the cloud, as appropriate, and controlling other PKI functions with on-premises software or appliance deployment. Capabilities to serve both small-scale and larger implementations, as appropriate and to support growth. Because trust and openness go hand-in-hand, are based on open source platforms. A large installed base assures maturity and commitment. Share page st|How can we help? h1|Security by Design – Master and implement your IoT business solution h2|Read more h3|Welcome Use the IoT Platform Solution Reference Model to Help Design Your End-to-End IoT Business Solutions Author: Malin Ridelius h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey is here to support you in making the right decisions when designing your . If you are facing the challenge of understanding the role IoT platforms play in the end-to-end solution, learn how to succeed in IoT implementations by considering the full scope of IoT business solutions. Public Key Infrastructure (PKI) has been proven capable of providing robust security services, such as authentication, integrity and confidentiality. It is a trusted core technology that has enabled security on the Internet for decades. PKI is now also defined as the security de-facto standard for IoT. PrimeKey * * * * * * Yourlution deployed according to your needs PrimeKey understands that organizations have unique business challenges, including security requirements, budgets and the availability of internal resources. We give you the choice to combine Software Appliance, Hardware Appliance, public Cloud and SaaS deployments for your PKI and Signing solution. This means the infrastructure can be deployed in the manner best suited to your business needs and can grow flexibly and expand over time. We are happy to support you in making the best decision for your particular set of needs and circumstances. Read more about our deployment options below and find the best PKI and signing solution for you. The PrimeKey software appliance is installed on-premises and operated from your on-prem servers and computing infrastructure. It utilizes your native virtualization resources and you can choose the HSM of your choice. In addition, the software appliance comes in different models for you to be able to choose the most cost-efficient deployment solution for your needs. With our software appliances for PrimeKey EJBCA Enterprise and SignServer Enterprise you get: With an on-premises hardware appliance installation from PrimeKey you can take advantage of hardened, high-performance servers built for organizations that do not want to spend time supporting the application and hardware stack and just want to deploy an on-premises secure PKI and signing solution. In addition, it comes in different models for you to be able to choose the most cost-efficient deployment for your needs. Our hardware appliance PKI and signature deployment models are packaged under the PrimeKey EJBCA Appliance and SignServer Appliance products and they offer: Enjoy rapid deployment, with no hardware to purchase, fully hosted and managed technology stack. Deploy your PKI solution in our Cloud SaaS to limit risks and increase speed to market. PrimeKey EJBCA SaaS offer: Enjoy rapid deployment, with no hardware to purchase and maintain or any upfront software license costs. Deploy our cloud based PKI and signature solutions in your AWS or Azure cloud environment. PrimeKey EJBCA Cloud and PrimeKey SignServer Cloud offer: Enjoy the greatest flexibility by enabling cloud och cloud SaaS functions as appropriate while benefiting from being in control of selected PKI and signing functions with on-premises software or hardware or appliance deployments. With a hybrid PKI and signing deployment solution from PrimeKey you can: Deploy your PKI and signing solution with full flexibility and access to source code with the Solution Platform deployment option. The on-premise solution platform is installed and operated from your on-prem servers and computing infrastructure. It utilizes your native computing resources and requires only a licensed copy of the solution platform software. With our solution platform deployment option for PrimeKey EJBCA Enterprise and SignServer Enterprise, you can: li|A turn-key solution including all required software. Single vendor supported and tested application stack. Quick and easy set-up, back/up restore and upgrades. Support for several virtualization platforms Support for the Hardware Security Module (HSM) of your choice Integrated software support services from PrimeKey. Built-in clustering and it is easy to scale the solution by just adding additional nodes behind a load balancer. The possibility to choose from different models and thus get the most cost-efficient and optimized deployment for your PKI use case and needs for capacity and performance. A turn-key solution including all required software and hardware A built-in FIPS 140-2, Level 3, Certified Hardware Security Module (HSM) that simplifies HSM integration and usage Single vendor supported and tested application stack Quick and easy set-up, installation including HSM and, back/up restore and upgrades. Integrated hardware and software support services from PrimeKey Built-in clustering and it is easy to scale the solution by just adding additional nodes behind a load balancer. The possibility to choose from different models and thus get the most cost-efficient and optimized deployment for your PKI or signing use case and needs for capacity and performance. A dedicated EJBCA Appliance eIDAS edition with a built-in Common Criteria certified HSM A turn-key service, including full access to all EJBCA’s PKI capabilities but no responsibility to maintain a SLA The service includes availability services as well as full management and maintenance of the PKI technology stack Choose between AWS KMS or AWS Cloud HSM Subscription based pricing, no upfront investment for hardware or PrimeKey’s software, you only pay for what you use. Available in different sizes and geographies to fit your needs today and tomorrow Quick and easy deployment, you are up and running in minutes Great possibilities to start small and grow with your use cases or need for certificate capacity. Increased speed to operation/market A turn-key solution including all required software on public Cloud: AWS and Azure Single vendor supported and tested application stack Out of the box support for cloud HSMs, AWS CloudHSM and Azure KeyVault No upfront investment for hardware or PrimeKey’s software, you only pay for what you use Quick and easy deployment, you are up and running in minutes 30-days free trial* Great possibilities for organizations that do not have on-premises IT infrastructure Increased speed to operation/market PrimeKey’s standard or premium support is included Benefit from all the advantages of PrimeKey PKI and signing deployment options at the same time. For example, deploy Validation Authority (VA) and Registration Authority (RA) systems on the Cloud for ease of scale Or deploy Certificate Authority (CA) systems on-premises (software or hardware appliance) for compliance and control, combine this with VAs and or RAs on the cloud. Get great flexibility for future use cases and other expansions Pick your own software and hardware stack. Leverage your investments in Hardware Security Modules (HSM). Have complete freedom with configuration, deployment and customization of your PKI and signing solution. Utilize any use case and be in complete control over performance and capacity of your PKI and signing solution. Make it easier for support teams with separate responsibilities for application, server, hardware, database, network, and HSM. Have full code control, including access to source code, with the possibility to add your own plugins and code extensions. Share page st|How can we help? h1|PKI deployment options h2|Software Appliance – Deploy your PKI and Signing solution in your own data centers Hardware Appliance – PKI and Signing in a hardware Box Cloud SaaS – EJBCA SaaS on public cloud AWS and Azure Cloud – PKI and Signing on public cloud Hybrid deployment – Combine and mix different options as it fits your needs over time Get in touch! h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PKI and signature solution deployment options – Software Appliance, Hardware Appliance, Cloud, SaaS or Hybrid Solution platform – Deploy your PKI and Signing solution with full flexibility * * * * * * PrimeKey * * * * * * IIoT stands for Industrial Internet of Things. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|How can we help? h1|What is IIoT? h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * NPKD stands for . PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|How can we help? h1|What does NPKD stand for? h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * MRTD stands for Machine Readable Travel Document. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|How can we help? h1|What does MRTD stand for? h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * PKCS stands for Public Key Cryptography Standards. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|How can we help? h1|What does PKCS stand for? h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * Here you can find more information about those who make up the PrimeKey Board of Directors. Chairman of the Board Jan Nygren served as the Minister of Coordination for the Swedish Government from 1994 to 1996, after which he was VP of Saab AB. He has also served as both State Secretary of Civil Affairs and State Secretary of Ministry of Defense. In addition to his work with the government and Saab, Jan has been chairman of the board of directors for FMV, a Swedish defense materiel administration, and a board member and chairman of several organizations, agencies and companies, including: Swedish Industry and Commerce Security Delegation, University West, the Swedish Governments IT Commission and the Supreme Commander’s liaison group. He is a member of The Royal Swedish Academy of War Sciences and the Royal Swedish Academy of Engineering Science. Jan holds an honorary doctoral degree in Technology from University West. Board Member Ola Alfredsson serves as Counselor for Defense Industry Cooperation at the Embassy of Sweden in Washington, D.C. He is a member of the Royal Society of Naval Science and has extensive experience from both executive positions within the Swedish defense industry and positions within international industrial corporations. Between 2009 and 2014, Ola was CEO of Kockums AB, the renowned submarine and naval ship manufacturer. Prior to that, he held senior executive positions within the defense industry in Germany and the UK for more than 8 years. From 1989 to 2001, Ola held positions within the Swedish shipbuilding industry from Project Manager to Director of Sales and Marketing. With an earlier background as a Royal Swedish Navy officer, he is a Swedish Naval Academy graduate and has a degree in Systems Engineering. Ola has completed multiple corporate strategic management, leadership and project management programs from Ashridge Business School, the University of Cologne and the Swedish National Defense College. System Architect Johan Eklund joined PrimeKey in 2007 and is an employee representative of the board. He has an MSc in Electrical Engineering and currently works as System Architect in the Engineering and Product Development Department. CTO Tomas Gustavsson has a MSc from KTH in Stockholm and has been researching and implementing PKI systems since 1994. He is the founder and developer of the open source enterprise PKI project EJBCA, a contributor to numerous open source projects, and a member of the board of Open Source Sweden. As a co-founder of PrimeKey, Tomas is passionate about helping users worldwide find the best possiblelutions. PKI is the backbone of internet security and as such it is imperative for all of us that it is available to everyone who needs it. – Tomas Gustavsson Developer and PKI Specialist Markus Kilås is an employee representative of the board. He has a MSc in Information and Communication Technology (ICT) from the Royal Institute of Technology (KTH) in Stockholm, Sweden. His thesis work was about digital signatures at Ericsson and he joined PrimeKey in 2018. Markus has worked with many customer projects in different areas over the years, including many ePassport projects. He has 10+ years of experience with PKI and digital signature projects. Markus joined the board in 2018 as an employee representative. He currently leads development of the PrimeKey SignServer product. Board Member Fredrik Rapp is the owner of investment company Pomona-gruppen AB. He is also on the board of Borgstena Group AB, Serica Consulting, TM Web Express AB and others. CEO Magnus Svenningson has extensive experience from leading positions in the IT, telecom and identity management industries. He has a degree in Engineering from Lund University. PrimeKey has a global presence in the cybersecurity industry for more than 15 years and the need for our products and solutions is growing. We will continue to be a leading supplier in our technical niche as well as a great employer. – Magnus Svenningson Board Member Tomas Tedgren is a board member and the investment manager of Pomona-gruppen AB. He is also a Management Consultant and Board Member of Eesti Höövelliist OÜ, Modulpac AB, e3k Gruppen AB, Rhodin & Eklund El & Tele AB among others. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|How can we help? h1|PrimeKey Board of Directors h2|Meet the Board h3|Welcome Jan Nygren Ola Alfredsson Johan Eklund Tomas Gustavsson Markus Kilås Fredrik Rapp Magnus Svenningson Tomas Tedgren PrimeKey provides world-class IT security solutions with passion and expertise. h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * CEO Magnus Svenningson has extensive experience from leading positions in the IT, telecom and identity management industries. He has a degree in Engineering from Lund University. PrimeKey has a global presence in the cybersecurity industry for more than 15 years and the need for our products and solutions is growing. We will continue to be a leading supplier in our technical niche as well as a great employer. – Magnus Svenningson VP Strategy & Partners, co-founder Admir Abdurahmanovic started working with applied cryptography as a mathematics student in 1989, in Sarajevo, Bosnia. Moving to Sweden, Admir continued working with implementations of crypto algorithms and protocols, specializing in applied PKI (Public Key Infrastructure). A co-founder of PrimeKey, Admir serves as VP at PrimeKey in charge of strategy and business development. As a co-founder, I am humbled that our company grew from local market focus to become international player in our field. Today, we are dynamic company that delivers mission critical security products to industries and governments. CTO Tomas Gustavsson has a MSc from KTH in Stockholm and has been researching and implementing PKI systems since 1994. He is the founder and developer of the open source enterprise PKI project EJBCA, a contributor to numerous open source projects, and a member of the board of Open Source Sweden. As a co-founder of PrimeKey, Tomas is passionate about helping users worldwide find the best possiblelutions. PKI is the backbone of internet security and as such it is imperative for all of us that it is available to everyone who needs it. – Tomas Gustavsson CFO Having held various position within different areas of finance and business administration, Erik Elfström decided to join PrimeKey as CFO in 2014. Erik holds a Bachelor of Science degree in Business Administration and Economics. Operating in a very interesting industry with a rapidly growing demand for our products and services, PrimeKey is well-positioned and a very exciting place to be. General Manager US Harry Haramis has more than 30 years of experience in the field of Information Technologies with extensive experience designing and developing state-of-the-art security technology solutions for the most complex and sensitive information systems. He has worked on projects of all sizes and in all areas of Network & Security infrastructure. As a proven leader, Harry has led teams of technical engineers to the successful conclusion of countless projects. He has published several white papers as well as hosted several seminars and presentations. He holds some of the industry’s highest certifications including CCIE #6772, CCNP, CCNA, CCSE, CISSP, CNE, VCP, and MCSE+I. With PrimeKey’s leading position in the PKI, Digital Signing, and Secure Execution Security space, it makes me extremely proud to be part of the team. VP Sales Jonatan Bunne is head of the PrimeKey sales team and has a degree in electric engineering. He has spent most of his career in technical sales. The sales team at PrimeKey helps enterprises and governments by guiding them to the right solution. This requires technical understanding and the ability to explain and educate. The possibility to work for a rapidly growing Swedish IT development company in an international, and fast paced environment is something that initially was very attractive to me and something that I still truly value at PrimeKey. VP Engineering Magnus Andrén holds a MSc in Computer Science and Engineering from Linköping University. He joined PrimeKey in 2016 with a background in Telecom. Magnus has previously worked in different management roles close to software development. By maintaining our technical expertise, we aim to continue to deliver our world-class products and services to customers around the world. VP Products Martin Oczko holds a diploma/MSc title in Computer Science and has over 15 years experience in IT security. He has been working in different technical and sales positions for globally acting IT security software and hardware vendors before joining PrimeKey in 2012. Since then Martin was responsible for the product management, development and production of PrimeKey’s hardware based products like the EJBCA Appliance and SEE. Martin is currently responsible for PrimeKey’s product portfolio and product strategy as well as the operations of PrimeKey Labs in Aachen, Germany. With a wide area of expertise and a highly motivated team, PrimeKey has an enormous innovation force. VP Marketing Malin Ridelius joined PrimeKey in March 2018. Malin has been working in product management, marketing and business development roles at several security companies, including Giesecke & Devrient, HID Global and Nexus. She has 20 years of experience in PKI, digital identities and electronic signatures, smart cards and related solutions. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|How can we help? h1|Management team h2|Hand picked for their h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Magnus Svenningson Admir Abdurahmanovic Tomas Gustavsson Erik Elfström Harry Haramis Jonatan Bunne Magnus Andrén Martin Oczko Malin Ridelius Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey Introducing our expertise and commitment +46 739 63 97 00 Send e-mail +46 708 37 02 37 Send e-mail +46 707 42 10 96 Send e-mail +46 707 55 33 86 Send e-mail 650-200-0443 Send e-mail +46 707 25 20 33 Send e-mail +46 737 45 01 54 Send e-mail +49 151 252 986 93 Send e-mail +46 70 376 88 06 Send e-mail PrimeKey * * * * * * PKI Software for free As part of our Open Source policy, we offer our software in free community editions. This means that you can download EJBCA Community and SignServer Community from SourceForge under . The two PrimeKey community editions are developed with the consistent high-quality focus of PrimeKey, but are limited to the core functionality. They are great tools for those who want to learn and use basic PKI without any advanced functionality or certifications. The table below describes the overall differences between the PrimeKey Community and Enterprise software. EJBCA Community is a free edition of PrimeKey’s PKI Software. It is an outstanding tool for those who want to test and learn the core functionalities of PKI. If you have a need for PKI and don’t require any advanced features or guaranteed certifications and regulations, this is for you. You can find more about EJBCA Community on . Some of the differences between EJBCA Community and EJBCA Enterprise are listed below. SignServer Community is our Signing Software for free. Here you will find the basic signing functionalities for time stamping and document signing. You can find more about SignServer Community on . Some of the main differences between SignServer Community and SignServer Enterprise are listed below. td|Core Functionality Advanced Functionality Compliance to certifications and regulations Community support (best effort) Professional support with SLA Access to professional services Access to training Scheduled releases Maintenance and security releases Additional feature releases X509 Certificate Issuance and Management Issuance and management of CV (ePassport) Certificates, with BAC and EAC Validation Authority (VA) Registration Authority (RA) Certificate Transparency Possibility to access to PrimeKey's StateDump tool, in order to facilitate mass deployments. Access to PrimeKey's Microsoft Autoenrollment Proxy Database Integrity Protection (having selected database tables signed on a per-row basis in order to ward against database tampering) Pre issuance key validation (allows the CA to refuse to sign known weak keys). CMP Vendor Mode Cert Safe Publishing SCEP RA Mode CMP CLI Client Legacy ExternalRA Proxy CMP Proxy Audit logging to file or database Digitally signed audit log in database Large file support Web-based administration interface Automatic renewal service Basic Time-stamping Professional Time-stamping Authenticode / Microsoft Code Signing Java Code Signing Document (MRTD) signing ICAO CSCA Master list signing Additional algorithm support th|Community Enterprise EJBCA Community EJBCA Enterprise SignServer Community SignServer Enterprise li|Community offering Share page st|How can we help? h1|The PrimeKey h2|Community Software – a part of PrimeKey Open Source Differences between Community and Enterprise Software Contact us h3|Welcome EJBCA Community SignServer Community h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions EJBCA Community vs EJBCA Enterprise SignServer Community vs SignServer Enterprise Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey Community Offering Yes Yes No Yes Not guaranteed Yes Yes Yes No Yes No Yes No Yes Yes Yes No Yes No Yes Yes Yes No Yes Yes, but only locally, with the CA and VA living in the same instance of EJBCA. Yes, both locally and with one or more instances of EJBCA acting as VA, using the Peers Protocol to communicate securely. Yes, but only locally, with the CA and RA living in the same instance of EJBCA. Yes, both locally and with one or more instances of EJBCA acting as RA, using the Peers Protocol to communicate securely. No Yes No Yes No Yes, on a per-customer basis. No Yes No Yes No Yes No Yes No Yes No Yes No Yes No Yes Yes Yes No Yes No Yes No Yes No Yes Yes Yes No Yes, including: Time synchronization monitoring eIDAS & Qualified Electronic Time-stamping extension No Yes, including: Signing of Windows Executable files & Signing of Windows Installer files (.MSI) No Yes, including: JAR signing & Android signing Yes Yes No Yes No Yes (Subject to SoW/support agreement) * * * * * * PrimeKey * * * * * * HTTPS stands for Hypertext Transfer Protocol Secure. HTTPS is an extension of HTTP and is used for secure communication over a digital network, most often the Internet. Learn more about IT security and PKI (Public Key Infrastructure), the backbone of most IT security solutions today: PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|How can we help? h1|What does HTTPS stand for? h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * that can be comparable with a physical identity card or a passport used in the analog world. A PKI certificate is a trusted digital identity. It is used to identify and authenticate users, servers or things when communicating over untrusted networks. A PKI certificate is also called a digital certificate. PKI certificates use private and public key encryption, where the public key is stored in the certificate together with information about the owner and some administrative data. The certificate is signed by the issuing CA and the signature is attached in the certificate. X.509 is the standard for the most commonly used digital certificate formats. The purpose of PKI certificates is to create a secure digital world where each certificate works as gatekeeper for secure sharing of digital information. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|SSL certificates Code signing certificates Email signing certificates IoT certificates Personal authentication certificates Share page st|A PKI certificate is a digitally signed document Different types of PKI and digital certificates include: How can we help? h1|What is a PKI certificate? h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * Many countries have implemented Biometric Passports (or e-Passports), allowing their citizens to travel more securely and efficiently. All efforts in standardization of travel documents are done under the umbrella of the International Civil Aviation Organization ( ). This makes travellers’ documents easy to recognize, read and validate by the foreign countries people visit. ICAO is in charge and operates a directory of certificates used to issue passports; each of the associated countries has its own certificate. The directory is called the Public Key Directory (PKD). Each sovereign nation handles the Public Key Directory (PKD) list on its own, as it finds appropriate and secure. The PrimeKey National Public Key Directory (NPKD) addresses the needs of a country to have an efficient, secure and robust system of importing other nations’ certificates from the PKD, as well as exporting its own certificates to the PKD. PrimeKey NPKD makes it easy to manage the imported top-level certificates from other countries – to decide if and how much they trust these certificates – to be able to swiftly revoke a certificate in case of need. PrimeKey NPKD works seamlessly with or and is used by several nations to issue their citizen passports. In fact, we have built in some of the security features used by EJBCA to the NPKD. As we are committed to open standards, one of them being ICAOs specifications, our PrimeKey NPKD is designed and works well even for those nations who have not yet migrated to EJBCA Enterprise. The PrimeKey NPKD solution is designed to exchange digital certificates and other security data with ICAO Public Key Directory, and make them available for inspection systems. The ICAO PKD works as a hub for exchanging information required to authenticate ePassports. Our NPKD includes configurable schedulers. This makes the application server automatically run all the necessary tasks to keep valid PKD object published and available for inspection systems. NPKD can connect to ICAO PKD and upload, download, or store passive authentication security data such as certificates, master lists, and CRLs. “Country A” represents a country using PrimeKey National Public Key Directory (NPKD) and “Country X” represents all other countries either using PrimeKey NPKD or another solution. li|PrimeKey NPKD Downloading Master Lists from a specific country Extracting Master Lists and inspecting their certificates Running ICAO checks on Master List CSCA certificates Storing Master Lists in databases for later use Publishing CSCA certificates to an NPKD LDAP server Downloading all Master Lists from ICAO Public Key Directory (PKD) Downloading all DS certificates and CRLs from ICAO PKD Uploading Master Lists to ICAO PKD Finding the CSCA that has signed DS certificates Finding Master Lists that contain CSCA certificates Auditing all access control and integritychange logs Share page st|How can we help? h1|NPKD, h2|What is National Public Key Directory (NPKD)? A National Public Key Directory with security and efficiency PrimeKey NPKD Contact us about NPKD, National Public Key Directory h3|Welcome National Public Key Directory setup Included Use Cases in PrimeKey NPKD h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey National Public Key Directory from PrimeKey A complete system for handling National Certificates within epass solutions * * * * * * * PrimeKey * * * * * * SignServer Cloud is a server-side digital signature software used to sign any digital document, code and more. Being able to digitize and automate business processes is very much dependent on electronic signatures that can ensure the integrity and authenticity of data over time. PrimeKey SignServer Cloud is a multi-purpose, server side, digital signing solution that is now available on the AWS and Azure public cloud. Being a multi-purpose platform, PrimeKey SignServer Cloud brings extensive support for several digital signing use cases including; documents, code, time-stamping and travel documents. In addition, SignServer Cloud is designed for a high level of automation and has extensive integration possibilities. SignServer Cloud is a server-side signing solution that enables you to centralize all your cryptographic signing operations and with that increase control, auditability and implement more cost-efficient administration. Our cloud-based digital signature software SignServer Cloud starts with just a few clicks, being a fully customized instance, on AWS and Azure, tailored to your environment and the growth of your service. Choose from several instance sizes, in many available regions and get the perfect code and document signing solution for your organization. PrimeKey provides you with all relevant documentation to set up your instance of SignServer Cloud on AWS and Azure, as well as to get you started with the SignServer software. The support for HSMs brings the highest level of security by preventing unauthorized use of signing keys. PrimeKey SignServer Cloud integrates with the FIPS 140-2 Level 3 certified AWS CloudHSM and Azure KeyVault (FIPS 140-2 Level 2) or if you prefer, you can also combine SignServer Cloud with a standard on-premises HSM (Hardware Security Module) via for example AWS direct connect or Azure Express Route. IT security is a moving target and it is crucial to keep your solution up to date in order to keep a high level of security. With PrimeKey Support services you get continuous updates of your signing solution, and professional support for any questions or issues you may have. Support is included in the SignServer Cloud, choose between the two options: Standard 8×5 or Premium 24×7 support. There are many business applications and development environments that need support for digital signatures, and the SignServer Enterprise software in SignServer Cloud can enable them all. Server-side digital signatures in the cloud give maximum control and security, allowing your staff and applications to conveniently sign your code and documents. EJBCA Enterprise is Common Criteria certified, as well as FIPS 201-2. Internal PrimeKey processes are ISO 27001, ISO 9001 and ISO 14001 certified. Thus enabling a turnkey PKI system for many government agencies looking for cloud solutions on AWS GovCloud and Azure Government. li|SignServer Cloud Share page st|How can we help? h1|Digital signatures in the cloud – SignServer Cloud h2|Digital signing made easy in the cloud Digital signing wherever you need Easy to get started Security and Control with digital signatures in the cloud Comprehensive support SignServer Enterprise Software SignServer Cloud Documentation AWS GovCloud and Azure Government Contact us about digital signatures in the cloud h3|Welcome Selected blog post about SignServer Cloud Digital Signing, using PKI and X.509 certificates, is the true enabler for automation and digitalization! h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters h5|Digital Signing evolving in to the cloud sp|PrimeKey * * * * * * * PrimeKey * * * * * * We are very proud of our brands, trademarks, products, logos and slogans and it is essential that our brand assets are used correctly. To assist you when working with our material, please follow the guidelines set out in this Trademark and Logo Usage Policy. In order to protect our products and product names, PrimeKey has registered our most important trademarks, PrimeKey , EJBCA and our PrimeKey logo, the PrimeKey “P”, in a number of countries. In the document , PrimeKey’s registered marks and pending applications are presented. PrimeKey’s products and services are used throughout the world. Use the text: “ ” where it is reasonably expected and intended to provide notice. For example, this text can go at the end of a document, on the back of a package or on a webpage. The trademark legend may be printed in small print. However, it must be large enough to be legible. This section guides you in how to use our trademarks and product names correctly. Please see examples below: Other PrimeKey products follow the same principle: Any third party’s use of intellectual property rights owned by PrimeKey Solutions AB must be authorized by PrimeKey. The information contained in this Trademark and Logo Use Policy is not intended to serve as legal advice. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|It is important to use the ® symbols correctly. In running text, our trademarks should be used the first time they are mentioned. After that, you may leave the ® out. When referring to the licensed version EJBCA, not the community version, EJBCA should be followed by Enterprise at least the first time that it is mentioned in a running text. The same applies to SignServer Enterprise. Never edit or change trademarks e.g. PrimeKey or EJBCA, i.e., it is not allowed to write “The Ejbca’s properties…” or “several Ejbcas”. First time mentioned in a text, use: PrimeKey (After that, use PrimeKey) First time mentioned in a text, use: PrimeKey EJBCA Enterprise (After that, use PrimeKey EJBCA Enterprise or EJBCA Enterprise or EJBCA) First time mentioned in a text, use: PrimeKey SignServer Enterprise (After that, use PrimeKey SignServer Enterprise, SignServer Enterprise or SignServer) First time mentioned in a text, use: PrimeKey PKI Appliance (After that, use PrimeKeyPKI Appliance or just PKI Appliance) PrimeKey SignServer Appliance and then SignServer Appliance PrimeKey EJBCA Cloud and then PrimeKey EJBCA Cloud PrimeKey SignServer Cloud and then PrimeKey SignServer Cloud PrimeKey SEE and then PrimeKey SEE PrimeKey NPKD and then PrimeKey NPKD Authorized use of PrimeKey IP should be approved in writing by PrimeKey Solutions AB. When an authorized third party uses intellectual property rights owned by PrimeKey Solutions AB, the use must be correct and PrimeKey should be informed. The third party must always refer to PrimeKey in their use, as a quality marker and to show PrimeKey’s ownership of the rights. See the Trademark Legend section in this policy. Any unauthorized use of intellectual property rights owned by PrimeKey Solutions AB will be considered an infringement and legal actions will be taken against the user. Share page st|PrimeKey and EJBCA are trademarks of PrimeKey Solutions AB. How can we help? h1|PrimeKey h2|Registered Marks Trademark Legend The Guidelines h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey Trademark & Logo Usage Policy PrimeKey Logos PrimeKey logotype The logotype comes in two alternatives – one with black type and one with white type. The one with black type should be used in most circumstances and preferably on a white background. The minimum space surrounding the logotype is at least the height of the “P” in the wordmark. The PrimeKey symbol Product logotypes The product logotypes stand on two lines – the first line uses Roboto Medium and the second line uses Roboto Light. The height of the right square group creates the height of the wordmarks. Unauthorized use of PrimeKey registered IP Disclaimer PrimeKey * * * * * * Best practice to upgrade your Public Key Infrastructure A typical enterprise PKI infrastructure grows over time, with shifts in business needs and added use cases. The result is often a heterogeneous environment with inconsistent security policies, where the costs associated with maintaining security and administration grows. Moreover, older PKI solutions may have limitations in business model or functionally that make them unfit to support current needs and regulatory requirements. Regardless of the driving force for migration and consolidation, PrimeKey’s solution is a proven, scalable and flexible choice. The stakes are high when migrating or consolidating an enterprise PKI infrastructure. It is imperative that current solutions enabled by existing certificate services continue working with limited interruption, that the migration project manage existing interfaces and integrations to external systems, and that the robustness of the infrastructure is maintained – or improved – with the migration. PrimeKey have vast experiences migrating existing solutions to PrimeKey EJBCA, with best practices ensuring: With PrimeKey EJBCA you can rest assured that your organization has a solution that will accommodate current and future PKI needs. To minimize complexity when migrating from RSA Digital Certificate solutions, Primekey have developed a migration tool readily available to organizations moving to PrimeKey EJBCA. PrimeKey’s experience is that many organizations that have been using ADCS for a while get stuck. Organizational changes, operational challenges and new business opportunities can no longer be supported in an effective way. Are you using Microsoft ADCS and consider migrating? No problem, PrimeKey has done this before. Listen to how Swisscom explain how they migrated from RSA to EJBCA Enterprise. Recording from PrimeKey Tech Days 2018. Fabien Hochstrasse, ICT Operational Engineer at Swisscom, gives a presentation on Chronicle of a journey to EJBCA. Recorded at PrimeKey Tech Days 2018. li|PKI Migration A smooth and secure migration. A predicable project scope. Improved certificate managed functions and control. A flexible and extendable CA platform. A secure and reliable installation. An open and future proof product. Share page st|How can we help? h1|PKI Migration h2|Ready to draw benefit from your CA migration? Best Practice by PrimeKey Your PKI migration Chronicle of a journey to EJBCA Thinking of a PKI migration? Get in touch with us! h3|Welcome RSA Migration Microsoft Migration h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey * * * * * * PrimeKey * * * * * * EJBCA Appliance with its integrated HSM is the easiest and most efficient way to deploy and manage an enterprise PKI system. Predict costs and save resources while increasing the quality and minimizing the risks of your PKI project. With EJBCA Appliance, you get a simplified installation and maintenance of your PKI solution, including an integrated Hardware Security Module (HSM). Our turnkey PKI hardware appliance is the best choice for most medium to large deployments — suitable even for managed services, Internet of Things (IoT) and eIDAS (qualified) Trust Service Providers. Our turn-key PKI solution offers the easiest and most secure way to deploy an enterprise PKI system without the hassles of elaborate installation and integration procedures. By delivering strongly on security, auditability, performance and simplified maintenance, EJBCA Appliance empowers your security team to focus on aspects more directly beneficial to your business — the core certificate issuing and lifecycle management for your infrastructure and business critical applications and services. EJBCA Appliance comes in different capacity and performance models. Based on a stable technology stack, it supports easy and controlled maintenance. The hardware appliance is particularly useful if you are are looking for an on-premise solution based on a combined hardware and software package for your PKI solution and you do not want to add extensive server maintenance to your already very busy IT people. It will enable you to save months of work and resources. Get all the benefits with our PKI appliance in a single deployment, combine EJBCA Enterprise software with a secure hardware and software technology stack and an HSM. EJBCA Appliance combines our EJBCA Enterprise software with a secure technology stack and enterprise-grade hardware, including a Hardware Security Module (HSM). In a single deployment, PKI Appliance gives you all the benefits of EJBCA Enterprise. And a single instance of the Appliance enables you to govern multiple CAs, reducing any need for several, dedicated hardware units. Manufactured from our comprehensive experience and expertise, PrimeKey EJBCA Appliance with its integrated HSM succeeds in making your EJBCA PKI solution more robust, cost efficient and more scalable. EJBCA Appliance XS is the smallest hardware appliance with support for up to 1,000 certificates. It is ideal for an offline Root CA in a PKI deployment. This is your PKI start environment―EJBCA with everything you need. EJBCA Appliance S supports the operation of multiple, independent PKI hierarchies with one installation. Start with model Medium if you already know that you need more certificates and better certificate performance capacity. This model supports up to 15 million certificates. Model Large has better certificate issuing performance and it manages more certificates. If you have one or a couple of use cases that need a lot of certificates and you expect more use cases in the near future, then you should choose Large. EJBCA Appliance XL is suited for extremely large PKI deployments with the need for more than 100 million certificates. It has the same certificate issuing performance as model Large, but supports up to 160 million certificates and has an upgraded storage. PrimeKey’s hardware appliances can be deployed in the manner best suited to your business needs, growing flexibly and expanding over time as needed. The Validation Authority and Registration Authority are available as stand-alone models and integrated in the standard models. The hardware appliance is also available as an eIDAS edition including a Common Criteria Protection Profile EN 419 221-5 Hardware Security Module (HSM). Find out more: PrimeKey Code Signing Appliance is a SignServer-in-a-box offering ease and more security. Standalone, turn-key solution for operating VA services based on OCSP and CRLs. The PrimeKey Time Stamp Appliance is a time-stamping authority in-a-box. With PrimeKey Support & Maintenance, you will get continuous updates of your PKI solution and professional support for any questions you may have. li|EJBCA Appliance Share page st|with an integrated HSM How can we help? h2|Make PKI simpler and safer EJBCA Enterprise Five models adapted to your needs How to deploy EJBCA Appliance featured customer stories PrimeKey Support Contact us h3|Welcome HSM and PKI, our packaged PKI-in-a-box Extra Small EJBCA Appliance Small EJBCA Appliance Medium EJBCA Appliance Large EJBCA Appliance Extra Large EJBCA Appliance Browse EJBCA Appliance Documentation Code Signing Appliance Validation Authority Appliance Time Stamp Appliance h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Bank-Verlag – Launching an eIDAS-compliant trust center for the German banking industry Benefits of PKI at Zenefits Malaysian bank opts for PrimeKey PKI Appliance ITCARD – Smooth sailing with secure Point of Sales Stay up to date with our newsletters PrimeKey headquarters h5|EJBCA Enterprise, PKI Appliance PKI Appliance, Cloud MDM Internal CA system, Integrated Turn-Key PKI platform Point of Sales, PKI Appliance sp|PrimeKey PKI hardware appliance * Extra Small EJBCA Appliance Small EJBCA Appliance Medium EJBCA Appliance Large EJBCA Appliance Extra Large EJBCA Appliance * * * * * * PrimeKey * * * * * * A sophisticated toolbox for certificate enrollment li|Share page st|How can we help? h1|Registration Authority h2|Contact us h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey Registration Authority (RA) For EJBCA Enterprise The EJBCA RA provides a sophisticated toolbox for enrollment of any certificate type. As an external entity to the Certificate Authority (CA), it allows for an additional layer of security around the CA. Why use an RA? A Certificate Authority is a fine thing to have; it registers users, issues certificates, it manages their life-cycles and it revokes them when needed. Yet a CA has no purpose without effective and secure means for users to interact with its functionality, whether these are machines, people or software. Human users need a graphical user interface with which they can issue a certificate request to the CA and machines or applications use online protocols or APIs to automate the issuing process, and for this they both need the EJBCA Registration Authority. It is often desirable to physically separate CA and RA, allowing one to reside in a secure environment with minimal access, while the other can reside in a DMZ or even publicly. In short, an RA is the CA’s face to the world. Certificate Management The EJBCA RA provides a sophisticated toolbox for a user to enroll for any certificate type, whether predefined or defined on the CA, either by submitting a Certificate Signing Request (CSR) to have a local key pair signed, or by requesting a certificate based on a key pair stored on the CA. An intuitive interface will guide the user, whether an administrator or the end client, through the entire process. If certificate issuance can’t be immediate, users can request to either have their certificates delivered by e-mail or can retrieve them from the RA at a later date using a retrieval code. Request Management PrimeKey has implemented a brand new approval process where approvals can be defined as profiles, which in themselves can be partitioned up into segments to be approved by different administrators. Requests can be handled either on the CA or directly on the RA. This provides great value for organizations that need to map their own workflows to the approval process. Sophisticated Rights Management Using the same rights management system as EJBCA, the same RA can service anybody from a public, unauthenticated user, to an authenticated customer, to a local administrator. Each sees only the functionality they have access to, allowing multiple roles to perform duties connected to the same system. Microsoft Active Directory Integration Looking at the integration support for Microsoft Active Directory in EJBCA, we have developed the possibility to enhance functionality and create even more value for the user. The EJBCA Certificate Auto-enrollment component combines the full flexibility of EJBCA Enterprise issuing certificates to different Active Directory users and machines, even supporting multiple use cases. Clustering the RA You can have several RA servers, in order to provide high availability, or increased performance. The RA itself is stateless and therefore any user can access any RA server to perform their tasks, as long as it is an RA with the same privileges. User session against the RA UI uses HTTPS sessions, and are typically pinned to a certain node by a load balancer * * * * * * PrimeKey * * * * * * EJBCA Enterprise covers all your needs for Public Key Infrastructure (PKI) and Certificate Management. EJBCA Enterprise is a multipurpose PKI software that supports multiple CAs and levels of CAs to enable you to build a complete infrastructure (or several) for multiple use cases within one instance of the software. Different use cases have different requirements on how registration, initial enrollment and life-cycle management should be performed. EJBCA Enterprise enables multiple integration and automation possibilities and issues certificates to persons, infrastructure components and IoT devices. EJBCA Enterprise is flexible, scalable and secure and is installed at numerous ETSI/eIDAS-, WebTrust audited and . EJBCA Enterprise offers Certificate Authority, Registration Authority and Validation Authority (OCSP and CRL) functionality. PrimeKey’s extendable PKI covers all demands for efficient and reliable issuing and management of digital identities for people, infrastructure components and other devices. Able to protect virtually any area of technology and use case, our EJBCA Enterprise software is used to meet all your needs for Public Key Infrastructure (PKI). PrimeKey’s comes as flexible software, as an easy-to-use turn-key software or hardware appliances, or as a . But technology isn’t everything, for proper security you need to think of organization, architecture and how it all fits your business solution. PrimeKey has extensive experience in implementing PKI solutions in many types of organizations all over the globe and can assist you along the way. Commonly referred to as a Certificate Authority (or CA), EJBCA Enterprise PKI is an open source IT-security software for Certificate Issuance and Certificate Management, used for secure communication in any environment. To properly enable security through certificates, EJBCA Enterprise also includes both Registration Authority (RA) and Validation Authority (VA) functionality. Extremely flexible, EJBCA Enterprise is used for most imaginable PKI use cases and scenarios. The solution can be found in face-to-face issuing workflows as well as in highly automated processes via standard protocols and interfaces. EJBCA Enterprise follows best practices. It has detailed, signed audit and transaction logs, role-based authorization, extensive support for hardware security modules and is designed for scalability and reliability. This is the one PKI software for any organization that needs to manage and operate a serious PKI. In addition, EJBCA Enterprise is already deployed by numerous ETSI/eIDAS- and WebTrust audited reference customers. Bundled with support and services, EJBCA Enterprise allows you to handle and maintain your PKI implementation successfully, independently of your level of skills. Through digital certificates all persons and devices in a PKI solution have a unique and secure identity. With the help of public and private keys, all data in a PKI solution is encrypted and safe from tampering. Signing code, time, documents etc. ensures the authenticity of any data in a PKI solution. EJBCA Enterprise is for all professional users, in all types of companies and you can enjoy the greatest flexibility of deployment options. Enable certain PKI functions in the cloud, as appropriate, while benefiting from being in control of other PKI functions with on-premises software or appliance deployments. EJBCA Enterprise gives you full control of everything you do. The robustness of EJBCA Enterprise provides the capability of serving both small-scale and larger implementations with millions of users or devices in high availability environments without compromising on security. Built on open standards, an open source platform and a large installed base all around the world, EJBCA Enterprise brings the maturity, transparency and commitment required for any security focused PKI solution. Fill in your contact information below and we will get in touch with you. Combine the full flexibility of EJBCA Enterprise with Active Directory. With the Certificate Auto-enrollment for EJBCA Enterprise, you can add several templates and match them with EJBCAs Profiles, and you can support multiple use cases. Yes, you can now run this add-on on a Linux server, if you like to. A sophisticated toolbox for a user to enroll any certificate type. The EJBCA RA provides a sophisticated toolbox for a user to enroll for any certificate type, whether predefined or defined on the CA, either by submitting a Certificate Signing Request (CSR) to have a local key pair signed, or by requesting a certificate based on a key pair stored on the CA. EJBCA Validation Authority (VA) enables on-line verification of authentication and digitally signed transactions. As with any software, and especially with security software, it is important to keep EJBCA updated with continuous releases and security patches. Having a subscription to PrimeKey Support will not only give you access to new upgrades and features, but also ensure that your software is kept up to date when it comes to security. In short, PrimeKey Support will keep your software at the highest security standards. Through a PrimeKey Support subscription, both your management and your customers can sleep sound, assured that audit and policy requirements are fulfilled. And in case of issues with your PKI, or simply new demands on it, you have timely access to, and support from, our skilled PKI professionals. PrimeKey’s training courses are tailored solely toward our customers that utilize PrimeKey PKI Technology. Our state-of-the-art trainings are suitable to advanced users such as technicians, engineers, developers, specialists and system architects. Regardless of prior level of knowledge, any member of your PKI crew can benefit greatly from our Enterprise Training Courses. – , says Allen Liang, Feitian Technologies Ltd. Each tailored real-life course facilitates the different steps of your specific project, and may later on prove crucial to your progress and ability to succeed in challenging circumstances. As participants learn basic and advanced features and have their PKI managing skills increase, they will learn to Are you looking for information about EJBCA installation or EJBCA upgrades, find . PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|EJBCA Enterprise Security by design by following the best practice security evaluation standard Mature and widely proven source code Comprehensive strategic engineering services Short project duration, with fast project deployment Common Criteria Detailed audit and transaction logs Role-based authorization Support for Hardware security modules (HSM) eIDAS edition with support for a Common Criteria Protection Profile EN 419 221-5 HSM Designed for scalability and reliability Service availability across maintenance windows Scalability and availability using clusters Configurable certificate profiles (X.509, eIDAS, PSD2, CVC, RFC5280, RFC 6962, EV Certificate Certificate Authority, Registration Authority and Validation Authority (OCSP and CRL) functionality Integration interfaces (REST, WebServices, ACME, CMP, EST, SCEP, etc.) Multi-use case and multi-tenant platform Flexible deployment options Supports most major databases ETSI/CWA-compliant and WebTrust-compliant references ease software evaluation and get the most out of any PKI project. build and deploy your PKI timely and with minimal risk. minimize unplanned downtime. Share page st|How can we help? h1|EJBCA Enterprise h2|EJBCA Enterprise and Public Key Infrastructure (PKI) Flexible Certificate Authority (CA) software PKI with EJBCA Enterprise Selected success stories from working with EJBCA Enterprise Deployment options – Software, Appliance, Cloud or Hybrid Contact us Support and maintenance Training h3|Welcome Cost efficient end-to-end security works, if you do it the right way. EJBCA Enterprise PKI is security infrastructure for any use case Control your own security with EJBCA Enterprise Flexibility at all levels Key features Lowest Total Cost of Ownership (TCO) High Security and Reliability Flexibility Audit Compliance Certificate Auto-enrollment RA – Registration Authority VA – Validation Authority EJBCA training h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions QuoVadis secures leading position Turkish Delight – or how to issue 10,000 high-quality e-Passports every day Siemens – Ingenuity for life and safe communications National e-ID for the citizens of the Philippines Authentication Encryption Signing Stay up to date with our newsletters PrimeKey headquarters h5|Certificate Authority, Registration Authority, Certificate Transparency E-passports, Turkey IoT eID, EJBCA sp|PrimeKey from PrimeKey * As the world’s most used PKI (Public Key Infrastructure), certificate issuing and management software, EJBCA Enterprise provides you with the basic security services for trusted identities and secure communication in any environment and use case. EJBCA Enterprise is a multipurpose PKI software that supports multiple CAs and levels of CAs to enable you to build a complete infrastructure (or several) for multiple use cases within one instance of the software. with EJBCA Enterprise PrimeKey understands that organizations have unique business challenges, including security requirements, budgets and the availability of internal resources. That’s why we give you the choice to combine Software Appliance, Hardware Appliance and public Cloud deployments for your PKI and Signing solution. This means the infrastructure can be deployed in the manner best suited to your business needs and can grow flexibly and expand over time. PrimeKey * * * * * * em|We are very satisfied with the training course and it has met our needs The Common Criteria for Information Technology Security Evaluation (Common Criteria or CC) is an international standard for computer security certification. A Common Criteria certification is often performed to show compliance with a Protection Profile (PP), which is a requirement document created by a user group or government. The Protection Profile ensures that all products of a certain type, such as certificate authority software, are certified according to the same requirements and that they are comparable. Read more about the PrimeKey EJBCA Enterprise Common Criteria certification on PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|How can we help? h1|What is Common Criteria? h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|How can we help? h1|Training h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions PrimeKey Open Training Online Training Customer Training Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey PrimeKey * * * * * * A digital certificate is a digitally signed document and can be compared with the physical identity card or a passport in the analog world. A digital certificate is used to provide and prove the identity of a user, server or thing when communicating over untrusted networks. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|How can we help? h1|What is a digital certificate? h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * Established in 1878, SGS transformed the grain trading business in Europe by offering innovative agricultural inspection services. Today, with a reputation as the global benchmark for quality and integrity, SGS focuses on innovative ways to deliver business benefits across fourteen industries. Its global network of more than 80,000 employees helps customers improve quality, safety, efficiency, productivity, and speed to market, while reducing risk and building trust in sustainable operations. SGS handles a huge amount of documents and the company needed a secure and scalable solution for signing PDF documents centrally for proof of origin. Adobe Portable Document Format (PDF) was invented by Adobe Systems and is an open standard formally recognised by the International Organization for Standardization (ISO). SGS needed a signing solution that was robust, high speed and could be integrated into the SGS workflow. PDF signing also had to be compatible with existing client software, and quickly adapt to any PDF security issues that could arise. PrimeKey has therefore supplied the company with SignServer Enterprise PDF Signer software, using a signing certificate issued by a global CA authorised by Adobe. Christophe Sahut, Corporate Infrastructure Architect at SGS, says, “We needed an efficient and low maintenance signing solution that enables SGS to seamlessly generate PDFs and get them signed”. “Signing a PDF is a critical key ingredient in the SGS business process and the knowledgeable team from PrimeKey delivered a solution that meets our high standards,” adds Christophe. Server-side digital signatures give maximum control and security, allowing your staff and applications to conveniently sign code and documents. We’d love to help you succeed. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. li|Share page st|How can we help? h1|SGS – When you need to be sure h2|Products used for this customer Get in touch with us h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Document Signing, Inspection, Verification, Testing, Certification SignServer Enterprise Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey * * * * * * PrimeKey * * * * * * EJBCA Appliance with its integrated HSM is the easiest and most efficient way to deploy and manage an enterprise PKI system. Predict costs and save resources while increasing the quality and minimizing the risks of your PKI project. With EJBCA Appliance, you get a simplified installation and maintenance of your PKI solution, including an integrated Hardware Security Module (HSM). Our turnkey PKI hardware appliance is the best choice for most medium to large deployments — suitable even for managed services, Internet of Things (IoT) and eIDAS (qualified) Trust Service Providers. Our turn-key PKI solution offers the easiest and most secure way to deploy an enterprise PKI system without the hassles of elaborate installation and integration procedures. By delivering strongly on security, auditability, performance and simplified maintenance, EJBCA Appliance empowers your security team to focus on aspects more directly beneficial to your business — the core certificate issuing and lifecycle management for your infrastructure and business critical applications and services. EJBCA Appliance comes in different capacity and performance models. Based on a stable technology stack, it supports easy and controlled maintenance. The hardware appliance is particularly useful if you are are looking for an on-premise solution based on a combined hardware and software package for your PKI solution and you do not want to add extensive server maintenance to your already very busy IT people. It will enable you to save months of work and resources. Get all the benefits with our PKI appliance in a single deployment, combine EJBCA Enterprise software with a secure hardware and software technology stack and an HSM. EJBCA Appliance combines our EJBCA Enterprise software with a secure technology stack and enterprise-grade hardware, including a Hardware Security Module (HSM). In a single deployment, PKI Appliance gives you all the benefits of EJBCA Enterprise. And a single instance of the Appliance enables you to govern multiple CAs, reducing any need for several, dedicated hardware units. Manufactured from our comprehensive experience and expertise, PrimeKey EJBCA Appliance with its integrated HSM succeeds in making your EJBCA PKI solution more robust, cost efficient and more scalable. EJBCA Appliance XS is the smallest hardware appliance with support for up to 1,000 certificates. It is ideal for an offline Root CA in a PKI deployment. This is your PKI start environment―EJBCA with everything you need. EJBCA Appliance S supports the operation of multiple, independent PKI hierarchies with one installation. Start with model Medium if you already know that you need more certificates and better certificate performance capacity. This model supports up to 15 million certificates. Model Large has better certificate issuing performance and it manages more certificates. If you have one or a couple of use cases that need a lot of certificates and you expect more use cases in the near future, then you should choose Large. EJBCA Appliance XL is suited for extremely large PKI deployments with the need for more than 100 million certificates. It has the same certificate issuing performance as model Large, but supports up to 160 million certificates and has an upgraded storage. PrimeKey’s hardware appliances can be deployed in the manner best suited to your business needs, growing flexibly and expanding over time as needed. The Validation Authority and Registration Authority are available as stand-alone models and integrated in the standard models. The hardware appliance is also available as an eIDAS edition including a Common Criteria Protection Profile EN 419 221-5 Hardware Security Module (HSM). Find out more: PrimeKey Code Signing Appliance is a SignServer-in-a-box offering ease and more security. Standalone, turn-key solution for operating VA services based on OCSP and CRLs. The PrimeKey Time Stamp Appliance is a time-stamping authority in-a-box. With PrimeKey Support & Maintenance, you will get continuous updates of your PKI solution and professional support for any questions you may have. li|EJBCA Appliance Share page st|with an integrated HSM How can we help? h2|Make PKI simpler and safer EJBCA Enterprise Five models adapted to your needs How to deploy EJBCA Appliance featured customer stories PrimeKey Support Contact us h3|Welcome HSM and PKI, our packaged PKI-in-a-box Extra Small EJBCA Appliance Small EJBCA Appliance Medium EJBCA Appliance Large EJBCA Appliance Extra Large EJBCA Appliance Browse EJBCA Appliance Documentation Code Signing Appliance Validation Authority Appliance Time Stamp Appliance h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Bank-Verlag – Launching an eIDAS-compliant trust center for the German banking industry Benefits of PKI at Zenefits Malaysian bank opts for PrimeKey PKI Appliance ITCARD – Smooth sailing with secure Point of Sales Stay up to date with our newsletters PrimeKey headquarters h5|EJBCA Enterprise, PKI Appliance PKI Appliance, Cloud MDM Internal CA system, Integrated Turn-Key PKI platform Point of Sales, PKI Appliance sp|PrimeKey PKI hardware appliance * Extra Small EJBCA Appliance Small EJBCA Appliance Medium EJBCA Appliance Large EJBCA Appliance Extra Large EJBCA Appliance * * * * * * PrimeKey * * * * * * Certificate validation services can include access to Certificate Revocation Lists (CRL), Online Certificate Status Protocol (OCSP) and CA chain certificate downloads. A Certificate Authority is responsible for feeding the Validation Authority with certificate status updates based on the defined policy. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|A Validation Authority (VA) is a provider of certificate validation services. How can we help? h1|What is a Validation Authority? h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * Why do you need to protect your digital infrastructure? Business leaders see securing enterprise data and communication as critical to brand protection and growth ability. There may be unique reasons that are specific to your industry, but most reasons are universal in the connected world today. Here are three main motivations for securing your data and communication: With PrimeKey products and solutions, you can decrease the risk of anyone attacking your company and accessing sensitive information or data. Most companies today are dependent on their digital infrastructure. Employees can’t work without it, machines are controlled by it and we rely heavily on the infrastructure for making business run. Therefore, the need for proper protection is critical for most organizations. Being able to control precisely who gets access to which data at what time, gives you the possibility for new business solutions. Most companies have valuable information that, if used properly, can benefit their customers and create more revenue. Digitalization is one of the strongest trends in the world today and it brings a vast amount of advantages for individuals as well as the society. Remote regions will have fast 5G connections, healthcare will become more tailored to individual patient needs, on-demand manufacturing will increase efficiency, transport and supply chains will be even safer and with lower the environmental impact. People and cultures will be even more interconnected. In 2025, there will be 10 times more data created or copied than in 2016. It is estimated that by 2035, there will be a trillion IoT (Internet of Things) – a thousand times more than today. Hackers gaining access to customers lists, login credentials, etc. and publishing them online… Overrunning communications to machines in factories and causing breakdown… Disguising malware code in software and stealing credit card information, surveilling users, etc… Hacking smart cars and tampering with crucial functionalities, such as brakes… Using a specific brand of IoT devices to perform DDOS (Distributed Denial of Services) attack… Hacking into IoT devices and watching homes, talking through baby monitors and more… Simply put, EJBCA is a software that issues and manages digital certificates. Certificates are issued to entities such as users, devices, webpages, passports, smartcards, gadgets etc – basically to anything able to rely on electronic information. The provisioning of certificates to either devices or tokens basically enables two things; it gives a device or a token an identity, and it provides the means to setup a secure (encrypted) communication channel. Which combined also enables verification of information authenticity. By introducing certificates in to your organization you will get the means to identify, trust and securely communicate with any entity throughout your entire system. SignServer software is used to digitally sign documents and code. Digital signatures can be used for many purposes. Use SignServer for signing PDFs or other documents, to ensure the origin of software code or to ensure that a transaction was in place at a certain time. Signatures from SignServer can tell you exactly who performed the signature and at what time it was issued. PKI Appliance is “PKI in a box”, where you get software and hardware in one. Implementing a full PKI solution is a complex task, involving software, hardware and organizational structures. In short, it can be a hassle. The PrimeKey PKI Appliance is a Turn Key PKI solution that greatly simplifies the implementation and maintenance. You get access to the advanced functionality of EJBCA Enterprise and/or SignServer, without the need for the complex and time consuming implementation projects and integration of several technologies needed to run a PKI. The PrimeKey SEE, Secure Execution Environment, is a physically and cryptographically secure hardware where you can run your own applications. What this means is that you can put your data or your application on the SEE, place it in environments that has lacking physical security, and still feel secure that noone can tamper or steal your property. A simple example of the usage is that you can put your business critical software in the middle of a factory floor, in countries where copyright laws aren’t fully effective. Fill in your contact information below and we will get in touch with you. PKI is short for . In its simplest form, it is a way to secure communication in an insecure environment (such as the Internet), through knowing the identity of involved parties and knowing that the message is untampered. By doing this, PKI is the backbone of most IT Security Solutions today. Exactly how this is done is a more complex story. PKI technology is based on Private and Public Keys. The public key encrypts the message so that it can be safely sent over the Internet. The reciever then decrypts the message with the help of the corresponding private key. So far so good. But how do you know that the keys belong to who you think? That is where you need certificates. Certificates can be simply described as identity cards that are issued by trusted authorities and that ensure that the encrypted messages are sent and received by the correct entities. At PrimeKey, we are passionate about encryption, certificates, keys and IT Security. If you let us, we could talk about it for hours and let you know more about how it can be used for authentication, how you probably already use it today, how it is a full infrastructure involving software, hardware, policies, etc. We love to share our knowledge. So if you have further questions about the technology involved, see our short films below, read more about our products here on the website or contact us today. The importance of IT Security PKI – found in almost all IT security PrimeKey IT Security Solutions PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. li|PrimeKey in 3 minutes Share page st|Scary stories about those who do not use PrimeKey How can we help? h1|in 3 minutes h2|Data security solutions are becoming increasingly common. What we do – Contact PrimeKey There is a lot of talk about PKI Examples of how we succeed the need for security, PKI found everywhere, and IT security solutions. h3|Welcome Exposed customers Factory malfunction Installing malware Safety breaches Causing overload Privacy breaches EJBCA SignServer PKI Appliance SEE h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Decrease the risk of attacks and data loss Secure your assets Enable new business Siemens – Ingenuity for life and safe communications SGS – When you need to be sure DigiSign – Growing business more safely and quickly Benefits of PKI at Zenefits Stay up to date with our newsletters PrimeKey headquarters h5|IoT Document Signing, Inspection, Verification, Testing, Certification Certificate Authority, Time Stamping PKI Appliance, Cloud MDM sp|PrimeKey PrimeKey We safeguard your customer experience With the benefits of digitalization and sheer volume of data and devices, comes a number of risks due to the characteristics of digital data, since it is easy to transport, replicate and modify. Already today, there are problems with unauthorized data thefts of all kinds, affecting us as citizens, companies, and even countries. This is why cybersecurity is on a lot of minds right now. When dealing with security, it is an absolute requirement to have the ability to decide who is entitled to access a certain asset. Everything else is built on top of this fundamental requirement to secure identities. To put it simply, PrimeKey sets secure identities for people, computers and things. Based on the secure identities, the information exchange in the digitalized world can be protected by encryption, and digitally signed to assure it has not been modified. This enables services such as secure digital transactions, encrypted data transport and storage, secure software updates. Furthermore, this allows creation of new business models based on secure access to information. Many computer systems use these technologies today, but the number of machines with intelligence grows with digitalization, and consequently the need for our technology only increases. Any IT solution connected to the Internet must use encryption and signing. If not, it can’t be trusted. This is why PrimeKey is selected by large corporations and governments all over the world to safeguard their customer experience. selected products EJBCA SignServer PKI Appliance SEE * * * * * * – but what is it? See our short films about PrimeKey * * * * * * A Certificate Authority (CA) issues, renews, manages and revokes digital certificates. A CA signs certificates with its private key and is the trust anchor for the issued certificates. The Certificate Authority private key is normally stored in a Hardware Security Model (HSM). PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|A Certificate Authority manages the certificate lifecycles for people, servers or things. How can we help? h1|What is a Certificate Authority? h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * C2 Company, a PrimeKey company, is looking to add talented DevOps Engineers to our existing team in San Mateo, CA. The PrimeKey DevOps Team is deploying a SaaS-based implementation of PrimeKey’s world-leading PKI solution. The solution will use containers and Kubernetes, rest within the Amazon AWS infrastructure, and use the most relevant AWS components to Test, Build, Deploy, Monitor and Scale the PrimeKey SaaS offering. If you are passionate about security, have the demonstrated technical chops, are a believer in collaboration and working with like-minded individuals, this may well be the place for you. We are looking for candidates that have proficiencies with containers and Kubernetes, AWS services, are knowledgeable with PKI, DevOps, and automation, have some network administration skills and are proficient with Linux, are fast learners and excited about new technologies, can work toward and maintain project schedules and deadlines, are comfortable working with others, and have excellent customer facing skills. Candidates must be highly self-motivated with passion for excellence, quality, and attention to detail. This position is open to multiple levels of experience. Candidates with 4 to 10 or more years are preferred. Candidates should have a minimum of 4 years successful experience and have the ability to quickly grasp new technologies. The Devops Engineer will work directly with the PrimeKey team, and occasionally with clients, and will be responsible for understanding industry standards and best practices, keeping current with emerging technologies, and will have the willingness to learn new technologies and improve their technical skills. PrimeKey has acquired C2 Company in California, a move which significantly strengthens the company’s presence in the United States. C2 Company, known for successfully providing complex PKI, network, and security integration services to an impressive list of customers throughout the country, is an ideal organization for PrimeKey to leverage. PrimeKey, authors of EJBCA and SignServer, experts in PKI and Code Signing, has been rapidly expanding in recent years and has a growing list of customers globally and in the US with new products regularly hitting the market. Part of PrimeKey’s growth strategy includes expanding into important markets such as the US. The acquisition of C2 Company, with many years of experience working with PrimeKey, establishes an immediate and effective presence in the US with a strong organization and experts in PrimeKey’s offerings. In effect, this acquisition accelerates PrimeKey’s ability to serve the US market. For further information and applications, please contact: PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Open positions Build containers or add layers to existing through Jenkins CI/CD pipeline Run containers in Kubernetes, AWS ECS, AWS EKS Automate provisioning and deprovisioning of various infrastructure using Ansible or other Communicate to user application through AWS SQS Send all control and application logs to a centralized logging system Establish continuous integration and testing Be proficient or generally knowledgeable about PKI, PKI services, and PKI concepts Validate the redundancy, stability, performance, interoperability, security, and scalability of infrastructure systems Design, maintain and supervise infrastructure system images, monitoring and patch management Research, propose, maintain and document standards for all systems as well as forward-looking strategies for satisfying business needs and maintaining customer’s technical currency with systems in use Stay on top of industry trends and new technologies to determine direction and service improvements to continue our competitive edge in the technology of our systems architecture Ensure proper security, monitoring, alerting and reporting for customer’s infrastructures Act as the technical lead on large/complex systems and infrastructure projects Interface with stakeholders to understand needs and requirements Determine design and present option(s) based on constraints (such as cost, resources, security, usability, reliability, maintainability, availability, integration with existing applications, systems, and platforms, etc.) Implement and/or oversee implementation of solutions, document design specifications, installation instructions and ongoing maintenance required for solution delivery Manage Identify Provider integrations and configuration Coordinate with external IT consultants and vendors as needed Act as level 3 support for help desk escalations, where applicable Other projects and duties as assigned 4+ years working as a DevOps Engineer supporting a production AWS environment. You are a strong developer versed in Node.js, React, AngularJS, Python, or other development languages. You have implemented a full CI/CD stack, including identification of best tooling, documentation, setup and continual improvement needed to sustain the environment. You have created and deployed containers with Kubernetes You have implemented open source monitoring solutions to detect, trigger remediation of the issue, and ultimately fixing the problem. Knowledge and application of a wide range of tools and technologies in software development. Comfort with higher testing and deployment frequencies. Knowledge of IT Service Management Systems. Experience with data management. Strong base of operating systems and network basics through school, certification, or applicable experience Knowledge and experience with PKI and Digital Certificates Experience with Linux Proficient with Cloud technologies Can demonstrate knowledge of protocols Excellent problem solving and analytical skills Strong organizational skills and the ability to handle multiple projects simultaneously while meeting deadlines Possess excellent oral and written communication skills with the ability to communicate at both a technical and business level with technical staff and/or Executives You are a Super Team Player and will complete your responsibilities with minimal supervision. Experience supporting/operating mission critical production environments. The ability to identify and eliminate organizational silos by embracing team collaboration and communication. The determination to achieve business outcomes. The need to create efficiency and the ability to use automation tools to achieve the desired outcome. A strong understanding of process reengineering and migrations from manual to automated processes. Project management skills to support timelines and commitments. Systems and Network Security Experience and or proficiency with various monitoring and troubleshooting tools, or various application response time monitoring tools DevOps and Automation Ansible, Jenkins Scripting and Development Java Application Servers, JBoss, Wildfly Database, MySQL, MariaDB, MSSQL B.S. Computer Science or the demonstrated professional experience. ITIL V3 or V4 Agile Development, Project or Program Owner experience. Share page st|Description: Tasks may include: Education Requirements: How can we help? h1|DevOps Engineer h2|Join our team in the US Application h3|Welcome The role Desirable qualifications About PrimeKey h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * em|Please note: No recruiters, direct candidates only. It is responsible for receiving certificate signing requests – for the initial enrollment or renewals – from people, servers, things or other applications. The Registration Authority verifies and forwards these requests to a Certificate Authority (CA). A Registration Authority is also responsible for receiving other functions. For example, revocation. The RA implements business logic to accept requests, including methods for verifying the origin of the requester and the party that should have the certificate. A Registration Authority is usually separated from the Certificate Authority for accessibility and security reasons. The RA is accessed via a user-friendly GUI or via integration friendly APIs and standard protocols. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|A Registration Authority (RA) is a function for certificate enrollment used in . How can we help? h1|What is a Registration Authority? h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * The Zenefits web portal allows both users and company administrators to manage and integrate every aspect of the employee hiring process – from signing NDAs to displaying benefits and submitting time-off requests for approval. Zenefits wants to be the most comprehensive and easy-to-use service for both businesses and employees. Established in February 2013, Zenefits wanted to shake up the human resources software industry by offering free and innovative cloud services. Zenefits provides businesses with an online platform for employee on-boarding, payroll, benefits and annual leave tracking. Due to its meteoric growth and the need to secure services and end points, Zenefits sought to implement a robust PKI solution in a short amount of time. The requirements included a PKI solution that was turnkey, robust in security, and easy to administer. Most importantly, the solution must have the flexibility to integrate with cloud-based device management services to enable large scale provisioning of certificates to computers. After evaluating multiple PKI solutions, Zenefits chose the PrimeKey PKI Appliance. C2 Company, the US tier one partner of PrimeKey Solutions, helped deploy the system within a one-week period. By deploying the PrimeKey PKI Appliance, Zenefits has been able to implement a multi-tiered PKI system quickly and securely that will serve as a centre of trust for distributing digital certificates.We think Zenefits will benefit from deploying the PrimeKey PKI Appliance in both the short and the long term. For more info contact: PrimeKey EJBCA Appliance offers the most cost-efficient, easy and secure way to deploy an enterprise PKI system. We’d love to help you succeed. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. li|Share page st|How can we help? h1|Benefits of PKI at Zenefits h2|Products used for this customer Get in touch with us h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions PKI Appliance, Cloud MDM EJBCA Appliance Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey * * * * * * PrimeKey * * * * * * Ready-to-use digital signature hardware appliance and cost-efficient maintenance for your digital signing solution Our digital signature hardware appliance, PrimeKey SignServer Appliance, offers the easiest and most cost-efficient deployment of your signing solution without the hassle of complex installations and integration procedures. By delivering strongly on security, performance and simplified maintenance, SignServer Appliance empowers your security team to focus on aspects of the solution that are more directly beneficial to your business — the core signing procedures and integration with your business applications, automation and control. SignServer Appliance is based on the server-side signing software that brings extensive support for several signing use cases and the corresponding signature formats. SignServer Appliance is packaged to support your use cases and needs. It comes in five different hardware appliance models: With our digital signature hardware appliance and the integrated FIPS 140-2, level 3, certified Hardware Security Module (HSM), you get maximum flexibility, control and security for your digital signature use cases. SignServer Appliance can be thought of as “signing in a box”. It combines our SignServer Enterprise software with a secure technology stack and enterprise-grade hardware, including an HSM. The built-in HSM comes with two different performance levels, standard and high-speed performance, and a single instance of SignServer Appliance also offers you the possibility to host multiple tenants from different organizational units or customers, reducing any need for several, dedicated digital signature hardware appliance units and HSMs. Manufactured from our comprehensive experience and expertise, SignServer Appliance succeeds in making your signing solution robust, cost efficient and more scalable. Get the model you need for your use case today and allow the SignServer Appliance to support you when your use cases are evolving and growing. With PrimeKey Support & Maintenance, you will get continuous updates of your PKI solution and professional support for any questions you may have. li|SignServer Appliance SignServer Code Signing hardware appliance for all your code signing needs SignServer Document Signing hardware appliance for all your document signing needs SignServer Time-Stamp Authority (TSA) hardware appliance for all your time-stamping needs SignServer Appliance for all your digital signatures needs, Code and Documents signing and TSA SignServer ePassport Appliance for travel document signing Share page st|with an integrated HSM How can we help? h1|SignServer hardware appliance h2|Document signing, code signing, time-stamping and more Use Cases PrimeKey Support Contact h3|Welcome Browse SignServer Appliance Documentation h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Code Signing Solution Time Stamp Appliance Code Signing Appliance Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey * Digital signature hardware appliance with different performance capabilities * * * * * * PrimeKey * * * * * * A server-side, PKI-based digital signature software used to sign digital documents, PDFs and code Electronic signatures, Digital signatures, e-sign, e-signature… There are many names for digital signatures, and our digital signature software SignServer Enterprise enables them all. Server side digital signatures give maximum control and security, allowing your staff and applications to conveniently sign code, digital documents and PDFs. SignServer Enterprise comes as our turn-key , or as flexible software, described below. SignServer Enterprise is a server-side digital signature software, based on PKI signing used to sign any digital document. Use SignServer Enterprise to sign code, PDFs, ePassports, and more. To generate digitally signed time stamps SignServer Enterprise can be used as the time stamp unit within a Time Stamp Authority (TSA). Offering both RFC 3161 and MS Authenticode time-stamps, SignServer Enterprise includes monitoring of time synchronization compliant with the strictest regulations. Time stamps are normally used together with eSignatures to provide proof that a document existed before a certain time, and can also be used together with advanced signatures to ensure long-term validation of archives. The PDF signer in our digital signature software SignServer Enterprise adds server generated digital document signatures to any received PDF. Thanks to PKI signing and a flexible authorization system you can easily control who is allowed to sign documents, and the PDF signer is ideal for organizationally authenticated documents such as receipts, invoices, regulatory documents and supports long term archival Most needs are fulfilled by SignServer Enterprise, offering the capability to sign different types of code, such as Windows executables, Java applications/libraries, Android applications, firmware for hardware devices, drivers and apps. Different code signing needs are served by different signers: SignServer Enterprise comes with a built-in plug-in for Machine Readable Travel Document (MRTD) signing. MRTD is implemented worldwide within electronic passports mandated by . SignServer Enterprise is used both for MRTD signing and for CSCA master list signing. PrimeKey understands that organizations have unique business challenges, including security requirements, budgets and the availability of internal resources. We give you the choice to combine Software Appliance, Hardware Appliance and public Cloud deployments for your PKI and signing solution. This means the infrastructure can be deployed in the manner best suited to your business needs and can grow flexibly and expand over time. Fill in your contact information below and we will get in touch with you. PGP Code Signer DNSSEC Signer SignServer also has the ability to develop custom plug-ins, ensuring maximum customer benefit. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. li|SignServer Enterprise A digital signature software with high performance and high availability. Operates on behalf of business applications. Designed to perform automated signatures (and other cryptographic operations on digital documents). SignServer Enterprise is easy to adapt to customer specific needs by using plug-ins. MS Authenticode (for Windows code signing) JAR signing (For Java and Android code signing) CMS/PKCS#7 Plain signature TSA, RFC 3161, RFC 5816 and Authenticode compliant Time Stamp Authority PDF CMS/PKCS#7 Authenticode for signing Windows executable files, installer applications and Universal Windows Platform apps/APPX JAR signing for signing Java and Android files Debian package signing Plain signature, for generic signing XML and XAdES (signing and validation) ePassport MRTD signer compliant with ICAO ePassport CSCA master list signer compliant with ICAO ePassport signer suitable for signing deviation lists compliant with ICAO Share page st|How can we help? h1|Digital signature software – SignServer Enterprise h2|Electronic vs digital signatures Selected Successful Implementations Deployment options – Software, Appliance, Cloud or Hybrid Contact us for more information about our digital signature software SignServer Enterprise h3|Welcome This is our digital signature software Time stamp authority Signing PDFs with our digital signature software Code Signing with SignServer Enterprise Signing ePassports with our digital signature software Selected blog posts on SignServer Avoid managing a myriad of code signing solutions Signed, Sealed, Delivered! Code Signing Makes Software Yours Supported Signers In SignServer h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions SGS – When you need to be sure DigiSign – Growing business more safely and quickly Turkish Delight – or how to issue 10,000 high-quality e-Passports every day Stay up to date with our newsletters PrimeKey headquarters h5|Document Signing, Inspection, Verification, Testing, Certification Certificate Authority, Time Stamping E-passports, Turkey Code signing is here to stay as all organizations that plan to distribute code or other data over the Internet risk corruption and tampering. [...] Code signing is increasingly common and critically important. It ensures provenance, authenticity, and integrity. [...] sp|PrimeKey * * * * * * * PrimeKey * * * * * * Concepts for interconnected machines and systems in IoT and (I)IoT require that these components “know” each other and trust each other. This can only be achieved if each system is given a digital identity. The digital identity enables secure communication and updates. Business data generated by the solution can be trusted and updates can be performed in a reliable manner. These functions are fundamental for a trusted IoT solution and also what makes new business models possible. But what identity and when should it be issued to a machine or the system? Ideally, the identity should be issued directly during production of the individual components and/or when these components are assembled into a final product, machine or system. Only at this stage the necessary information is available to create the initial birth identity that enables a smart and trusted supply chain for that particular product. Flexibility and adaptivity are key for a successful manufacturing environment and when integrating PKI and certificate issuance, these solutions must also have these capabilities. In a PKI, the Registration Authority (RA) is responsible for the certificate issuance process, including the validation of the identity information that should go into the certificate. The PKI service/ Certificate Authority (CA) is responsible for the actual signing of the certificate. It is recommended that the CA and the RA are physically separated thus allowing the CA to reside in a secure environment with only minimal access, while the RA can reside “closer” to the actual issuing process. In a manufacturing environment this means that the RA is located on the manufacturing floor (see the illustration). The RA has to the have the ability to adapt to an existing production process without any loss of availability or trust. PrimeKey offers an industry-first solution, , for implementing an RA directly into a smart manufacturing environment. Read about PKI in manufacturing. The industrial Registration Authority (RA) requires extended flexibility and robustness compared to classic Public Key Infrastructure RAs. PrimeKey introduces its new groundbreaking industrial PKI solution designed and engineered to meet the demands of Industry 4.0. PrimeKey has vast knowledge and experience in partnering with leading software and hardware vendors, utility providers, car manufacturers and system integrators to secure their software distribution chain. Contact us if you have any questions and we’ll do our best to help you. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. li|Share page st|PKI in manufacturing – Creating an industrial PKI Registration Authority Register for our webinar: Securing Industry 4.0 – Introducing the first industrial PKI solution to secure smart supply chains. Code signing software that prevents harmful software code How can we help? h1|Secure supply chains starting at the product assembly line h2|The importance of digital identities when securing supply chains The defacto standard for digital identities is PKI certificates h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey * * * * * * PrimeKey * * * * * * Providing the secure foundation needed to unlock the potential of smart meter technology. and the legal frameworks and regulatory requirements surrounding the roll-out of smart metering infrastructures are thorough, forcing utility providers to adapt and invest. While the necessary investments are significant, smart meters also provide significant opportunities. A smart metering infrastructure can help combat climate change, while delivering savings to consumers. For utility providers, smart meters give access to valuable data and enable the development of value-added services that protect revenues, differentiate services and reduce customer churn, while cutting operating expenses and improving grid management. Furthermore, smart meters enable the reduction of energy consumption, waste, and emissions, and will be one of the fundamental enablers for the future smart grids where bigger variations in supply will be an unavoidable parameter. A key obstacle to deliver on these promises? Security and privacy concerns. A fundamental part of what is “smart” in the context of smart meters is that the infrastructure is connected to the Internet. It enables a continuous flow of data between the consumer and the utility provider, but it also exposes the infrastructure to third parties. Several markets have already seen smart meters being hacked, and the potential threats are vast; from a damaged brand reputation to billing fraud and ultimately, power failures. This, of course, are raising smart meter security concerns. To realize the promises of smart meter security, utilities need to take several security-, data protection-, and privacy considerations into account, including: These considerations can all be handled using digital certificates. Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. This enables secure communication between parties and provide security through identity and services built on top, including authenticity, integrity, confidentiality and non-repudiation. For utility companies or integrators looking to build a security smart metering infrastructure, the right PKI solution can be a one-stop shop. The legal framework for smart metering in EU is mainly set by the Directives on the internal markets for electricity and gas (2009/72/EC & 2009/73/EC) and the Directive 2006/32/EC on energy end-use efficiency and energy services. Directive 2004/22/EC on measuring instruments contains relevant technical provisions for metering devices, also applicable for smart metering. Other Directives encouraging, but not requiring, advanced or intelligent metering systems to promote energy savings and demand response are Directives 2005/89/EC and 2010/31/EC. In addition, more general regulation like General Data Protection Regulation (GDPR) is greatly impacting how utilities gather, store, handle and use the data generated from smart meters. To ensure utility companies’ compliance with current and regulatory frameworks, including general regulations like GDPR and smart metering-specific regulations like Directive 2009/72/EC, Directive 2009/73/EC, Directive 2006/32/EC and Directive 2004/22/EC, a scalable and flexible way of ensuring data protection, privacy and security needs to be considered. Specifically, the smart meter security solutions selected should be able to: PrimeKey Public Key Infrastructure and Certificate Management solutions enable utilities to stay compliant with current and future regulatory demands while delivering the data protection, privacy and security necessary for a resilient smart meter infrastructure. One of the world’s leading companies for PKI solutions, PrimeKey has developed successful technologies such as , SignServer Enterprise and PrimeKey PKI Appliance. PrimeKey is a pioneer in open source security software that provides businesses and organizations around the world with the ability to implement security solutions such as e-ID, e-Passports, authentication, , unified digital identities and validation. Able to protect virtually any area of technology, PrimeKey’s solutions is a perfect fit for a utility provider looking for a proven, scalable and flexible way of securing a smart metering infrastructure. Trusted by governments and world-leading companies alike, PrimeKey secures the most critical infrastructure on the planet, including national e-IDs, mobile communications and industrial IoT solutions. li|Smart Meter Security Protecting the integrity of the device at the consumers premises – ensuring the software is not tampered with. Proofing and protecting the integrity and origin of data sent between the consumer premises and utility. Authenticating the identities of the parties in communication. Protecting the data from unauthorized access when in transit between consumer premises and the utility provider. Ensuring regulatory compliance of data access when stored by the utility provider. Adapt to various use cases including current and future regulatory demands. Have configurable profiles to enable different access levels to data wherever it is stored. Have integration interfaces to other 3rd party systems to enable compliance across platforms and systems. Common Criteria certified Detailed audit and transaction logs Role-based authorization Hardware security modules Designed for scalability and reliability Service availability across maintenance windows Scalability and availability using clusters Configurable profiles supporting diverse use cases and standards Integration interfaces, supporting standard protocols and web services Designed for high levels of automation Supports different deployment scenarios Available as Software, Appliance, in the cloud and hybrid deployments ETSI/eIDAS and WebTrust-compliant Enabling GDPR-compliance across platforms and systems Future-proof and flexible to support regulatory demands of the future. Share page st|Smart meter security How can we help? h1|Smart Meter Security h2|Smart Meter Security Possibilities Ensuring data protection, privacy and security when implementing Smart Meter Security Meeting the Regulatory Demands of Smart Meter Security PrimeKey is Creating Trust for the Connected Society Get in touch with us h3|Welcome Key features for Smart Meter Security High Security and Reliability Flexibility Regulatory Compliance h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey * * * * * * PrimeKey * * * * * * Harmful code is a threat to users and organizations alike, as criminal groups and even governments use malicious software to steal and monitor data, extort money or empty your bank account. To be able to digitally sign executable files such as applications, libraries and drivers is important whenever software is being distributed over insecure networks (internal or the Internet) or stored on untrusted media. A code signing software that creates digitally signed code ensures that the software running on computers and devices is trusted and unmodified. A code signing tool creates code signing which is the process of digitally signing executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was signed. The most common use of code signing is to provide security when deploying software, for example installing and updating applications on your computer, on your smart phone or tablet or your home appliances, such as smart TV or network router. The digital signature on the software is used to verify the identity of the author of the software and that the software has not been modified. With this verified, the system (computer, mobile, industrial system etc) can allow the software to be installed. Instead of managing a myriad of distributed “code signing islands” where each team has its own solution, using a central code-signing software simplifies administration, improves security and lowers cost. With a centralized signing tool the code signing capabilities are easily controlled from a single location, and the risk of code signing keys being lost or stolen is significantly decreased. The cost of keeping signing keys under control is lowered. Using a central code signing software makes it easy to achieve and enforce a strict audit record of who signed what. Some organizations demand this because of external audit requirements. While others need it to maintain trust in their brand, where maintaining good policy and audit records assure that the users of their products are not exposed to unnecessary risks of malicious software. A primary reason to use a secure, centralized code signing software, is to keep code signing keys protected. The keys are kept securely in a Hardware Security Module (HSM code signing), mitigating the risk of any key being stolen or used illegitimately. li|Share page st|How can we help? h1|Code h2|Code signing software that prevents harmful software code Code signing software that enables safe applications for smart devices A central code signing software is superior Get your Open Source Code Signing Software as Contact us h3|Welcome Open Source code signing tool that is easy to control Policy and Audit compliance Code signing software for protection of Signing Keys Selected Code Signing blogs Code signing is here to stay as all organizations that plan to distribute code or other data over the Internet risk corruption and tampering. [...] In “Signed, Sealed, Delivered,” Stevie Wonder sings “You’ve got the future in your hand — signed, sealed, delivered, I’m yours.” That is not much different from what happens with software and firmware code signing today. [...] h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions SignServer Enterprise SignServer Appliance SignServer Cloud Stay up to date with our newsletters PrimeKey headquarters h5|Avoid managing a myriad of code signing solutions Signed, Sealed, Delivered! Code Signing Makes Software Yours sp|PrimeKey signing software * * * * * * PrimeKey * * * * * * C2 Company, a PrimeKey company, is looking to add talented developers to our existing team in San Mateo, CA. The PrimeKey DevOps Team is deploying a SaaS-based implementation of PrimeKey’s world-leading PKI solution. The solution will use containers and Kubernetes, rest within the Amazon AWS infrastructure, and use the most relevant AWS components to Test, Build, Deploy, Monitor and Scale the PrimeKey SaaS offering. If you are passionate about security, have the demonstrated technical chops, are a believer in collaboration and working with like-minded individuals, this may well be the place for you. We are looking for candidates that have proficiencies with programming languages such as Java, Go, JavaScript, Python. Infrastructures using containers and Kubernetes, AWS services, are knowledgeable with PKI, devops, and automation, have some network administration skills and are proficient with Linux, are fast learners and excited about new technologies, can work toward and maintain project schedules and deadlines, are comfortable working with others, and have excellent customer facing skills. Candidates must be highly self-motivated with passion for excellence, quality, and attention to detail. This position is open to developers with multiple levels of experience. Candidates with 5 to 10 or more years are preferred. Entry level candidates should have a minimum of 5 years successful experience and have the ability to quickly grasp new technologies. The Developer will work directly with the PrimeKey team, and occasionally with clients, and will be responsible for understanding industry standards and best practices, keeping current with emerging technologies, and will have the willingness to learn new technologies and improve their technical skills. • Software development in and around our SaaS and other PrimeKey related projects • Build Jenkins CI/CD pipelines • Post developed code to github • Establish continuous integration and testing • Be proficient or generally knowledgeable about PKI, PKI services, and PKI concepts • Validate the redundancy, stability, performance, interoperability, security, and scalability of developed code • Research, propose, maintain and document standards for all systems as well as forward-looking strategies for satisfying business needs and maintaining customer’s technical currency with systems in use • Stay on top of industry trends and new technologies to determine direction and service improvements to continue our competitive edge in the technology of our systems architecture • Interface with stakeholders to understand needs and requirements • Determine design and present option(s) based on constraints (such as cost, resources, security, usability, reliability, maintainability, availability, integration with existing applications, systems, and platforms, etc.) • Implement and/or oversee implementation of solutions, document design specifications, installation instructions and ongoing maintenance required for solution delivery • Act as level 3 support escalations, where applicable • Other projects and duties as assigned • 5+ years working as a Software Developer. • You are a strong developer versed in Java, Go, JavaScript, Node.js, React, AngularJS, Python, or other development languages. • You have implemented a full CI/CD stack, including identification of best tooling, documentation, setup and continual improvement needed to sustain the environment. • Knowledge and application of a wide range of tools and technologies in software development. • Comfort with higher testing and deployment frequencies. • Knowledge of IT Service Management Systems. • Experience with data management. • Strong base of operating systems and network basics through school, certification, or applicable experience • Knowledge and experience with PKI and Digital Certificates • Experience with Linux • Proficient with Cloud technologies • Excellent problem solving and analytical skills • Strong organizational skills and the ability to handle multiple projects simultaneously while meeting deadlines • Possess excellent oral and written communication skills with the ability to communicate at both a technical and business level with technical staff and/or Executives • You are a Super Team Player and will complete your responsibilities with minimal supervision. • Experience developing for mission critical production environments. • The ability to identify and eliminate organizational silos by embracing team collaboration and communication. • The determination to achieve business outcomes. • The need to create efficiency and the ability to use automation tools to achieve the desired outcome. • A strong understanding of process reengineering and migrations from manual to automated processes. • Project management skills to support timelines and commitments. • Systems and Network Security • Experience and or proficiency with various monitoring and troubleshooting tools, or various application response time monitoring tools • Devops and Automation • Ansible, Jenkins • Scripting and Development • Java Application Servers, JBoss, Wildfly • Database, MySQL, MariaDB, MSSQL • B.S. Computer Science or the demonstrated professional experience. • ITIL V3 or V4 • Agile Development, Project or Program Owner experience. PrimeKey has acquired C2 Company in California, a move which significantly strengthens the company’s presence in the United States. C2 Company, known for successfully providing complex PKI, network, and security integration services to an impressive list of customers throughout the country, is an ideal organization for PrimeKey to leverage. PrimeKey, authors of EJBCA and SignServer, experts in PKI and Code Signing, has been rapidly expanding in recent years and has a growing list of customers globally and the US with new products regularly hitting the market. Part of PrimeKey’s growth strategy includes expanding into important markets such as the US. The acquisition of C2 Company, with many years of experience working with PrimeKey, establishes an immediate and effective presence in the US with a strong organization and experts in PrimeKey’s offerings. In effect, this acquisition accelerates PrimeKey’s ability to serve the US market. For further information and applications, please contact: PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Open positions Share page st|Description: Tasks may include: Desirable qualifications: Education Requirements: About PrimeKey How can we help? h1|Software Developer in San Mateo h2|Application h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * em|Please note: No recruiters, direct candidates only. Electronic passports are modern security documents with many security features, and functions such as and plays an important role in the solution. Several components are required in order to produce and inspect ePassports. The important security features are standardized by ICAO and the EU. Thanks to the standardization, possible ePassport fraud is easier to detect at member states’ border checkpoints. From a PKI perspective, the ePassport security features can be divided into two categories: Basic Access Control (BAC) ensuring the authenticity of the passport and Extended Access Control (EAC) protecting privacy of fingerprints stored in the passport chip. , PKI and a is needed. , you need PKI and a Directory for different countries ( ). Our ePassport Solution contains all the PKI and digital signature components needed to produce and handle ePassports securely, and your ePassport implementation with country root certification authority and country signing certificate authority will automatically benefit from PrimeKey’s extensive experience in many strategic, mission-critical, large-scale PKI projects. All software within our ePassport offering is reliable during production operations and integrate well with other necessary ePassport technologies. When needed, the software is easily adapted to evolving legal and technical demands. All included technology meet the requirements of ICAO and the EU. PrimeKey’s EJBCA PKI implements Country Signing Certificate Authority (CSCA), Country Verifying CA (CVCA) and Document Verifier (DV). Compliant with the ICAO 9303 and EAC specifications, EJBCA PKI has full support for both RSA and ECC algorithms. A server-side signature service, PrimeKey’s SignServer is suitable for signing biometric ePassport (MRTD) data compliant with the ICAO specification. SignServer stores its keys in a hardware security module (HSM) to enhance security and performance. The NPKD provides a local repository for ICAO PKD objects. In addition to storage, the NPKD validates and controls the distribution of these objects. The NPKD manages content from the upstream ICAO PKD, including master and defect lists. The NPKD distributes this to inspection systems, to ensure that the content is validated and current. In the process of investigating possible ePassport solutions and finding a partner which can help you with Country Signing Certificate Authority as well as Government Root Certification Authority? PrimeKey has worked with several countries to secure the biometric data in ePassports. Contact us today for further guidance! PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. li|Share page st|Government Root Certification Authority Country Signing Certificate Authority How can we help? h1|Government h2|PrimeKey’s ePass Solution and Country Signing Certificate Authority Products used in Success Story Contact PrimeKey to implement Country Signing Certificate Authority and Government Root Certification Authority h3|Welcome Country Signing Certificate Authority and Country Verifying Document Signing NPKD Storage h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions EJBCA Enterprise SignServer Enterprise PrimeKey NPKD Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey Root Certification Authority ePassport Solution * * * * * * PrimeKey * * * * * * em|To produce ePassports To verify ePassports from different countries Android application signing is based on certificates and RSA or ECDSA keys. Android application signing is an essential part of securely developing, distributing and installing android applications and it is a pre-requisite for any application that is to be installed on an Android device. The technology used for Android application signing has continuously evolved by the introduction of new signing schemes. The core idea here is that, while developing and distributing apps within the Android eco system, security and trust for the signing schemes should be maintained by a crypto agile code signing approach. In addition to the original v1 signing schema that is identical to JAR signing, Android applications may now be signed with v2, v3 and v4 signing schemes. Android versions until Android 6 used Android v1 signing scheme. Android 7 introduced v2 signing scheme. Android 9 introduced v3 signing scheme and Android 11 introduced v4 signing scheme. For maximum compatibility and security, Android developers are recommended to sign their applications with all signing schemes. Features in the later signing schemes also improve user experience when installing Android applications. Read our Tech Update to learn more: PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|How can we help? h1|What are the Android signing schemes? h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * A Certificate Authority usually operates in hierarchies where a Root CA certifies itself (self signed) and a subordinate CA is certified (signed) by a superior CA. Most Certificate Authority software solutions work with standard interfaces and protocols so that interoperability can be guaranteed. A Certificate Authority works together with a Registration Authority where the RA issues a certificate request to the CA via a user-friendly GUI or via integration friendly APIs and standard protocols. PrimeKey offers an industry-first solution, for implementing an RA directly into a smart manufacturing environment. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|How can we help? h1|How does a Certificate Authority work? h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * Crypto Agility is a principle for gradually improving security and attack resistance in a secure infrastructure based on cryptography. Any cryptographic algorithm has weaknesses. As cryptographic research and computing power evolves the ability of existing algorithms to protect data privacy and integrity is reduced. In an eco system for distribution and deployment of code, the use of multiple code signatures in parallel enables the code signing system to be crypto agile. New cryptographic algorithms are introduced and new deployment environments are set up to require signatures with stronger cryptography. By increasing the lowest cryptographic strength supported in any target environment where the code is deployed, the use of legacy algorithms may be phased out and the security of the eco system is kept strong enough to resist attacks. Learn more: PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|How can we help? h1|What is crypto agility in code signing? h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * QuoVadis is a leading commercial certificate authority (CA) with operations in Switzerland, Germany, the Netherlands, Belgium, the United Kingdom and Bermuda. QuoVadis provides managed public key infrastructure services (PKI), including shared services CAs that have been audited to international standards as well as dedicated CAs that may be fully customised to a client’s needs. QuoVadis is active internationally in both the market for TLS/SSL certificates as well as end user certificates deployed for digital signatures and authentication. QuoVadis serves as a Qualified Certification Services Provider (CSP/TSP) in several countries, with a significant commitment to independent audit of its security processes and infrastructure for compliance with ETSI and WebTrust standards. QuoVadis’ Trust/Link Enterprise is a rapid-deployment registration authority (RA) that permits companies to efficiently manage the lifecycle of digital certificates across their various departments and use cases. Trust/Link provides the options and control of an in-house CA in a managed service with predictable costs and service levels. Key factors in QuoVadis’ decision to choose EJBCA Enterprise to support Trust/Link were the ability to efficiently manage a large variety of issuing CAs and certificate types and to support its business continuity goals. In addition, QuoVadis required the flexibility to rapidly adapt to evolving standards such as Certificate Transparency (RFC 6962) for TLS/SSL. PrimeKey worked with QuoVadis to provide a seamless transition to EJBCA Enterprise for Trust/Link users, while maintaining the highest security standards. With integration support from PrimeKey, the project was completed within very tight timelines and enabled QuoVadis to be among the early adopters of Certificate Transparency. EJBCA Enterprise is a powerful and flexible Certificate Authority and a complete PKI (Public Key Infrastructure) Management System. We’d love to help you succeed. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. li|Share page st|How can we help? h1|QuoVadis secures leading position h2|Products used for this customer Get in touch with us h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Certificate Authority, Registration Authority, Certificate Transparency EJBCA Enterprise Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey * * * * * * PrimeKey * * * * * * Without even knowing it, you are probably using PKI and PrimeKey technologies on a daily basis. Our PKI solutions and certificates are used in everything from biometric passports to internet banking, smartphones and tablets. You can find our solutions in software distribution and authentication, online identity providers, under the hood of modern cars, Internet of Things (IoT) and more. Public Key Infrastructures are about building frameworks for issuing trusted digital identities to users, servers and things. Continue reading to learn more about PKI and our PKI solutions. The world relies heavily on PKI. Governments, innovative tech startups, and world-leading enterprises are all at risk of catastrophic consequences if their data is not properly protected. There are consequences for their users, customers, and for their brand. PKI is the backbone of most IT security solutions today. PrimeKey uses open standards for our PKI and signing software, providing you with crypto agility. This means that you don’t bind yourself to a certain standard or way of handling your security. With our and signing software, you have access to the source code of the software and this protects you from unforeseen events. With our Open Source PKI solution, you also get: What is PKI? Public Key Infrastructure (PKI) is about building a framework for issuing trusted digital identities to parties, such as users, servers or things. The PKI framework is governed by a set of policies and procedures which define the level of security that should be achieved. PKI typically includes a combination of software and hardware components that together implement functions for Certificate Authorities, Registration Authorities and Validation Authorities that are responsible for issuing and lifecycle manage trusted identities for the users, servers and things. The trusted identities are implemented as certificates and they are the foundation for many security services that implement authentication, non-repudiation and confidentiality. A PKI certificate is a digitally signed document that is similar to a physical identity card or a passport used in the analog world. The PKI certificate, or digital certificate, is a trusted digital identity used to provide and prove the identity of a user, server or a thing when communicating over untrusted networks. A key concept behind this is the use of private and public key encryption, where the public key is stored in the certificate along with information about the owner and some administrative data. The certificate is signed by the issuing CA and the signature is attached in the certificate. The X.509 standard defines the most commonly used formats for digital certificates. In private and public key encryption or asymmetric encryption schemes, a corresponding keypair is used for encryption. One key is used to encrypt a message and the other key in the keypair is used to decrypt. In PKI, one key is called private key and the other key is called public key. The private key is kept secret and should not be used by anyone else than the owner. The public key is public and stored in a certificate. We are passionate about encryption, certificates, keys and IT Security, and we love to share our knowledge. If you have further questions about the technology involved, contact us today or read more about our PKI products below. Our turnkey EJBCA Appliance is the best choice for most medium and large-size deployments — suitable even for managed services and Internet of Things (IoT). PrimeKey EJBCA Appliance has a fixed pricelist and enables you to save months of work and expenses. The Appliance is also particularly useful if you are looking for additional hardware to go with your overall PKI solution, or if you don’t have your own PKI department. EJBCA Enterprise provides you with the basic security services for trusted identities and secure communication in any environment and use case. EJBCA Enterprise enables multiple integration and automation possibilities and issues certificates to persons, infrastructure components and IoT devices. EJBCA Enterprise is flexible, scalable and secure and is installed at numerous ETSI/eIDAS-, WebTrust audited and ePassport reference customers. EJBCA Cloud is a powerful, flexible Certificate Authority and complete PKI in the cloud. EJBCA Cloud PKI is an open source IT-security software for Certificate Issuance and Certificate Management. EJBCA Cloud protects your data and provide safe digital communication when needed. EJBCA Cloud is used for most imaginable PKI use cases and gives you full control of everything you do. Deploy it today in your AWS or Azure cloud. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|high expertise within PKI and IT security and we gladly share our knowledge a flexible and agile product for your benefit over 15 years of experience of working with PKI a product that scales easily as you grow support from experienced experts. Share page st|EJBCA Appliance EJBCA Enterprise EJBCA Cloud How can we help? h1|PKI: h2|Why do you need Public Key Infrastructure (PKI)? PrimeKey customers succeeding with PKI Open source PKI technology and signing solutions PKI is about building a framework About PKI certificates and digital certificates Private and public key encryption PrimeKey PKI products h3|Welcome – our PKI hardware – our PKI software – our cloud-based PKI h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Creating the future of PoS-solutions based on PrimeKey PKI Benefits of PKI at Zenefits Malaysian bank opts for PrimeKey PKI Appliance Siemens – The PKI foundation for Siemens digital growth opportunities Stay up to date with our newsletters PrimeKey headquarters h5|IoT, EJBCA Enterprise PKI Appliance, Cloud MDM Internal CA system, Integrated Turn-Key PKI platform IoT sp|PrimeKey Public Key Infrastructure – about PKI and our PKI Solutions PrimeKey * * * * * * 2018-12-20 Updated on: 10 January, 2020 The webinar has passed, but please see the recording below. Fill in your email address and we will send you a link to the recording. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|How can we help? h1|Webinar: Why PKI in the Cloud? h3|Welcome See the recording of the webinar h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey Every year more organizations move their systems to the cloud. With organizations like AWS and Azure providing increasingly secure operations to companies that require it, the lines between on-prem and cloud are being blurred. PKI, being tied to HSM hardware, has traditionally been an on-prem deployment. With the invention of products such as AWS CloudHSM and Azure KeyVault, these systems can safely and securely be deployed on cloud providers systems. In this webinar we will demonstrate how EJBCA Enterprise is deployed in the cloud and integrated into AWS CloudHSM to create Certificate Authorities and issue certificates. PrimeKey * * * * * * CA Migration and Consolidation Best Practices by PrimeKey For organizations currently utilizing RSA Digital Certificate Solutions it is urgent to find a new PKI solution, as January 31st, 2018 marks the end of the extended support for the product. PrimeKey has helped many organizations to smoothly migrate their PKI solution from RSA to EJBCA Enterprise and we know how to make the process both efficient and secure. To minimize complexity when migrating from RSA Digital Certificate solutions, Primekey have developed a migration tool readily available to organizations moving to PrimeKey EJBCA. The following step-by-step approach make the transition project scope predictable and secure: With the above steps completed, all that remains is the decommission of the old CA:s. PrimeKeys professional services and support staff have successfully conducted a vast number of migrations, and will be there to help you all the way. When migrating to EJBCA, it is common to see a number of benefits beyond the core PKI capabilities: With PrimeKey EJBCA you can rest assured that your organization has a solution that will accommodate current and future PKI needs. The benefits of PrimeKeys PKI solutions include: PrimeKey understands that organizations have unique business challenges, including security requirements, budgets and the availability of internal resources. We give you the choice of and the choice to combine – Software, hardware Appliance and Cloud deployments for your PKI solution. This means the infrastructure can be deployed in the manner best suited to your business needs and can grow flexibly and expand over time. li|RSA Migration Map the existing RSA certificate jurisdictions and extension profiles to EJBCA certificate and end-entity profiles Set up EJBCA Enterprise to access the HSM used for CA keys Configure EJBCA Enterprise with existing CA certificates to support defined certificate and revocation services. Import existing certificates and CRL information using the PrimeKey migration tool. Set up integration points for certificate management Test complete set of end to end use cases and services. An optimized offering of certificate services as old services are discontinued and new services are set up based on more modern standards. Elimination of proprietary and outdated interfaces. A more homogeneous environment that is easier and more cost effective to maintain. . As one of the world’s leading companies for PKI solutions, PrimeKey has developed successful technologies such as EJBCA Enterprise, SignServer Enterprise and the PrimeKey PKI Appliance. These products have been proven in a range of circumstances, from critical telecom and power infrastructure to smart products from several of the world’s most recognized brands and national e-IDs. . Using either PrimeKey EJBCA Enterprise Software or the PrimeKey PKI Appliance you can rest assured that whether you are looking to issue and validate 10 or 10 billion certificates, the solution scales with your business. In addition, a PrimeKey PKI solution can scale across different use cases – from enterprise PKI to large-scale IoT and beyond. . PrimeKey gives you the choice of – and the choice to combine – on premise, cloud, as a hardware appliance or software-only PKI solutions. This means the infrastructure is deployed in manner best suited for your business needs and can flexibly grow and expand over time. Share page st|Proven Scalable Unconstrained How can we help? h1|from RSA Digital Certificate Solution h2|Migrating from RSA PKI A Step-by-Step Guide Benefits of migrating to PrimeKey EJBCA PrimeKey PKI Deployment options – Software, Appliance, Cloud or Hybrid Get in touch with us h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions EJBCA Enterprise EJBCA Validation Authority Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey Migrating to PrimeKey EJBCA * * * * * * PrimeKey * * * * * * Join our headquarters in Solna, Sweden, or our office in Aachen, Germany PrimeKey Solutions AB is one of the world’s leading companies for PKI solutions. PrimeKey has developed successful solutions, such as EJBCA Enterprise, SignServer Enterprise and PrimeKey PKI Appliance. PrimeKey is a pioneer in open source security software that provides businesses and organizations around the world with the ability to implement security solutions such as e-ID, e-Passports, authentication, digital signatures, unified digital identities and validation. PrimeKey has its head office in Stockholm, offices in Aachen and San Mateo and partners in Kuala Lumpur and Washington D.C. We are looking for someone who wants to work with dedicated people, with a modern product and with the world as their workplace. As one of the world’s leading companies for PKI Solutions, we’re booming with expanding business as well as growing personnel numbers. With expansion comes opportunity – are you up for the challenge? PrimeKey is looking for a Scrum Master, but we are not going to give a lengthy list of requirement and desired personal qualities. Why not? We have figured out from experience with hiring that checklists don’t help. Frankly speaking, your personality and your fit with our Primekey family will ultimately decide. We would expect some abilities that our new PrimeKey Scrum Master would be proficient in include: If this job offer sounds appealing to you, we would really look forward to learning more about you. Please briefly describe your motivation and how you would see yourself as Scrum Master at PrimeKey in your cover letter. Your personality and your ability to convince us will weigh more than your CV or any certifications. Please send your CV and cover letter to . For further information, please contact either Manfred in our German office or Dejan in our Swedish office: Manfred Husz Engineering Manager Aachen, Germany Mobile: +49 170 4451836 Dejan Bucar Engineering Manager Solna, Sweden Mobile: +46 709 714 280 We look forward to receiving your application! PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Open positions In a team as Scrum Master According to lean and agile methods Together with extraordinary cool and intelligent people As part of the agile community of practice In either Solna, Sweden, or Aachen, Germany Can keep calm under pressure Patient when needed Have a way with people Headwind feels fascinating and inspiring to you, instead of being drastic Understanding things quickly Sense and sensibility for people and situations Feels bored without constant change and improvement Fitness in theory about Scrum, Agile and Lean Willing to constantly learn and contribute What qualification and education have you had that have helped you to become an experienced Scrum Master? Which success track record can you present from your experience already working as a Scrum Master? Which approach do you have when working with a scrum team as a Scrum Master? How do you think your future working life will look like in detail? What do you expect from your future employer? Share page st|What we can tell you is that you will work: What we would like to know about you: How can we help? h1|Experienced Scrum Master h2|Application h3|Welcome About PrimeKey The role Your abilities & what we want to know about you h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * When building new solutions for IoT, it is important that you can trust each component in the solution from the cradle all the way to when it is being revoked or discontinued. This process begins with establishing one or several secure identities within each IoT component. A starts the trust chain and can be leveraged during the lifecycle of the component to enable secure automatic on-boarding – when changing the owner of the component or when a factory reset is required. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|digital birth certificate How can we help? h1|Why do I need a digital birth certificate? h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * We are looking for someone who wants to work with dedicated people, with a modern product and with the world as their workplace. As one of the world’s leading companies for PKI Solutions, we’re booming with expanding business as well as growing personnel numbers. With expansion comes opportunity – are you up for the challenge? PrimeKey is looking to recruit a highly qualified and motivated Software Developer to one of our growing agile teams in our Aachen office. We live and breathe RSA, X.509, open source and hardware security modules. It is desirable if you have some experience and an interest in this area, however it is of higher importance for us is to find someone who is just bursting with talent, demonstrating a product and customer-oriented mindset and showing readiness to work in an agile way. You have successfully completed a University degree or comparable education in Computer Science, or a comparable scientific subject. To be a good candidate for us, you are most likely: Working at PrimeKey means excellent personal development opportunities. You will be working with some of the best PKI specialists and developers in the world, joining in a pleasant working environment, interacting with highly skilled and engaged coworkers and remuneration beyond just a monthly salary. Our Aachen PrimeKey office is based near the city center, in a nice and modern office building, close to public transportation and sufficient parking space. To apply, please send your detailed CV, cover letter including salary expectations and earliest possible entry date to . For further information, please contact: Manfred Husz Engineering Manager Mobile: +49 170 4451836 We look forward to receiving your application! Please send your CV and cover letter to PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Open positions Work in an agile development team to ensure proper implementation and high customer satisfaction Open-minded and flexible team player with the ability to inspire your colleagues with your expertise. Enthusiastic about working in a dynamic and expanding environment, focusing on with growing focus to making the product success and ensuring customer satisfaction. Interested in Agile ways of working Fluent in English and German Preferably knowledgable of software development in one or more of the following: IT-security, PKI, open source software, Hardware Security Modules and the likes Linux and possibly Linux networking. Java Enterprise, Java / Javascript Bash scripting, Python and C / C++ Optionally: SQL, Embedded Software A long-term employment prospect in a stable and future-proof technology area An open-minded, agile and people-focussed management and company culture Additional group insurances for employees Participation in business bike program Free coffee, tea and soft drinks Good work-life balance Possibility and encouragement for personal and professional growth, with potential opportunities for taking more responsibility as the company expands Share page st|Responsibilities include: PrimeKey offers: How can we help? h1|Senior Software Developer h2|Join our office in Aachen, Germany The role Responsibilities Background and personal qualities About PrimeKey Application Application h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey Design and implement new functionality in our existing products PrimeKey * * * * * * How to prepare for new cybersecurity regulations that are fostering increased accountability The scale, frequency and impact of cybersecurity incidents are increasing, threatening network and information systems that are integral to almost all organizations. With the NIS Directive, the EU has put an ambitious framework in place. When the data protection regulation GDPR came into force, it was widely discussed and its importance soon reached most decision makers – but is the NIS directive on your radar as well? Find out how the directive impacts critical infrastructure and other businesses alike, which frameworks you should implement and how solutions like PKI and code signing facilitate NIS compliance as well as business goals. EJBCA and SignServer reduces the information security risks involved around NIS and related compliance regimes, such as GDPR. If you are interested in investing in a competent PKI and code signing solution, get in touch with us: Get more information on how we can successfully deliver PKI and signing in support of NIS compliance: PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. li|Share page st|PrimeKey’s take on the NIS Directive How can we help? h2|White paper: Sign up for the white paper h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey * * * * * * PrimeKey * * * * * * For large scale business The PKI certificate lifecycle management in EJBCA Enterprise is realized through rich Certificate Authority (CA) services. The CA services implemented in EJBCA cover all areas of PKI use today, and PrimeKey intends to keep this state-of-the-art position. Almost certainly, EJBCA is the best PKI in the world. EJBCA runs on the Java EE platform and is designed to be platform independent, flexible and robust. Essentially, your EJBCA is ready for scale of business, or simply put, large scale of business. The scalability as well as performance grows as you add nodes, add or upgrade your hardware. Our customers run their business critical, round-the-clock, worldwide, complex PKI with certificate lifecycle management that grows as their business grows, with no downtime. We are very proud of that. Typically, our customers reach out to us having one or a few specific business cases that require the use of PKI. supports import of an external root and over ordinate certificates, allowing for dedicated issuance services when/if needed. However, after a while you will see the real strength of EJBCA – within a single deployment of EJBCA, your organization can run multiple CAs, and in fact multiple PKI hierarchies with multiple associated Certificate Authorities. Certainly, each CA can have its own administrator groups. Not only will you achieve centralized and streamlined management, but also reduction in resource needs and reuse of your investment. Traditional Registration Authority services were provided through some fat client, locking on specific licensed machines and particular platforms. EJBCA does this in a much better way. The RA services in EJBCA are accessible through browser interface, allowing you to be flexible in the way your RA administrators perform their work functions. Moreover, EJBCA implements a variety of security protocols that deliver automated RA functions. If you need a specialized and integrated RA that is tied to your business processes, with EJBCA you will use WS API to, for instance, have your subscribers or customers registered as a part of the business process. Automation is the key, and the traditional approach does not work for modern environments. There are two profile types (or templates): the certificate profile and the end-entity profile. The certificate profile is primarily used for policy enforcement, while the end-entity profile is used to control what user- or device specific information goes into the certificates. These two profiles manage all possible types of certificates you can issue from EJBCA. An additional benefit is that you get simplified workflows for enforced policies. EJBCA comes with built-in profiles for typical cases, such as SSL, authentication and code-signing. Different human administrators of EJBCA are granted according privileges to access and operate EJBCA, including the typical ones such as CA and RA operators, but you can also fine-tune these on specific event levels. Certificate lifecycle management enables that All administrators are issued a certificate by the built-in Management CA, and must use this certificate to authenticate towards the EJBCA installation. All security events are stored in a cryptographically protected audit log. This is a feature we brought in for the Common Criteria EAL 4+ certification, but with EJBCA it comes handy in some additional ways. For instance, you can have an administrator that only has privileges to see the logs; you can export and file logs to create a foundation , or to analyze performance or other metrics. The Hardware Security Modules are dedicated hardware devices used to protect the issuing keys for CA. EJBCA can talk to any HSM with decent PKCS#11 support, and all leading manufacturers provide this interface. EJBCA has a Token Management that is used for key certificate lifecycle management, but also lets you, say, add more HSMs to scale up the performance, or get redundancy for your business critical deployment. With EJBCA Enterprise, the certificate validation is handled either through CRLs or online validation. Both services run from your EJBCA deployment, and you can naturally publish CRLs to other distribution points. For situations where the validation service needs to be placed in a separate network, additional instances of EJBCA can run as validation-service-only. PrimeKey continuously adds new features to EJBCA Enterprise, including support for various protocols that make use of CA services such as CMP or SCEP. Our customers integrate EJBCA in all types of businesses – financial institutions, cloud providers, telecom operators, and governmental institutions. The Peer Connectors is a powerful feature that brings the next level of control of complex PKI deployments from the central EJBCA deployment. For instance, running through a secure encrypted tunnel, real time revocation info is pushed out to external validation instances. In a similar fashion, certificate lifecycle of external validation authorities is controlled. Are you interested in investigating the possibilities with EJBCA and certificate lifecycle management? Don’t hesitate to contact us, and we will do our utmost to help you. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. li|Share page st|How can we help? h1|Certificate Lifecycle Management h2|Certificate lifecycle management from PrimeKey, simply the best PKI Internet-of-Things scale of business with certificate lifecycle management One CA, to several CAs or even to several PKIs Registration Authority Services Certificate Profiles Fine tuned privileges with certificate lifecycle management Log and Audit HSMs and certificate lifecycle management Built-in or external validation service Protocols and integration Peer Connectors Certificate lifecycle management for your business h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey Solution for your billing system * * * * * * PrimeKey * * * * * * DigiSign is an accredited Certification Authority, providing qualified digital certificates and leading security products and services to the Romanian market. This would not have been possible without a “backbone” that seamlessly allows the fast, stable and adaptive issuance of digital certificates and time stamps. Cyber threats and solutions arise and evolve almost exponentially in relatively short periods of time, so it is a major advantage to have a responsible partner that focuses permanently on the same core values in the field of cyber security. The need for a responsible partner was the main priority at a time when only a select few were qualified to start on a new road alongside DigiSign. PrimeKey met all the requirements and its solution, EJBCA Enterprise and SignServer Enterprise, was rapidly implemented by DigiSign with the valued support of the PrimeKey team. Since then, the PrimeKey solution has successfully passed two audit procedures for the reaccreditation process required by the Regulatory and Supervisory Authority, the Romanian Ministry for Communications and Information Society. The DigiSign Time Stamping Service, based on PrimeKey SignServer, is one of the premium solutions offered by DigiSign and it is currently used by major companies from the telecommunications, banking, pharmaceutical and digital archiving industries and by public sector institutions. It is extremely important for the Time Stamping Service to be operational at all times, as it is an online real time service that is accessed permanently by clients. The scalability and flexibility offered by SignServer also allow DigiSign to upscale resources when needed. SignServer also makes it easy to use a broad range of Hardware Security Modules. In the last five years, PrimeKey has succeeded in meeting all the challenges and high demands that define DigiSign’s business. EJBCA Enterprise is a powerful and flexible Certificate Authority and a complete PKI (Public Key Infrastructure) Management System. Server-side digital signatures give maximum control and security, allowing your staff and applications to conveniently sign code and documents. We’d love to help you succeed. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. li|Share page st|How can we help? h1|DigiSign – Growing business more safely and quickly h2|Products used for this customer Get in touch with us h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Certificate Authority, Time Stamping EJBCA Enterprise SignServer Enterprise Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey * * * * * * PrimeKey * * * * * * PrimeKey online trainings and tutorials are available to help you get started with PrimeKey products. In this training, we walk you through PrimeKey EJBCA Cloud. EJBCA Cloud starts with just a few clicks, being a fully customized instance, tailored to your environment. Choose from several instance sizes in many available regions so you get the perfect PKI solution for your organization. To get an introduction to EJBCA Cloud, sign up for our complimentary online training course here: This PrimeKey Documentation online tutorial walks you through the steps of setting up peer connectors and OCSP using EJBCA Enterprise. The tutorial covers: PrimeKey also offers open training and customer training. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Replacing the VA or RA Server Certificate Setting up Peer Connectors Setting up an OCSP Signer Share page st|How can we help? h1|Online h2|EJBCA Cloud Online Training Tutorial on Peer Connectors PrimeKey Training h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey Training PrimeKey * * * * * * ITCARD provides services via more than 3,900 ATMs, 15,000 POS devices and 0,9 million cards and 1,6 million 3D Secure cards in Poland. ITCARD cooperates with VISA and MasterCard in several areas, including card issuing and acceptance, ATMs and cash in machines, recyclers, EFT POS, and customer and helpdesk services on behalf of several banks. ITCARD is the sole owner of the Planet Cash ISO ATM network, Planet Pay ISO EFT POS network and Planet Plus Internet shopping mall. Due to its rapidly growing business, ITCARD needed to find a new PKI solution at short notice that could handle a large-scale environment with more than 18,900 ATMs and POS devices. PrimeKey was one of the competitors that replied to ITCARD’s RFP. The main reasons for shortlisting PrimeKey were the EJBCA technology and the ability to give correct and reliable answers. PrimeKey met all the requirements: delivery at very short notice (two months), optimisation of all costs, separation of duties, dual control and other rules required by PCI/DSS. PrimeKey’s PKI Appliance offered ITCARD a complete feature set that operates a full service PKI with high availability using EJBCA, which has been certified in accordance with the Common Criteria. This is the easiest and most efficient way to deploy an enterprise PKI system without the challenges of complex installation and integration procedures. PrimeKey EJBCA Appliance offers the most cost-efficient, easy and secure way to deploy an enterprise PKI system. We’d love to help you succeed. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. li|Share page st|How can we help? h1|ITCARD – Smooth sailing with secure Point of Sales h2|Products used for this customer Get in touch with us h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Point of Sales, PKI Appliance EJBCA Appliance Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey * * * * * * PrimeKey * * * * * * 2018-12-06 Updated on: 2020-06-11 Public Key Infrastructure (PKI) solutions can be deployed in enterprise environments to solve various security problems for example securing websites, managing employee access to enterprise network at office or via VPN, signing sensitive documents and more. Other areas where PKI is a security enabler are when external users want to access a company’s services such as e-commerce, internet banking, e-government, and partner portal services in a secure and identifiable way. The strength of PKI is that it enables new possibilities to secure that a sender of data or a request is in fact the originator and that receiver is the intended recipient. In essence, PKI provides the authentication services needed by applications such as the identity access use cases mentioned above. As a bonus, PKI can also enable you to verify that the data or request have not been compromised during transport and that it is kept confidential through encryption. These security services are generally the basis of encrypted file systems, document signing, software updates and data transmission. The ability to provide enterprises with these security services in an efficient way have resulted in an explosion in the popularity of PKI over the past couple of years. All over the globe PKI is increasingly being used as an authentication and encryption solution for many different applications deployed in a typical corporate network environment. Enterprises using Microsoft have had an easy choice to use the Microsoft CA (Active Directory Certificate Services) as it is well integrated in the Microsoft infrastructure. For many, the Microsoft CA is sufficient but I also meet many enterprises where, with growing business and diversifying security needs, the solution falls short. That is why a growing number of organizations deploy other PKI solutions, utilizing the possibilities to scale their PKI and adapt it to a multi-use case environment. PKI is needed to secure more than one type of device and system. PKI has been the de-facto security standard on the Internet for many years now and this is what is also happening for the Internet of Things (IoT). PKI is the security technology that can really scale and handle the different deployment scenarios that is the reality of . This is also what Gartner predicted in a report from 2016, PKI has been a quiet yet foundational security tool for identity professionals for two decades. The IoT, mobility, certificate life cycle handling, scale and new deployment options create resurgent interest in PKI, its potential disruptors and its vendors. In IoT you have similar security problems as in the enterprise environment. Devices, gateways, platforms and back-end systems need to be authenticated and the transmitted data needs to be secure and correct. Predictive maintenance and analytics for real-time use case optimization or future business decisions rely upon data being generated by the securely identified IoT devices in the solution. One difference between IoT use cases and traditional enterprise PKI solutions is the number of devices. Some solutions may only have just a few devices but others/many have millions of devices. No matter the scale, all devices, gateways and servers in the solution need to be able to communicate in a secure way. Another difference is that IoT devices can be located in remote locations and be difficult to reach for in person maintenance, they can also have constrained battery power and connectivity. With this in mind you need to consider both your IoT technology choices and security deployment to make sure that you can optimize your business case with maintained security. Furthermore, many IoT projects start small and, in many cases, implementing security is not a top priority. Assessing the security risks and adopting the right security measures can be considered too time consuming in the initial stages of deployment. However, it is often believed that if you decide to disregard security in the beginning it will most likely be more expensive to add it at a later stage. What’s more is that you’ll probably not get an optimal solution as the basic infrastructure components most often are unsuitable for scalable security. Security should not be difficult or expensive to add early in your IoT project. Many enterprises today, often within IoT, choose to deploy all or parts of their IT infrastructure and/or service offering in the cloud. Rapid deployment and ease of scale are two of the advantages. There is no upfront investment in hardware, servers and software which minimizes risk and makes it is easy to get started. A cloud deployment thus enables you to start small and grow with the use case. Most only charge you for the resources that you use. So why not do the same with your security solution? By using a use case, you can ease your mind and take away some of the inherent complexity in PKI solutions. Easy to start, adapt as you grow and pay only for what you use. This in combination with already proven best-practices help you to deploy proper authentication and encryption security solutions, for your users, servers and things, from the start. Proper security from the beginning not only saves you time and money but you can rest assure that your devices won’t get hacked and cause you or your customers damage. Trust and responsibility are important areas to consider in today’s connected solutions. Do not reinvent the wheel, the technology and many best practices are already there to support you in small and large deployments. Sign up to watch our webinar on PKI in the cloud: Harry is the General Manager for PrimeKey in the US. He has almost 30 years of experience in the field of Information Technologies with extensive experience designing and developing state-of-the-art security technology solutions for the most complex and sensitive information systems. He has worked on projects of all sizes and in all areas of Network & Security infrastructure. As a proven leader, Harry has led teams of technical engineers to the successful conclusion of countless projects. He has published several white papers as well as hosted several seminars and presentations. He holds some of the industry’s highest certifications including CCIE #6772, CCNP, CCNA, CCSE, CISSP, CNE, VCP, and MCSE+I. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|Contact Harry How can we help? h1|PKI for everything and in the cloud h2|So, what is new for the PKI solutions then? Cloud-based PKI Author: Harry Haramis EJBCA Enterprise Cloud h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Would you like to know more about PKI in the cloud? Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * Siemens produces a wide range of products used in critical infrastructure where security is of the utmost importance. Digitalization is a focus field of Siemens’ vision for the future. Public Key Infrastructure (PKI) technology is a core component for secure communication, and utilized to identify both devices and personnel in these networks. Siemens deploys several PKI systems to support the organization’s exacting security requirements. PrimeKey delivers a PKI solution that provides digital certificates to Siemens’ products, enabling these to identify devices and secure communication. Modern industrial processes demand a high level of automation, along with the capability to handle high volumes while maintaining strict security. Using open standards and off the shelf products lower costs and enable access to the latest standards, including Elliptic curve cryptography. It also makes Siemens less dependent on vendors. The carefully chosen PKI solution means Siemens can rapidly roll out new security technologies for its high security products. EJBCA Enterprise PKI was chosen as the certificate authority software, to provide the necessary PKI functionality and integration capabilities. EJBCA includes all the latest PKI standards, with support for RSA and ECC certificates, as well as offering the opportunity to automate processes. EJBCA operates as a central, high availability, certificate authority, from which departments and partners in the Siemens network can enrol for certificates for their product lines and administrators. The solution uses a multi-layered approach to provide extra levels of security between the entities and the certificate authority, which communicate using the standard CMP protocol. All requests are identified using digital signatures to ensure that only authorized clients have access. EJBCA Enterprise is a powerful and flexible Certificate Authority and a complete PKI (Public Key Infrastructure) Management System. We’d love to help you succeed. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. li|Share page st|How can we help? h1|Siemens – Ingenuity for life and safe communications h2|Products used for this customer Get in touch with us h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions IoT EJBCA Enterprise Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey * * * * * * PrimeKey * * * * * * All of our installation projects include training activities and we can also do customized trainings upon request. With our trainings, you will be set to handle your security solution. Each training that we conduct is tailored to real-life scenarios and facilitates the different steps of a PKI or signature project, and may later on prove crucial to your progress and ability to succeed in challenging circumstances. As participants learn basic and advanced features about the products and improve their PKI managing skills, they will learn: PrimeKey’s state-of-the-art trainings are suitable for advanced users, such as technicians, engineers, developers, specialists, PKI administrators and system architects. Regardless of prior level of knowledge in PKI, any member of your PKI crew can benefit greatly from our training courses. Our trainings are delivered by our most competent professional service engineers who have been involved in numerous PKI and Digital Signature installation projects. PrimeKey issues training diplomas to each individual who has completed a training. With this diploma, you will be capable of running a PrimeKey advanced security solution. A typical EJBCA Enterprise Training combines lectures and hands-on case study exercises. The training always starts with an introduction to PKI, which can be adapted to the knowledge level at your specific organization. We will then move further into a PKI project, the EJBCA Enterprise product, and provide you with practical real-world experience, including everything from handling HSM’s, creating CA’s, key recovery, TLS certificates etc. Typically, the SignServer Enterprise training course runs for one day. Just like with the EJBCA Enterprise training, each training course starts with an introduction to PKI. In the SignServer Enterprise training, however, you will also gain insight into Digital Signatures. All of which is adapted to your knowledge level. The rest of the day will focus on how to install and manage SignServer Enterprise. Through a mix of lectures and hands-on training, you’ll learn about signing concepts, validations, integration with third party systems, etc. Product trainings in PKI and digital signature projects and customized trainings. Training is always included in every PKI and Digital Signature customer project. The PrimeKey product trainings for projects have been developed and are executed in a way that will enable you with the relevant skills to run your security solution confidently, regardless of your previous experience with PKI products. Of course, if you have specific requirements for the training, we will try to customise a training course for your needs. We want to improve and continuously develop our trainings. After each completed training, the participants fill out an evaluation form where they score the training. This includes everything from training material and its relevance to their work, to the trainer engagement and if they would recommend the training to others. The data that we get is immediately fed into our update process for the next training and we believe that this is one of the reasons why we can proudly say that the average score in these evaluations is 4.8 out of 5. – Allen Liang, Feitian Technologies Ltd PrimeKey also offers online training and open training. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|How to construct and manage a PKI project. How to build and deploy your PKI timely and with minimal risk. To minimize unplanned downtime. PKI Introduction Appliance overview, Webconf, Smart card operations, backup and Cluster operations (Appliance training course) EJBCA installation (EJBCA training course) EJBCA concepts and overview Using HSM’s with EJBCA Creating CA’s Creating certificate and end entity profiles Creating TLS certificates Revoking and renewing certificates Creating different administration roles Creating two person authorisation rules Using key recovery Integration of third party systems with EJBCA Setup of a validation authority and external registration authority servers Creating different types of publishers e.g. LDAP publisher Creating different types of services e.g. Auto renewal of CA Using the command line interface to administrate SignServer Maintenance operations and best practices PKI and Digital signature Introduction SignServer Installation Using HSM’s with SignServer SignServer signing concepts SignServer Overview Creating different administration roles Creating and signing with different types of signers Creating different types of workers e.g. Status reports Validation of digital signatures EPassport and EiD implementation Integration of third party systems with SignServer Using the command line interface to administrate SignServer Maintenance operations and best practices Share page st|How can we help? h1|Customer h2|EJBCA Enterprise Training SignServer Enterprise Training PrimeKey trainers strive to deliver the highest standard PrimeKey Training h3|Welcome EJBCA Enterprise Training – 3 days SignServer Enterprise Training – 1 Day “We are very satisfied with the training course and it has met our needs.” h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey Training PrimeKey * * * * * * We are looking for someone who wants to work with dedicated people, a modern product, and the world as their workplace. As one of the world’s leading companies for PKI Solutions, we’re booming with expanding business and growing personnel numbers. With expansion comes opportunity – are you up for the challenge? PrimeKey is looking for a highly qualified and motivated DevOps Engineer to join our growing team at our headquarters in Solna, Sweden. We are looking for someone who can work with our existing and upcoming containerized solutions using containers and Kubernetes for both internal and external use, work to improve our existing development infrastructure, contribute with new ideas and be able to add new features and/or redesign. Additionally, we want to recruit someone who can assist with our Development, Q&A, Professional Services and Support teams with creating and maintaining automated platform creation for testing, building and deploying. You hold a M.Sc. or B.SC in Computer Science, Electrical Engineering or equivalent. To be successful in this role, you most likely have: It will also be advantageous if you have understanding and general knowledge of IT-security, PKI, Open Source software. You should be no stranger to development and you have preferably worked with development of professional Java-based systems. We live and breathe RSA, X.509, Open Source and hardware security modules. If you have experience or interest in this area, it will be meriting. However, it is more important to us to find someone who is just bursting with talent. Working at PrimeKey means excellent development opportunities, working with some of the best PKI specialists and developers in the world, joining a pleasant working environment, interacting with highly skilled and engaged coworkers and remuneration beyond just a monthly salary. PrimeKey headquarters are based in Solna, in a nice and modern office building that is close to public transportation, such as bus and subway. PrimeKey is one of the world’s leading companies for Public Key Infrastructure (PKI) and digital signing solutions. With our products, EJBCA Enterprise, SignServer Enterprise and the PrimeKey SEE, we enable the creation and the use of digital certificates and signatures which is a key element for secure and trusted communication. We deliver the capability to implement enterprise grade PKI and signature systems ready to support solutions such as IoT, e-ID, e-Passports, authentication, digital signatures, code signing, and validation; all solutions where digital certificates would be a main enabler. PrimeKey has its headquarters in Stockholm, offices in Aachen and San Mateo, and partners in Kuala Lumpur and Washington D.C. Clients in Sweden include Bankgirot, Sweden’s only clearinghouse. To apply, please send your CV and cover letter to . For more information, please contact Dejan Bucar, Software Engineering Manager, mobile +46709714280. We look forward to receiving your application! PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Open positions 5+ years of experience working as a DevOps Engineer Implemented a full CI/CD stack Created and deployed containers with Kubernetes (or OpenShift) Excellent knowledge of: OCI Containers (Docker) Jenkins (or similar) Ansible (or similar) GIT (preferable gitlab) Good knowledge of: Artifactory Working with Virtual Machines Linux Java software development and architecture Databases/SQL Software development in Agile environments Knowledge in developing secure software Knowledge of quality assurance methodologies and system development life cycle Fluency in English Experience with Jira (meriting, but not required) Build containers and add layers to existing containers through Jenkins CI/CD pipeline. Running and maintaining containers in Kubernetes. Automate provisioning of infrastructure using Ansible. Design and implement new functionality in our platforms. Work in an agile fashion to ensure proper implementation and architecture. Work together with the Product Owners, Architects and our Q&A, IT and Development teams. Setup environments and configurations for specific testing or support of PrimeKey’s products and continue optimizing the creation of the staging environment. Driven and able to work independently, proactively and responsibly Ability to take initiative Positive and customer focused Structured and organized Excellent problem solving skills Easy to cooperate with others Works well in a team environment Excellent oral and written communication skills Share page st|Responsibilities include: Highly valued personal qualifications and competencies are as follows: How can we help? h1|DevOps Engineer h2|Based in Sweden Application h3|Welcome Background and personal qualities About the company h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * For a Fortune 500 company developing healthcare products and therapies, security and regulatory compliance requirements are rigorous. With products touching the lives of millions of people around the world every day – from the ER to the OR, from the pharmacy to the ICU and in a growing number of patient’s homes – it takes an ambitious approach to ensure the integrity and security of cloud-enabled medical devices, always safeguarding the sensitive data they are transmitting. Internet of Things (IoT) offer great opportunities for the healthcare sector, enabling innovative solutions that help patients maintain active lifestyles while giving healthcare professionals more efficient and effective tools to achieve better outcomes from treatments. Being a company in the forefront of IoT in the healthcare sector, PrimeKey’s client have already developed several cloud-enabled medical devices and services, expecting the number of connected devices to grow in the millions in the years ahead. At the heart of these solutions, enabling the security and scalability needed, is a PKI (Public Key Infrastructure) from PrimeKey. PrimeKey’s client use PKI to certify the identity and authenticity of each device, ensuring no one can tamper with a device and that the data sent to and from each device is secure. Today, the client relies on PrimeKey EJBCA Enterprise for all their products PKI needs. PrimeKey was the only PKI solution partner that could deliver on the requirements below: PrimeKey’s client is currently developing a common reference platform for their devices, ensuring every device will be able to draw benefit from the PKI infrastructure. Among the future PKI use-cases identified are OTA (Over The Air) firmware updates, integration with 3rd party manufacturing partners and more. Based on PrimeKey EJBCA Enterprise, the client can rest assured that their PKI infrastructure will be flexible and scalable enough to support future needs, enabling this Fortune 500 company to continue transform and increase access to care for patients around the world. A Secure Foundation for the Internet of Things based on Public Key Infrastructure EJBCA Enterprise is a powerful and flexible Certificate Authority and a complete PKI (Public Key Infrastructure) Management System. We’d love to help you succeed. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. li|The PKI solution needed to be flexibly integrated into device manufacturing processes, enabling automated PKI enrolment based on open standards. The PKI solution needed to support cloud-centric deployment scenarios, while having codebase level control of solution behaviour. The PKI solution needed to be compliant with strict regulatory frameworks across the US and the EU. Finally, the PKI solution needed to be scalable enough to support massive IoT use-cases with tens of millions of devices continually sending and receiving data. Share page st|How can we help? h1|Enabling Innovations – Transforming Healthcare h2|Products used for this customer Get in touch with us h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions IoT, IIoT, EJBCA Enterprise IoT and IIoT EJBCA Enterprise Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey * * * * * * PrimeKey * * * * * * Time-Stamping Authority in-a-box, enabling you to create trusted time-stamps Computer programs and documents that are digitally signed with trusted time-stamps, play an important role in high-value transaction security, or whenever other sensitive business is conducted over the Internet. The trusted time-stamp proves that a contract, invoice, tax declaration, receipt or software was signed before a certain date and time. PrimeKey Time Stamp Appliance will efficiently assist you setting up the necessary Time-Stamping Authority (TSA) for creating your own trusted time-stamps. PrimeKey Time Stamp Appliance meets all your time-stamping needs, including standard compliant RFC3161 time-stamps and MS Authenticode time-stamps. The PrimeKey Time Stamp Appliance is a Time-Stamping Authority in-a-box that combines SignServer Enterprise (PrimeKey’s digital signing solution) with a secure technology stack and enterprise-grade hardware, including a Hardware Security Module (HSM). A single deployment of the TSA gives you all the benefits of SignServer Enterprise, so that you can manage multiple time-stamping needs, reducing maintenance and significantly lowering costs. The PrimeKey Time Stamp Appliance has a fixed price list, and the built-in HSM assures the highest level of protection for the time-stamping keys. The centralised time-stamp solution model, means that you can manage different capabilities from a single location, while significantly reducing the risk of time-stamping keys being lost or stolen. Various needs can be controlled in different ways by optionally authenticating users of the service, allowing some users free access to time-stamps. Maintaining trust in a time-stamping service is crucial, and both policy and audit requirements must be observed when running a Time-Stamping Authority. The PrimeKey Time Stamp Appliance is designed with audit compliance in mind, making it easy to achieve and enforce a strict audit record of each time-stamp produced, and easy to comply with international requirements such as ETSI TS 119422. PrimeKey SignServer Appliance offers the most cost-efficient, easy and secure way to deploy an enterprise PKI system. Server side digital signatures give maximum control and security. li|Time Stamp Appliance MS Authenticode-compliant time-stamps Standard compliant RFC3161 time-stamps Leap second handling Configurable audit and transaction logging Archiving module for the central storage of all time-stamps Multiple time-stamp policies and signature algorithms Configurable NTP time sources and monitoring of time synchronisation Integrated Hardware Security Module protecting signing keys Multiple monitoring options such as healthcheck, SNMP, remote syslog shipping Both High performance with linear scalability and High Availability (HA), simply by adding multiple nodes Unified backup and restore procedures with smart card protection Integrated update mechanism Certificate-based authentication Share page st|How can we help? h1|Time Stamp Appliance h2|Meets all your time-stamping needs Highest security while saving costs Policy and audit compliance Some applications for Time Stamp Appliance Contact us h3|Welcome Time-stamping and signing of digital receipts Time-stamping of lottery slips and other gambling data Time-stamping and signing of legally binding documents for eInvoicing, eGovernment, etc. Long term validation of digital signatures for documents and software Time Stamp Appliance Features SignServer Appliance SignServer Enterprise h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey * Time-stamping and signing of digital receipts Time-stamping of lottery slips and other gambling data Time-stamping and signing of legally binding documents for eInvoicing, eGovernment, etc. Long term validation of digital signatures for documents and software * * * * * * PrimeKey * * * * * * The PKI Registration Authority that integrates directly into a smart manufacturing environment The Identity Authority Manager from PrimeKey is a PKI Registration Authority (hardware appliance) that integrates directly into a smart manufacturing environment. It enables the automation of the secure issuance of trusted identities or so-called “birth certificate” to all your things, units and devices. Information Technology (IT) and Operational Technology (OT) in factories and power plants are increasingly converging. Approaches such as Industry 4.0 and predictive maintenance of production systems and plants for energy production and drinking water supply require such communication. Machines, plants, transport systems and products exchange information with each other and with back-office systems in their environments. These include: MES (Manufacturing Execution Systems), PLM (Product Lifecycle Management) solutions, warehousing solutions and ERP (Enterprise Resource Planning) systems. PrimeKey has developed the Identity Authority Manager, a hardware appliance, which flexibly adapts to the existing production process without any loss of trust via appropriate device adapters and a process modeling environment. For the first time, professionals can adapt and readapt to dynamic production processes to issue birth certificates to any device or unit with a standard product, PrimeKey Identity Authority Manager. The Identity Authority Manager is not only applicable on the manufacturing floor it can also secure the aftermarket services for your products and be implemented in solutions for, out-sourced service stations and repair stores. The Identity Authority Manager offers an encapsulation of security critical services and limiting the possibility for the repair center to manipulate services for re-issuing identities, managing licenses and software updates. In addition, more complex IoT solutions such as smart buildings and smart machines that encompass multiple products from different vendors or eco systems require reliable and cost-effective deployment and life-cycle management. The Identity Authority Manager offers the ability to interface a heterogeneous device fleet and PKI services in one single box. li|Identity Authority Manager – Industrial Share page st|How can we help? h1|Identity Authority Manager – Industrial h2|Meet the Identity Authority Manager IT and OT convergence with a standard hardware appliance Secure aftermarket services Smart machines or buildings Contact us h3|Welcome Identity Authority Manager is an IPC-based hardware appliance that essentially provides three external interfaces: h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey * Device Adapter Interface The Device Adapter Interface is for communication with the device in production. TrustService Adapter Interface The TrustService Adapter Interface is for communication with the certificate-issuing services. Sequence Controller and Administration Interface The Sequence Controller and Administration Interface is for managing, adapting and modeling the identity verification processes. * * * * * * PrimeKey * * * * * * We are looking for someone who wants to work with dedicated people, a modern product and with the world as their workplace. As one of the world’s leading companies for PKI Solutions, we’re booming with expanding business as well as growing personnel numbers. With expansion comes opportunity – are you up for the challenge? PrimeKey is looking for a highly qualified and motivated Software Product Developer to join one of our growing agile teams in our Aachen office. You have at least 4-5 years of experience of developing professional software and have experience in hardware-based development. Ideally you have had a senior role in product development. We live and breathe RSA, X.509, open source and hardware security modules. It is desirable if you have experience and an interest in this area, however it is of higher importance for us is to find someone who is just bursting with talent, demonstrating a product and customer-oriented mindset and having proven knowledge and skills in agile ways of working. It is also be desirable if you have understanding and general knowledge of IT-security, PKI, open source software, Hardware Security Modules and the likes. Highly valued personal qualifications and competencies are as follows: Working at PrimeKey means excellent personal development opportunities. You will work with some of the best PKI specialists and developers in the world, you will be joining in a pleasant working environment, interacting with highly skilled and engaged coworkers and receive remuneration beyond just a monthly salary. Our Aachen PrimeKey office is based near the city center, in a nice and modern office building, close to public transportation and sufficient parking space. To apply, please send your detailed CV, cover letter including salary expectations and earliest possible entry date to . For further information, please contact: Manfred Husz Engineering Manager Mobile: +49 170 4451836 We look forward to receiving your application! Please send your CV and cover letter to PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Open positions Design and implement new functionality in our existing products Work in an agile development team to ensure proper implementation and high customer satisfaction Contribute with your expertise to architectural decisions and be ready to follow the product throughout its whole development lifecycle You have successfully completed a University degree or comparable education in Computer Science, or a comparable scientific subject. To be successful in this role you most likely have: Excellent knowledge of software development in complex systems. Open-minded and flexible team player with the ability to inspire your colleagues with your expertise. Enthusiastic about working in a dynamic and expanding environment, focusing on with growing focus to making the product success and ensuring customer satisfaction. Solid experience in Agile ways of working. Very good knowledge of Linux and possibly Linux networking. Experience of Java Enterprise Knowledge and experience in Bash scripting, Python and C / C++ Ideally knowledge in Java / Javascript, SQL, Embedded Software Fluent in English and German Motivated and able to work independently, proactively and responsibly Ability to take own initiative Positive attitude and customer focused Structured and organized Has an agile mindset and appreciates an agile working environment Excellent problem solving skills Easy to co-operate with others and appreciates collaborative teamwork Works well in a team environment Excellent oral and written communication skills A long term employment prospect in a stable and future proof technology area An open-minded, agile and people-focussed management and company culture Additional group insurances for employees Participation in business bike program Free coffee, tea and soft drinks Good work-life balance Possibility and encouragement for personal and professional growth, with potential opportunities to take on more responsibility as the company expands Share page st|How can we help? h1|Senior Software Product Developer h2|For our development office in Aachen, Germany The role Responsibilities Background and personal qualities Primekey offers Application Application h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * 2019-05-23 You’ve probably heard the buzz around drones or multicopters. They’ve become a common sight over the past few years. People are using them for all sorts of things; kids are playing with them, adults are taking aerial vacation selfies, and hospitals are trialing use cases where to homes in rural areas. However, over the last year, incidents and disruption reports have grown exponentially due to multicopters misuse and deliberate attacks. Airports are popular disruption areas. The level of disruption can vary from observing a multicopter entering the airport zone to greater disruption resulting in flight cancellations, relocations to different runways, and complete temporary traffic shutdowns at the airport. The latest reports have come from Frankfurt airport, Berlin airport, Gatwick airport and Heathrow airport. Furthermore, cases of abuse have been reported from oil pipes and when drones are used for smuggling objects at borders or buildings, e.g. prisons. As drones are more accepted and used in society, there is a greater risk that they will be used with malicious intent. In order to address this threat, no flight zones need to be enforced. Additionally, it should be possible to securely identify the drones and it should be possible for authorities to override the control if the drone flies into a restricted area. Infineon and PrimeKey have teamed up to showcase how an implementation combining Secure Elements and PKI can: The joint solution is based on secure, anti-tamper devices enabling embedded application security for over-the-air authorization and revocation. The multicopter controller is equipped with an OPTIGA™ Trust X and a NC1023 (eSIM). The OPTIGA™ Trust X stores the credentials and the certificates in a secure hardware and the NC1023 (eSIM) is serving the 5G embedded connectivity with active control. PrimeKey’s issues and manages the full life cycle of the certificates used in the solution. At in Munich next week, we will be showing how flight control, via secure certificate authorization is realized together with full authorization and revocation services managed and owned by official bodies and agencies for controlled access. We are all packed and ready to go! Andreas Philipp has more than 20 years of extensive experience in several roles and positions within the Security Module Business. He joined PrimeKey in 2017 and is now Business Development Manager with his base in Aachen, Germany. Contact Andreas: PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Eliminate threats like manipulation of multicopter “no flight zone” control software. Enable trusted identities for multicopter to remove the current problem with anonymous users. Share page st|How can we help? h1|Drone safety via security – PKI in action h2|Combining PKI and secure elements Infineon IoT Security Circle 2019 h3|Welcome Author: Andreas Philipp h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * Migrate your Microsoft CA to PrimeKey PKI Active Directory Certificate Services (ADCS), sometimes also just called the Microsoft CA, has been an easy choice for many organizations as it is well integrated in the Microsoft infrastructure. It supports standard enterprise PKI needs such as securing web servers (TLS), certificate-based authentication (WIFI, Win Logon), digital signatures for documents, encrypting emails (S/MIME). However, PrimeKey’s experience is that many organizations that have been using ADCS for a while get stuck. Organizational changes, operational challenges and new business opportunities can no longer be supported in an effective way. Three of the most common reasons for outgrowing a Microsoft PKI are listed below. In the Microsoft environment only one CA can be installed per server, which means that if you require multiple CA’s in your domain, you will have to maintain multiple servers. Operational visibility, continuous consistent management and costs per server are obvious drawbacks. PKI and security is an important aspect of many solutions today regardless if the solution involves devices, servers or external/internal users. A multi-tenant solution offers you as an organization the possibility to host multiple use cases (CAs), logically separated, in one single installation. This means that you will be able to grow your PKI solution with your business and sustain long-term cost-effective management and operational flexibility. Standard PKI configurations normally deploy CAs and VA functions separately on different network segments. Microsoft ADCS is designed differently where these functions (CA and VA) communicate on multiple ports with each other. Using a DMZ for separation is not optimal since such a configuration requires various ports in the firewall to be opened thus compromising network security. The “active-passive” (failover) high availability solution provided by Microsoft is limited due to only one of the servers being active at any given time. Demands for higher performance and/or availability necessitate the implementation of additional high availability servers and HSM modules. Fully scalable database-level cluster solutions have a higher availability and performance compared to the Microsoft PKI solution. Regulatory requirements or technical guidelines often come from certain industries, countries or when cross border corporation/interoperability is required. There are several common PKI scenarios where ADCS only supports these in a limited way or it is obvious that it is not one of Microsoft’s focus areas. Examples areas are IoT, Smart Metering (TR3109), Code Signing, WebTrust and eIDAS. These solution areas very often require support for certain integration interfaces such as CMP, EST, SCEP, REST, ACME or Web Services. Common criteria certification is required by many customers and also considered an advantage as it facilitates audits including eIDAS, WebTrust and others. Are you using Microsoft ADCS and consider migrating? No problem, PrimeKey has done this before. Depending on your existing use cases and new requirements the PKI migration strategy might look different but, in most cases, we recommend the following: See the step by step guide below on how to typically migrate your existing Microsoft ADCS installation. With this table we strive to give you a clear picture of important areas where PrimeKey PKI and Microsoft PKI differ. If you have any specific questions about features or functionality, don’t hesitate to PrimeKey understands that organizations have unique business challenges, including security requirements, budgets and the availability of internal resources. We give you the choice of and the choice to combine – Software, hardware Appliance and Cloud deployments for your PKI solution. This means the infrastructure can be deployed in the manner best suited to your business needs and can grow flexibly and expand over time. td|High availability Custom Extensions Certificate Profiles Multi-Tenant solution OS Support Rest API SOAP Web Services CMP – RFC 4210, RFC 6712 Support External, independent OCSP Responder MS Auto Enrollment Web GUI based RA Certificate Approvals External RA Certificate Transparency ACME Support EST Support Fully Supported Custom Development CVC Support ICAO Standards Support (Travel Documents) Peer Connectors th|Microsoft ADCS EJBCA Enterprise li|Microsoft PKI Migration Start by migrating the existing CAs. Discontinue the old installation. Add/activate new functions, modules and use cases. Share page st|How can we help? h1|PKI migration – Active Directory Certificate Services, ADCS h2|Outgrowing the Microsoft PKI Step by step PKI migration Comparison Microsoft PKI and EJBCA Enterprise Deployment options – Software, Appliance, Cloud or Hybrid Get in touch with us h3|Welcome Operational drawbacks – Lack of multi-tenancy support Network limitations and high availability constraints Compliance and regulatory requirements Read more about the PrimeKey PKI solution in EJBCA Enterprise Combine the full flexibility of EJBCA Enterprise with Active Directory Deploy your PKI in a manner that best suits you h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey Unreliable support via JET database Can deliver high availability at the database level via Oracle RAC cluster, Maria DB No support for custom certificate extensions Can easily support custom extensions Limited number of certificate templates available. New templates cannot be added. Certificate Profiles are flexible and easily implemented. New profiles can be added with ease. Not supported on a single Microsoft server No limit on the number of tenants that can be installed on a CA Windows Server only Any operating system is supported Not available Rich Rest API available Not available Rich WS API available Not available Supported Supported based on the CRL Fully supported including whitelisting of certificates and the support of configurable response options i.e. GOOD or UNKNOWN for certificates not issued by the server Supported Supported. PrimeKey provides an MS Auto Enrollment component Limited support Fully supported Limited Support Flexible support Must be custom built Available out of the box Not supported Fully supported and used Not supported Fully supported Not supported Premium support Available via third parties Delivered directly by the vendor Not available PrimeKey can deliver custom versions of the product and add specific customer enhancements Not available Available Not available Available. PrimeKey is commited to supporting the latest standards in a reasonable time frame. Not available PrimeKey products provide peer connectors* for inter component communication between a CA and an RA or a CA and a VA *Read more about PrimeKey Peer connectors here: https://download.primekey.com/docs/EJBCA-Enterprise/latest/Peer_Systems.html * * * * * * PrimeKey * * * * * * Join our headquarters in Solna, Sweden, or our office in Aachen, Germany PrimeKey is one of the world’s leading companies for PKI solutions. PrimeKey has developed successful solutions, such as EJBCA Enterprise, SignServer Enterprise and PrimeKey PKI Appliance. PrimeKey is a pioneer in open source security software that provides businesses and organizations around the world with the ability to implement security solutions such as e-ID, e-Passports, authentication, digital signatures, unified digital identities and validation. PrimeKey has its head office in Stockholm, offices in Aachen and San Mateo and partners in Kuala Lumpur and Washington D.C. We are looking for someone who wants to work with dedicated people, with a modern product and with the world as their workplace. As one of the world’s leading companies for PKI Solutions, we’re booming with expanding business as well as growing personnel numbers. With expansion comes opportunity – are you up for the challenge? PrimeKey is looking for a highly qualified and motivated QA / Test Automation Engineer to join our team in Solna, Sweden, or Aachen, Germany. You will be part of the international PrimeKey QA Community of Practice team and will contribute with your broad experience to improve our company-wide agile ways of working. As a QA / Test Automation Engineer, you will take the following responsibilities within one or more local or cross-site software engineering teams: Working at PrimeKey means excellent development opportunities, working with some of the best PKI specialists and developers in the world, joining in a pleasant working environment, and interacting with highly skilled and engaged coworkers. Our PrimeKey offices are in modern, based near city centers, close to public transportation and sufficient parking space. Please send your CV and cover letter with salary expectations and earliest possible start date to . If you are not an EU citizen, a work permit is necessary. For further information, please contact either Manfred or Dejan: Manfred Husz Engineering Manager Aachen, Germany Mobile: +49 170 4451836 Dejan Bucar Engineering Manager Solna, Sweden Mobile: +46 709 714 280 We look forward to receiving your application! PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Open positions Coordinate the QA and testing activities within one or more software development teams. Focus on improving the existing product QA processes and methods. Use and deploy test and test automation guidelines. Design and develop test automation scripts, finding solutions for automation problems. Maintain our current QA setup / test automation environment. Research issues in software through testing. Collaborate with QA Analysts and Software Developers to develop solutions. Keep updated with the latest industry developments. Contribute cross-team and cross-site to the improvement the Primekey QA and test automation processes. Experience in QA and/or test automation for at least 4-5 years within a software development team. Preferably an educational background in IT, computer science or other related technical domains Ideally knowledge and experience with Software and IT Security (such as for example PKI, CA, …) Proficiency in programming languages such as C# and Java. Knowledgeable using a test management system, i.e. Zephyr or TestRail Awareness and experience with widely successful Agile techniques: ATDD/TDD, Continuous Integration, Continuous Testing, Automated Testing. Excellent technical and problem-solving skills with a methodical approach. High accuracy and detail-orientation. Excellent communication and cooperation skills. Outstanding time management and prioritization skills, ability to quickly switch between tasks and teams. A long term employment prospect in a stable and future proof technology area An open-minded, agile and people-focussed management and company culture Additional group insurances for employees Flexible working times and good work-life balance with home-office possibility Possibility and encouragement for personal and professional growth, with potential opportunities for taking more responsibility as the company expands Share page st|PrimeKey offers: How can we help? h1|Senior QA / Test Automation Engineer h2|Application h3|Welcome About PrimeKey The role Required skills and experience Why should you join the PrimeKey family? h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * In the near future public Certificate Authorities (CAs) will not be able to supply certificates with internal names that are not authenticated. This means that most organisations will have to set up their own internal self-signed CA, if they want to continue using certificates with internal names. SecureMetric has already sold and implemented its first PKI-IN-A-BOX solution to AmBank, a commercial bank in Malaysia, to help the customer eliminate its dependency on a trusted public Certificate Authority for its SSL certificates. SecureMetric chose to team up with PrimeKey Solutions after evaluating several CA solution options in 2012. The main reason was because we felt much more comfortable investing and working with a team that not only knew the PKI business, but also invented and built the system. More importantly, SecureMetric and PrimeKey share many corporate values. There is therefore a lot of trust and understanding between the companies, which is why we are successful today. SecureMetric bundles its in-house SecureTMS RA with PrimeKey’s PKI Appliance, providing a complete world-class PKI-IN-A-BOX solution. The integrated solution includes additional functionalities to cover PKI token and smart card lifecycle management. This improves the user experience by simplifying many PKI processes that used to be tedious, including enrolment, PIN unblocking, renewal and middleware updates. It also offers more than that, via the integrated solution. It is ready to support secured and well-managed distributed RAs and managed PKI business models for customers. In 2014 SecureMetric sold and implemented a PKI-IN-A-BOX solution to AmBank in Malaysia to help the bank eliminate its dependency on expensive SSL certificates. Since then SecureMetric has successfully implemented several projects across Asia, including a national Cheque Clearing House for its cheque truncation system, an internal CA for a state government and several 4G LTE PKI-related projects. PrimeKey EJBCA Appliance offers the most cost-efficient, easy and secure way to deploy an enterprise PKI system. We’d love to help you succeed. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. li|Share page st|How can we help? h1|Malaysian bank opts for PrimeKey PKI Appliance h2|Products used for this customer Get in touch with us h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Internal CA system, Integrated Turn-Key PKI platform EJBCA Appliance Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey * * * * * * PrimeKey * * * * * * 2019-01-17 Updated: 2020-06-11 Digital Signing, using PKI and X.509 certificates, is the true enabler for automation and digitalization! It can help you modernize work-flows, save time, decrease costs and drive new opportunities. One of the powers of digital signature in the cloud lies in that both the origin and the integrity of electronic data can be ensured at the time of the signing and then again at a later time. An organization can thereby securely sign and build automated processes for customer on-boarding, signing agreements, e-invoicing etc. There are endless use cases where digital signing is applicable, and solutions have been developed for many years already. What has happened in the past couple of years is that server-side (remote) signing is gaining more attraction as being the most cost effective and secure solution. Central key management, control and audit trails on who signed what and when are a few of the advantages. Any signing key is preferably stored and used in Hardware Security Modules (HSM) and with a server-side signing solution you will also be able to limit the number of HSMs needed. Common electronic signing use cases include document management workflows, e-service transactions and software distribution. Electronic signing for documents and transactions is relevant in basically all workflow automation scenarios for B2B, B2C, Gov2B, Gov2C e-services. Customer on-boarding processes, human resource agreements, travel expense approvals, e-procurement management, PDF scanning processes, e-invoicing and minutes of meetings needing multiple signatures are a few examples. Some of these workflows have in the past struggled to reach their full potential but are now becoming really powerful as interoperable solutions and legal frameworks surrounding the lifecycle of a signature are starting to come into place. In the European Union the countries have harmonized their electronic signature laws to create a predictable regulatory environment in alignment with the eIDAS regulation. One area where the power of the digital signature is evident is in signing code for software distribution. In the connected society the need for secure and cost-effective distribution of installation packages, software updates, license files etc., is critical for the business case. With a wide diversity in device platform capabilities and connectivity demands, flexibility is a key component for digital signing in this area. Support for multiple code signing formats and a tight integration with existing build processes is required for cost efficiency and security. If you want to know more about important aspects to consider when choosing the right code signing solution for your business case, we recommend this blog post: Two other areas where digital signing is already extensively used today is in and . Time-stamping is standardized in RFC#3161, RFC#5816, ETSI EN 319 422 and ETSI EN 319 421, and digital signing of documents or software (for example Microsoft Authenticode) are relying on this service for trusted and reliable time information. Add-on services such as Long Term Validity (LTV) signatures embeds additional elements needed for secure and standard based verification of signatures in the future. E-passports, Machine Readable Travel Documents (MRTD), are implemented worldwide and they are standardized by . ICAO has specified that digital signing is required for passport data that is stored in the passport chip. In November last year we announced EJBCA Enterprise Cloud and in a blog from December we talked about the . The same advantages of course also apply to signing solutions, and as we said then: So, if you’re looking to deploy your signing solution in the cloud you can rest assure that you, with PrimeKey solutions, are able to get a proper signing solution from the start. Step-by-step how-to guides, already proven best-practices, easy to use integration interfaces and PrimeKey’s professional services team are available to support you. You’re easily up and running regardless if you start with a single use case or of you want to set up a service with multiple tenants and/or use cases. In the picture below, you can see a typical signing solution reference architecture including redundancy, cross cloud deployments and AWS CloudHSM stored keys. Has this sparked your curiosity about signing in the cloud? Or are you already convinced that deploying your security solutions in the cloud is and efficient way forward for your organization? Please feel free to try it out for a 14 day, free trial on AWS. SignServer Enterprise Cloud will get you a single node, perfect for testing and for evaluation within minutes. This same node can also be expanded to meet the most demanding digital signature needs. SignServer in the cloud scales with you as you grow. All documentation you need to get up and running on AWS, plus how to get your first SignServer running is available here. Sign up for our upcoming webinar on PKI in the cloud, on January 24th. Alex Gregory is Director Cloud Solutions at PrimeKey and based in San Mateo, Silicon Valley. He has over 20 years of experience in the IT Security and Product Management fields, providing senior systems, security and IT solutions to a diverse set of companies. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|signing solution? Contact Alex How can we help? h1|Digital Signing evolving in to the cloud h2|Why is digital signing / electronic signing so powerful? Use cases for eSignatures Code Signing, Time-Stamping and ePassports Signing should not be difficult or expensive to deploy, is a Cloud deployment the right solution for you? Try out signing in the cloud Author: Alex Gregory h3|Welcome Would you like to know more about PKI in the cloud? h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * em|Many enterprises today, choose to deploy all or parts of their IT infrastructure and/or service offering in the cloud. Rapid deployment and ease of scale are two of the advantages. There is no upfront investment in hardware, servers and software which minimizes risk and makes it is easy to get started. A cloud deployment thus enables you to start small and grow with the use case. Most solutions in the cloud only charge you for the resources that you use. So why not do the same with your A SignServer-in-a-box offering ease and more security PrimeKey Code Signing Appliance is all you need to handle your enterprise’s code signing needs. By centralizing your signing services, this hardware appliance offers the easiest and most secure way to perform code signing within an organization. The Code Signing Appliance empowers your security team to focus on aspects more directly beneficial to your business — ensuring trustworthy code signing processes instead of managing a myriad of distributed “code signing islands”. The PrimeKey Code Signing Appliance has a fixed pricelist and enables you to save months of work and expenses. It includes a Hardware Security Module, able to deliver a higher level of security by preventing theft of code signing keys. Easing all aspects of the application life-cycle, such as installation, maintenance, upgrade, backup and restore, the Code Signing Appliance results in the lowest TCO. PrimeKey Code Signing Appliance is a SignServer-in-a-box able to combine SignServer Enterprise software with a secure technology stack and enterprise-grade hardware, including a Hardware Security Module (HSM). In a single deployment of the Appliance you get all the benefits of SignServer Enterprise, yet are able to govern multiple Code Signing needs, thus reducing any need for several, dedicated units li|MS Authenticode (Windows code signing). JAR signing (for Java and Android code signing). Time Stamp Authority. Cryptographic Message Syntax signer (CMS, PKCS#7). Plain code signing, where a digital signature is generated for you to embed. Multiple signers, serving multiple code signing needs in parallel. Ability to develop custom signers to serve private needs. Highly configurable audit and transaction logging. Archiving module for centrally storing all signed code. Built in health check used by load balancers and for monitoring. Linear scalability for performance and high availability by adding multiple nodes. Share page st|How can we help? h1|Code Signing h2|Highest security while saving costs SignServer Enterprise Contact us h3|Welcome Code Signing Features h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey Appliance * * * * * * * PrimeKey * * * * * * Attend PrimeKey Open Training to brush up on your PKI skills. The training covers EJBCA Enterprise, SignServer Enterprise and EJBCA Appliance. There are four open trainings planned for 2021 in the US and Sweden. These trainings are open to partners and customers who use Enterprise editions (not the community versions) of EJBCA and SignServer. Please note that seats are limited at each training. Sign up soon to reserve your spot! PrimeKey Open Trainings will be conducted mostly online this year. The 3-day trainings are offered on the following dates: In order to get the best benefit from the training, please ensure attendees are knowledgeable in PKI or at least know the basics regarding keys, certificates and PKI infrastructure. Training is conducted in a classroom setting and based on a combination of theory and hands on exercises. The fee to participate in PrimeKey Open Training is €2000 (Sweden) and $2000 (US) per attendee. If you would like to attend in person, please let us know and we will try to accommodate you if possible. If you are interested in attending an in-person training, please also read our policy here: April 13-15 PrimeKey headquarters or online Solna Access, Plan A8, Sundbybergsvägen 1, Solna, Sweden February 16-18 Online The training is conducted over three working days and focuses on the installation and administration of EJBCA Enterprise, SignServer Enterprise and PKI Appliance. Please note that seats are limited at each training. PrimeKey also offers online training and customer trainings. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|Choose the date of the training you are interested in. I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|February 16-18, Central Standard Time (CST) April 13-15, Central European Time (CET) June 8-10, Central Standard Time (CST) October 5-7, Central European Summer Time (CEST) and Central Standard Time (CST) Introduction to PrimeKey and PKI Installation, HSM integration and hardening (OS and Application) The Appliance and the SEE Clustering and high availability Introduction to EJBCA and overview Audit log protection Creating and configuring CA’s Creating and managing certificate profiles Managing certificate life cycle (revocation, resistance etc.) Creating and managing roles Configuring approvals (four eyes principle) Using key recovery How to integrate with EJBCA – SOAP, REST, EST, SCEP, CMP, ACME CAA and key validation Setup of TLS communication from CA to VA or RA Configuring a VA and external RA Overview of publishers, group publishers and services in EJBCA EJBCA command line interface Long term maintenance including backup and restore Introduction to SignServer Installation and HSM integration Signing overview – Code Signing, Time stamp, XML, PDF signing etc. SignServer overview Managing administrators in SignServer Creating, managing and storing keys Creating different types of Signers – including Java, MS Authenticode Signing server side and signing client side with larger files Creating workers Viewing the audit log and archive Signature validation EPass port – concepts and how to use SignServer with EJBCA for ePassports and eID’s Automatic key and certificates renewal How to integrate with SignServer Long term maintenance including backup and restore Share page st|Open training conducted by our PrimeKey Professional Services team in Sweden: Date: Venue: Location: Open training conducted by our PrimeKey Professional Services team in the US: Date: Venue: Day 1, Day 2, Day 3, How can we help? h1|Open Training h2|Please register your interest Next available trainings Open training agenda Register your interest PrimeKey Training h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions EJBCA Enterprise Administration Advanced EJBCA Enterprise Administration SignServer Enterprise Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * * PrimeKey * * * * * * 2020-10-13 PrimeKey follows the Swedish Public Health Agency’s recommendations and this information can be found in English here: The general recommendation from the Swedish Public Health Agency is to maintain a safe distance and to wash your hands often. At this time, there is no policy on the use of face masks, but you are welcome to use one if desired. The classroom that will be used will be bigger than usual for the number of attendees and furnished so that we can keep proper distance between all participants. Every table will be equipped with hand sanitizer and the classroom will be ventilated regularly. Lunches and coffee breaks will be executed in a Covid-19 friendly manner. We recommend that you stay in a hotel within walking distance from the PrimeKey office to avoid the need to use public transport or other transportation. You cannot under any circumstance participate in the training if you feel sick, have a cold, fever or other symptoms. Your participation in this training is at your own risk and any (extra) costs for the participants, that PrimeKey cannot control, will not be reimbursed. All participants should read the and we expect everyone to know what to do if they get sick. This 3-day training is also offered online for both CET and CDT time zones. Learn more about PrimeKey Open Training here: PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|Last updated: How can we help? h1|Covid-19 and PrimeKey Open Training h2|Information regarding the current Covid-19 pandemic and the upcoming at PrimeKey headquarters in Solna h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * 2018-11-29 Updated on: 2020-06-11 Many organizations today choose to deploy all or parts of their IT infrastructure and/or service offering in the cloud. Why? Rapid deployment and ease of scale are two of the advantages. There is no upfront investment in hardware, servers and software which minimizes risk and makes it is easy to get started. A cloud enables you to start small and to grow with the use case. Additionally, most solutions in the cloud offer financial flexibility, only charging customers for the resources they use. When deploying your Public Key Infrastructure (PKI) in the cloud, all of the above is still true. Some may be hesitant to put such a critical part of their security infrastructure to the cloud, but with your cloud based PKI you’ll still have Hardware Security Module (HSM) support for secure key storage/usage. You will also get high availability and clustering capabilities when needed. In addition, with a cloud deployment you get the ability to easily reach almost all parts of the world. PrimeKey products are available in all areas that AWS operates in, including . To make sure that your security solution stays secure and up to date, there are different support levels available. If you’re looking to deploy your PKI in the cloud you can rest assure that you are able to get your complete security solution. All your PKI components, Certificate Authority (CA), Registration Authority (RA), and OCSP/CRL Validation Authority (VA) can be deployed in a secure, and cost-effective way, leveraging the cloud infrastructure possibilities. Since runs EJBCA Enterprise, RA and VA functionality can be separated from the CA functionality, run in different regions, or spun up on demand to meet load. PKI in the cloud frees you from geographic constraints found in typical datacenter environments. In the picture below, you can see a typical Cloud PKI reference architecture including redundancy, cross cloud deployments and AWS CloudHSM stored keys. The reference PKI architecture includes: Has this sparked your curiosity about cloud PKI? Or are you already convinced that deploying your security solutions in the cloud is and efficient way forward for your organization? Please feel free to try it out for a 14 day, free trial on AWS. EJBCA Enterprise Cloud will get you a single node, perfect for testing and for evaluation within minutes. This same node can also be expanded to meet the most demanding PKI needs. EJBCA in the cloud scales with you as you grow. All documentation you need to get up and running on AWS, plus how to get your first CA running is available . Sign up for our upcoming webinar on PKI in the cloud, on January 24th. Alex Gregory is Director Cloud Solutions at PrimeKey and based in San Mateo, Silicon Valley. He has over 20 years of experience in the IT Security and Product Management fields, providing senior systems, security and IT solutions to a diverse set of companies. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|CloudHSM backed keys Site level redundancy leveraging availability zones in region 1 Galera replication configured manually across all regions for active/active CAs Application Load balancer (ELB) for redundancy in region 1 Amazon Route 53 load balancing across all remaining sites and to ELB Security groups protecting all nodes at each site VA/RA services in separate availability zones Share page st|Contact Alex How can we help? h1|Why would you deploy your PKI in the Cloud? h2|Author: Alex Gregory h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Would you like to know more about PKI in the cloud? Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * 2019-02-19 2019 has just started and for banks and FinTech companies the magic month of the year is due in September. This is when PSD2 (Payment Services Directive 2) comes in to play, as formally approved by the European Parliament and the European Council in February 2018. Since then there has been an 18-month implementation and testing period. So, in just 8 months’ time, banks and FinTech companies must comply with the new directives. PSD2 is another step towards a digital single market in the EU. The objectives with the legislation from an European Union perspective are to support new innovative banking services and channels as well as to improve customer experiences and security*. PSD2 follows the new “API economy” where services and data are made available in a standardized way also to applications and players outside the traditional scope of that application. In particular for non-banks (FinTech), but also banks, this opens up doors for new innovative services that gathers data from multiple sources, mix and match, and create something new. An important piece of the puzzle of enabling new “PSD2 – banking services” is the trust and long-term commitment offered by many Trust Service Providers (TSP). This trust is based on secure communication and authorization between the bank and FinTech companies, through QSEALC and QWAC. In other words, the PSD2 legislation opens new opportunities for TSPs who have invested in PKI and an eIDAS compliant infrastructure, electronic signatures, electronic seal and . PSD2 mandates that banks need to open their APIs for allowing third-parties to access customer accounts, to read data or to initiate transactions. This is done to enable two new types of service providers; Account Information Service Providers (AISP) and Payment Information Service Providers (PISP). AISPs typically provide aggregated information to the end customers and PISPs initiate payments for the end customer from the customer’s selected bank. Apart from establishing trust, this also requires the banks to properly gather and manage customer consent for these new third-party services. To assure reliability and security in this new extended eco-system PSD2 mandates strong customer authentication, multi-factor authentication (MFA), of end users. The legislation also requires, as mentioned above, eIDAS qualified certificates (PSD2 QWAC and/or QSEALC are specified in ETSI TS 119 495) to secure the communication between the banks and third parties. PrimeKey has since many years been working with TSPs in Europe and in December 2018 we had over 30 customers that are certified eIDAS Trust Service Providers. In our continuous customer dialogues, we have in the past 9-12 months gotten more and more requests from our TSP customers with regards to PSD2 and it is apparent that it will mean new business for them. Over hundred thousand organizations, Fintechs and banks, are right now involved in the support for, or development of, new services that are driven from new innovative online and mobile payments opportunities that have become possible with PSD2. PrimeKey’s PKI platform 7.0.1, due end of February 2019, supports certificates required by PSD2 and together with our customers and partners we want to support innovation and best practices in the banking sector. * Malin Ridelius joined PrimeKey in March 2018 as Product Marketing Director. Malin has been working in product management/marketing and business development roles in several security companies including Giesecke & Devrient, HID Global and Nexus. She has 20 years’ experience in PKI, digital identities and electronic signatures, smart cards and related solutions. Contact Malin: PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|How can we help? h1|PSD2 – creating both opportunities and to-do’s h2|Read more h3|Welcome Author: Malin Ridelius h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * In 2012, the Philippine International Trading Corporation launched a tender for a project to implement special certificates. These certificates were to be used to electronically identify citizens and government personnel when accessing governmental services. The solution that was needed was more than PrimeKey could deliver by itself, so a consortium was created with PrimeKey, SecureMetric and Asertia. As usual, the timescale for the project was short, just ten weeks. PrimeKey was the main contractor and responsible for the deliverables. This was a new role for PrimeKey, which had never worked with these sub-contractors or their products before. Lars Bågnert, VP, CISSP and Manager for Operations & Services at PrimeKey Solutions, and his team were in charge at PrimeKey. “Edward Law, the CEO of SecureMetric, one of our future sub-contractors, contacted me after carrying out some initial work on the project. PrimeKey was the only company that had previous experience of such a major (i.e. governmental) implementation, which is why I was chosen as the project manager.” “As project manager and coordinator I developed the policies and procedures. One of my colleagues from PrimeKey was responsible for the technical implementation, testing, deliverables and the quality of the project.” “The demands on the solution were high, both in terms of technical performance and complexity. It turned into one of our biggest challenges, particularly as the customer knew exactly what they needed and had skilled personnel who could check all the deliverables, including the quality.” “We managed to establish a good working relationship, both within the project and with the customer. The commitment from the project team as well as the customer and their representatives was one of the key factors for the success of this project, despite many obstacles, including broken down hardware.” “The solution had to be based on iGovPhils, an e-ID solution for the Philippines hosted by the Advanced Science and Technology Institute (ASTI). It was the Philippine International Trading Corporation (PITC) that launched the tender for the ”Supply, Installation and Configuration of Licensed Public Key Infrastructure (PKI) Software, Service and Support’. The solution was implemented at the National Computer Centre (NCC) in Manila.” ”The tender included a wide range of functions such as certificate issuance, certificate life cycle management, electronic signatures, time stamp services and all the necessary procedures and policies. All of the services had to be implemented in accordance with existing legislation and best practice.” EJBCA Enterprise is a powerful and flexible Certificate Authority and a complete PKI (Public Key Infrastructure) Management System. We’d love to help you succeed. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. li|Share page st|How can we help? h1|National e-ID for the citizens of the Philippines h2|Products used for this customer Get in touch with us h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions eID, EJBCA EJBCA Enterprise Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey * * * * * * PrimeKey * * * * * * The EJBCA Validation Authority (VA) software component enables certificate validation using OCSP or CRLs. PrimeKey understands that organizations have unique business challenges, including security requirements, budgets and the availability of internal resources. We give you the choice to combine software, hardware Appliance and Cloud deployments for your PKI solution. This means the infrastructure can be deployed in the manner best suited to your business needs and can grow flexibly and expand over time. li|EJBCA Validation Authority Implements RFC 2560, RFC 6960 and RFC 5019 Independent of CA software used One responder can respond for any number of CAs Status information stored in SQL database Not depending on CRLs. Status information can be updated in real-time Plug-in mechanism for custom OCSP extensions Highly configurable audit and transaction logging Suitable for invoicing Supports PKCS#11 HSMs Built in health check used by load balancers and for monitoring Configurable for requiring signed requests, authorized signers, etc. Linear scalability for performance and high availability by adding multiple nodes High performance, >500 request per second can be achieved on a single server OCSP client in java Share page st|How can we help? h1|EJBCA h2|Real-time certificate validation Validation Authority for EJBCA Enterprise Certificate Validation Authority Success Story VA Deployment options – Software, Appliance, Cloud or Hybrid Rich functionality Contact us h3|Welcome Certificate validation server True online certificate validation CRL versus OCSP PKI independent Platform independent, flexible and robust Enterprise scalability Audit and logging Features EJBCA Enterprise VA h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Excellent support saves money for the Swedish clearing house Bankgirot Stay up to date with our newsletters PrimeKey headquarters h5|High requirements for security, The most widely used PKI and CA software sp|PrimeKey Validation Authority * Online certificate validation is efficiently achieved through the use of the EJBCA Validation Authority — PrimeKey’s high performance, scalable Validation Authority server, based upon the OCSP standard. Unlike some other responders, EJBCA Validation Authority is capable of providing real time certificate validation. In addition, EJBCA Validation Authority also supports the usage of CRLs. You don’t have to wait for issuance of CRLs when working with a true online certificate validation system like the EJBCA Validation Authority using OCSP. Using a relational database as back-end storage, EJBCA Validation Authority can immediately update certificates information upon certificates revocation. One can even issue millions of inactive certificates that can later on be activated – something virtually impossible using traditional methods. Validation is conveniently performed with PrimeKey’s open source EJBCA Validation Authority (VA). EJBCA VA offers several advantages through its use of both an OCSP Responder and a Certificate and CRL distribution feature. Preventing vendor lock-in, featuring instant real-time revocation, easy extending and customizing. EJBCA VA smoothly accommodates to every organization’s requirement. Deploying certificate infrastructures, users have to be provided the right means to verify certificate validity. This is usually done by means of Certificate Revocation Lists. However, where the use of CRLs are inconvenient or inadequate, organizations may opt to use the EJBCA Validation Authority OCSP responder. The EJBCA Validation Authority can provide certificate validation services for any PKI, including EJBCA. The PKI independence arises from the fact that the EJBCA Validation Authority is a stand-alone component, fed and updated with certificate status information from the Certificate Authority. Based on the same Java EE platform as EJBCA Enterprise PKI, the EJBCA Validation Authority features the same platform independence, flexibility and robustness as EJBCA Enterprise. EJBCA Validation Authority has support for the leading HSMs and allows easy and reliable clustering. This ensures linear scalability – thus achieving breathtaking performance. It is even possible to shut down a node for maintenance, while other nodes continue to answer requests. The EJBCA Validation Authority responder contains a built-in monitoring facility, ensuring that the responder is functioning properly at all times. In order to support a wide range of business models, the Validation Authority has highly configurable audit and transaction logging capabilities. If there is a need to charge your customers making requests or to keep requests and responses for audit – EJBCA Validation Authority will satisfy your demands. * * * * * * PrimeKey * * * * * * To better support a globally connected society, and a more diversified domestic business sector, the Faroese government is driving an ambitious digitalization program. A key enabler is a state-of-the-art and eIDAS-compliant national e-ID, based on PrimeKey PKI. Located halfway between Scotland and Iceland in the Northeast Atlantic, the Faroe Islands is a self-governing nation under the external sovereignty of the Kingdom of Denmark. This archipelago nation provides visitors with an idyllic escape, but there is more to the Faroe Islands than lush green valleys, imposing basalt cliffs and grand treeless moorlands. The Faroese economy is ranked amongst the highest in the world based on GDP per capita, with a growing business sector. To support its growth, the Faroe Islands government initiated a digitalization program in 2015, aiming to bring the nation’s digital maturity level to the global forefront. While the program includes a range of initiatives, the Faroese government considers the national e-ID to be the most important and complex component. The Faroese e-ID offers all citizens a single, secure authentication mechanism for all government services. In addition, 3rd party service providers such as banks, online merchants and more, can leverage the e-ID for secure authentication, stimulating digital innovation and increasing ease-of-use for the Faroe Islanders. But the Faroese government’s ambition for its e-ID extends far beyond the nation’s borders. The Faroe Islands set the bar for the national e-ID on European standards, with a key criterion being that the national scheme had to be eIDAS compliant. This means the national e-ID will not only lower thresholds for domestic businesses to digitalize operations, it will also enable secure and seamless digital transactions across the whole European single market. To deliver on the objectives for its national e-ID, the Faroese government needed a flexible, scalable and proven PKI solution. After a public tender, the Faroese government found PrimeKey EJBCA and SignServer to be the robust and battle-tried PKI solution they demanded, fulfilling the nation’s rigorous requirements in areas such as ease-of-use, integration capabilities and out-of-the-box compliance. – Janus Helgi Læarsson, IT architect, The Faroe Islands National Digitalization Program Key characteristics of the Faroese e-ID architecture is modularity, scalability and the ability to be extendable over time, with core PKI functions being handled by the PrimeKey EJBCA and SignServer. The development and integration process have so far been seamless and currently in a test and auditing phase, the goal is to go live with the Faroe Islands national e-ID in May 2020. “Going forward is all about getting more service providers to leverage the system,” says Janus Helgi Læarsson, IT architect with the Faroe Islands National Digitalization Program. ”Our goal is to join the European e-ID gateway system, so that our national e-ID can be used to access other national ID systems, and potentially other services abroad”. Based on PrimeKey EJBCA and SignServer, the Faroese government can rest assured that the PKI and signing solution at the heart of their national e-ID solution will scale as usage grows, and new use cases appear. EJBCA Enterprise is a powerful and flexible Certificate Authority and a complete PKI (Public Key Infrastructure) Management System. Server-side digital signatures give maximum control and security, allowing your staff and applications to conveniently sign code and documents. We’d love to help you succeed. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. li|Share page st|How can we help? h1|The Faroe Islands – Creating a Future-Proof National e-ID h2|Products used for this customer Get in touch with us h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions EJBCA Enterprise, SignServer Enterprise EJBCA Enterprise SignServer Enterprise Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey * * * * * * PrimeKey * * * * * * 2018-11-07 Code signing is here to stay as all organizations that plan to distribute code or other data over the Internet risk corruption and tampering. In the Internet of Things, where installations can vary from just a few devices to millions of devices, controls are needed to make sure that the connected devices remain secure, that only valid software or firmware updates are received, and that only authorized software can execute on the device. i.e. , provide a solution for identifying and securing the origin and the integrity of code, firmware, distribution packages, etc. It can assure that originals, new versions or updates in production are secure and that they haven’t been modified or tampered with during transmission or on the device. In short, code signing provides a way for devices and people to verify that applications, firmware and software are from a trusted source. Where are you today? How is code signing implemented in your organization? Regardless of your answers above, we recommend you to think a second time about 1) what the implications would be for you, your customers, and your customers’ customers, if malicious code was distributed instead of your own and 2) how you could simplify and efficiently use code signing in your organization, and how that would save precious time and resourses. We have met many companies who are in the same situation. They have been using code signing for a while and their implementations have evolved over time. In many cases, manual processes have moved to semi-manual, and home-grown solutions have been built to support the automated test and build processes. This leads to situations wherein companies are managing a myriad of distributed code signing installations, different tools from different vendors, and different processes and procedures, resulting in limited traceability and mixed levels of security and control. On top of this, the build processes are advancing and becoming completely automated, making it harder to keep up with the different code signing tools. In the end, continuous control and traceability of who signed what with what key has become impossible. If you’re struggling with your code signing, you are not alone. You need to be compliant with industry best practices which require secure update mechanisms and hardware security modules. Customers are starting to demand more security controls from your side. As a software supplier, what do you need to do? In general, there are a few steps we recommend for a secure and efficient solution. To learn more about how code signing and how it can benefit your organization, join our webinar with Thales eSecurity on November 14. We’ll discuss existing code signing processes and how a central code signing solution using HSMs can achieve automation, cost-effectiveness and security for all you code signing needs. I also encourage you to read the Thales blog . In it, you’ll discover how to use HSMs as the root of trust for you code signing operations. Malin Ridelius joined PrimeKey in March 2018 as Product Marketing Director. Malin has been working in product management/marketing and business development roles in several security companies including Giesecke & Devrient, HID Global and Nexus. She has 20 years’ experience in PKI, digital identities and electronic signatures, smart cards and related solutions. Contact Malin: PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|I have a manual or semi manual process for acquiring code signing certificates from a trusted provider, and I sign files with client-based tools from, for example Microsoft. The code signing key is stored in a file or used from a USB token on the build machine. I have multiple code signing installations that have been built to best fit the needs of the receptive products/business units. Code signing keys are stored in files. Some business units use hardware security modules (HSM), but many do not. We now have compliance requirements that code signing needs to be done in a secure, auditable way. We do not use code signing at all. Our firmware is only installed in the factory, or by technicians during service. There is no automatic or over-the-air firmware update capabilities. We have a central code signing solution, which is managed by a security team. The solution uses an HSM and is audited for compliance with international government and industry standards. You need to continue to protect your code’s integrity and your reputation. It is unfortunately often very easy to imagine what harmful code could achieve even in devices many believe to be “safe” from threats. You need to make sure you have a solution that streamlines your code signing independently of the number of products, the number of developers, or the number of geographical sites you have. You don’t want your security solution to stand in the way of expansion and growth. For code signing to be truly effective, you need to have a solution that easily integrates into your development process and that your developers actually use. Without it you risk an end result without control and true alignment with your security policy. Share page st|How can we help? h1|Avoid managing a myriad of code signing solutions h3|Welcome Author: Malin Ridelius h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * 2021-04-06 What exactly is a secure and connected factory? Welcome to a complimentary webinar where we will give examples of how the manufacturing industry can move towards Industry 4.0 for a connected and automated factory utilizing different radio technologies in a secure and trusted way. We will discuss implementing this with efficient and safe solutions, e.g. PKI and digital code signing. Together, we will sort out different concepts and players in the market. Thursday, 20 April, 2021 4:00 – 5:00 pm Central European Time Peter Heidenberg , Technical Sales Engineer at PrimeKey Oscar Bexell, Senior Infrastructure Architect at Cygate and author of the book “Things You Should Know About the Internet of Things”. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Overall network architecture for 4G & 5G and how these networks can be built in a dedicated/ private environment for industries & companies. Examples of IoT and data analysis in an edge environment and how this is connected to local 4G and 5G networks. Encryption, digital identities (PKI) and digital signatures and how companies can secure their information, operations and supply chains. Best practice deployment scenarios for your PKI and code signing implementation. Share page st|Date: Time: You will learn: Speakers: How can we help? h1|Webinar: 5G, edge & security for the connected factory h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * With banks stepping into the next generation, new solutions for how they communicate with their customers are being created. A company that is enabling this is Diebold Nixdorf, one of PrimeKey’s partners. Diebold Nixdorf is an American financial end-to-end provider of services, software and hardware for the financial and retail industries, with their core business being Point of Sales (PoS) hardware and software services. The PoS solutions that Diebold Nixdorf provides spans from smart ATMs to NFC readers for cashless societies. The field is evolving quickly with PoS-solutions becoming more and more software defined, placing higher demands on the functionality of the software, the regulatory compliance and the security infrastructure. As a consequence of the new generation of software defined financial services, in combination with new consumer expectations, the demands from Diebold Nixdorf’s customers are getting more complex than before. The requirements are based on critical features and aspects like flexibility (OTA updates etc.), integrability and time to market. With this type of customer demands growing, Diebold Nixdorf needed to build a platform that could match the needs from their customers. With PKI being an integral part of Diebold Nixdorf’s services, the PKI infrastructure they needed had to be flexible, interoperable and support many use cases. After trying various PKI solutions, Diebold Nixdorf ended up testing the EJBCA Community because it was more flexible than other open source PKIs; it could be implemented just as they wanted. And after showing positive results from EJBCA Community, Diebold Nixdorf moved on to the Enterprise version in 2018. A Secure Foundation for the Internet of Things based on Public Key Infrastructure We’d love to help you succeed. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. li|Share page st|How can we help? h1|Creating the future of PoS-solutions based on PrimeKey PKI h2|Products used for this customer Get in touch with us h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions IoT, EJBCA Enterprise IoT and IIoT Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey . The integration of EJBCA Enterprise has so far had a positive impact. With the standardized infrastructure being more user friendly than before, the operational management has become easier. With the possibility of building any kind of integration on top (SCEPT, web services, REST, OCSP validation etc.), it has also had the direct effect of reducing costs. Another key aspect of the successful use of EJBCA Enterprise is the fact that Diebold Nixdorf now manages to take action a lot quicker than before, they can integrate services using standardized protocols fast, improving time to market. * * * * * * PrimeKey * * * * * * 2019-01-10 Digitalization is something that affects us all, mostly in positive ways. Usually digitalization means that transactions we make in our daily lives can, and are in a majority of cases, done over the Internet, using computers or mobile devices. In a digital society many services are offered over the Internet, such as government services, banking, stock market, and even voting in some cases although that is probably not for everyone yet in decades to come. Digitalizing government services and banking frees up time and travel and makes the system more efficient. Everything you can imagine, from starting a business, applying for permits, tax reporting, unemployment reporting, health care, payments, opening bank accounts and applying for loans, can be done digitally from any location you happen to be at. Digitalization is not without dangers, nothing is. Making things available conveniently over the Internet means that it is also conveniently availably for criminals. Fishing and fraud to steal money are common issues and being able to get an ID on-line in someone elses name can cause a lot of trouble for the victim. Large scale fraud attempts against citizen are now possible from anywhere in the world, which also makes it harder to catch criminals and to recover stolen funds. With this in mind, to be able to offer these services over the Internet, a solid security infrastructure is needed. There is lots of practical lessons to learn from various countries who have implemented a digital society in different ways. EU is currently at the forefront of digitalization, to large extent driven by the . High Internet penetration and the high cost structure in EU makes it attractive to save costs and increase efficiency at large. Some countries have pushed it very far like Estonia and Sweden, while some are a bit slower, but the trend is moving fast everywhere. Most transactions within EU are still local for each country, and some transactions are only relevant locally, but the goal is to make EU a more open and efficient common market. This is in large thought to be achieved with a goal called the . Since EU consist of states that are to a large extent independent, it is achieved through the EU wide regulation eIDAS, which each member state must implement and abide to. Some effects of the eIDAS regulation is that it is harder to make local rules that hinder competition from other countries, business transactions becomes cheaper and more efficient between member states and citizen have efficient processes needed in their daily life even if they live abroad from their home country. To support digitalization, in a secure way, eIDAS defines a set of Trust Services that are needed. eIDAS defines providers of needed trust services as Trust Service Providers, TSPs for short. TSPs are regulated by the government and EU, but not controlled by the government, so there is a competitive market for TSPs. A typical TSP offer PKI security services, i.e. issuance of digital certificates, and . None of these types of services are new in itself, but the way it is implemented as a consistent infrastructure to support digital services is. An example PKI infrastructure for TSPs is seen in figure 1. Of course, it is not only sufficient to build technical infrastructures. It is also important that legislation supports the trust services and digitalization efficiently, securely and without barriers, and this is where the heaviest part of eIDAS comes in, as legislation is harmonized between countries. An important aspect of building up a trust service infrastructure is that once built up, which is time consuming and costly, it can be re-used for new purposes. By building up new services step by step, using the established, robust, trust services, digitalization can progress in an increasing pace. One example of this is how the new payment services directive, PSD2, in EU re-uses the eIDAS trust service PKI infrastructure to open up banking to be more efficient with less lock-in effects. For any large scale initiative to gain wide-spread traction, using open standards is imperative. Different actors must be able to provide implementations and services on the same conditions, avoiding lock-in effect and costly proprietary solutions. For trust services this is achieved by using open security standards such as X.509 certificates, RFC 3160 time stamps, SAML and other open standard for authentication and information exchange. Participation in defining and using these standards should be open to all parties who can contribute. This can form a healthy ecosystem with participants from all parts of society, something which is needed to fulfill the vision of a digital society. Luckily there is no lack of open standards in the area of PKI. It is not done overnight to create a thriving, innovative, digital ecosystem. Often you run into the dilemma, meaning that before enough attractive services are available on-line there are no users willing to adopt, and it is not attractive for services to invest in going on-line until there are enough users. Some recommendations are: Let innovation thrive with secure digital services in all aspects of users’ lives. Tomas has a Msc from KTH in Stockholm and has been researching and implementing PKI systems since 1994. Project founder and developer of the open source enterprise PKI project EJBCA, contributor to numerous open source projects, member of the board of Open Source Sweden. As a co-founder of PrimeKey, Tomas is passionate about helping users world-wide to the best possiblelutions. Contact Tomas: +46-707-42-10-96 Driving transparence, interoperability and innovation across the European Union with eIDAS. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|keep a long term vision, don’t give up build a reusable infrastructure, PKI can be used for many purposes encourage open ecosystems, let innovation thrive use open standards, avoid vendor lock-in focus on user benefit, citizen will not be forced into something that doesn’t make sense adapt to local circumstances, not everything can be copied (but a lot can be) adapt legislation to the digital world Share page st|How can we help? h1|Digitalization is based on security and open standards h2|Digitalization EU and eIDAS Trust Services PKI Infrastructure Reusing the Trust Services Infrastructure Open Standards Long Term Vision h3|Welcome Author: Tomas Gustavsson Want to know more about our view on eIDAS? h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * em|Digital Single Market chicken or the egg We are looking for someone who wants to work with dedicated people, with a modern product and with the world as their workplace. As one of the world’s leading companies for PKI Solutions, we’re booming with expanding business as well as growing personnel numbers. With expansion comes opportunity – are you up for the challenge? PrimeKey is looking for a highly qualified and motivated Java Developer to join one of our growing agile teams at our headquarters in Stockholm. You have at least 4-5 years experience of developing professional Java based systems and have probably held a leading role in designing a product. We live and breathe RSA, X.509, open source and hardware security modules. If you have experience or interest in this area, it will be meriting. However, it is more important for us to find someone who is just bursting with talent. • Design and implement new functionality in our products • Work in an agile development team to ensure proper implementation and architecture • Support the team and Product Owner in architectural questions You hold a M.Sc. or B.SC in Computer Science, Electrical Engineering or equivalent. • Excellent knowledge of Java software development and architecture • Good knowledge of Linux • Good knowledge of databases/SQL • Good knowledge of software development in Agile environments • Experience of Java Enterprise (Jakarta) • Knowledge in developing secure software • Experience of Jira is meriting • Knowledge of quality assurance methodologies and system development life cycle • Fluent in English It will also be advantageous if you have understanding and general knowledge of IT-security, PKI, open source software, Hardware Security Modules and the likes. • Driven and able to work independently, proactively and responsibly • Ability to take own initiative • Positive and customer focused • Structured and organized • Excellent problem solving skills • Easy to co-operate with others • Works well in a team environment • Excellent oral and written communication skills PrimeKey is one of the world’s leading companies for Public Key Infrastructure (PKI) and digital signing solutions. With our products, EJBCA Enterprise, SignServer Enterprise and the PrimeKey SEE, we enable the creation and the use of digital certificates and signatures which is a key element for secure and trusted communication. We deliver the capability to implement enterprise grade PKI and signature systems ready to support solutions such as IoT, e-ID, e-Passports, authentication, digital signatures, code signing, and validation; all solutions where digital certificates would be a main enabler. PrimeKey has offices in Stockholm, Sweden; San Mateo, USA, Aachen in Germany; and Melbourne Australia. Together with our global network of technology and reseller partners, we are proud to count many of the industry leading companies and institutions within IT, Telecom, Banking, Industrial, Public CAs, and different branches of Government as our long-time customers. Our core values are Excellence, Trust, and Openness, all aiming at always delivering high quality solutions to make the world of IT a secure place for sensitive information and communication. Working at PrimeKey means excellent development opportunities, working with some of the best PKI specialists and developers in the world, joining in a pleasant working environment, interacting with highly skilled and engaged coworkers and remuneration beyond just a monthly salary. PrimeKey head offices are based in Solna, in a nice and modern office building, close to public transportation such as bus and subway. To apply, please send your CV and cover letter to . For further information please contact Dejan Bucar, Software Engineering Manager, mobile +46709714280. We look forward to receiving your application! We are currently only looking for direct applicants with a valid work-permit in the European Union and are not interested in being contacted by recruitment companies at the moment. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Open positions Share page st|Responsibilities include: Background and personal qualities: To be successful in this role you most likely have: Highly valued personal qualifications and competencies are as follows: Please note: How can we help? h2|About the role About the company Application h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey Senior Java Developer with IT-security interest The final candidate will be asked to take part in an additional background check supported by an external provider. PrimeKey * * * * * * 2019-10-10 This webinar on PrimeKey EJBCA in Azure, including Key Vault Integration, demonstrates how to protect your CA keys in the Azure Cloud. In this webinar, we cover launching EJBCA from the Azure Marketplace. Additionally, you will learn how to configure the Azure Key Vault for use with EJBCA Enterprise and more. The webinar took place on Thursday, November 7th. Fill in your email address and we will send you a link to the recording. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|How can we help? h1|Webinar: Azure Key Vault Integration h3|Welcome When See the recording of the webinar h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * 2021-03-12 PrimeKey, one of the global leaders for PKI and digital signing solutions, announces a technology partnership with i4p, European developer company offering HSMs and related technical solutions for trust services. The two parties have products that uniquely complement each other, particularly in the field of PKI and eIDAS compliance. PrimeKey’s EJBCA Community and Enterprise editions are already integrated with i4p’s TRIDENT HSMs, meaning the flexible open-source certificate issuance and management software can be easily set up with TRIDENT HSMs, which are offered both as a Common Criteria evaluated standalone version as well as in MPC (Multi-Party Computation enabled) clustered version. Furthermore, PrimeKey’s digital signing software, SignServer can also be used in combination with i4p’s TRIDENT CC-certified and eIDAS-listed (as QSCD) HSM, as well as with i4p’s CC-certified TRIDENT Remote Signing Solution (RSS) product. By partnering with i4p, PrimeKey extends its HSM support with a new and unique Common Criteria certified HSM solution. As PrimeKey’s customers are building their PKIs based on HSMs as the foundation for secure handling of the CA’s private keys, this is an important part of PrimeKey’s strategy. PrimeKey has long had a solid offering in the market and are happy to extend that offering with i4p’s expertise and HSM services. “The market is moving towards compliance requirements that will not only require FIPS certifications but also recognizes Common Criteria certification for an HSM” says Admir Abdurahmanovic, VP Strategy at PrimeKey. “Even though PrimeKey has an established reputation in PKI solutions with nearly 20 years of experience, their agile methods and products could still impress us. Our solutions match extremely well and TRIDENT products work seamlessly with Primekey’s services” says Zsolt Rózsahegyi, CEO of i4p. i4p’s TRIDENT HSM is EAL4+ certified against Common Criteria protection profile EN 419 221-5 while i4p’s TRIDENT RSS is EAL4+ certified against Common Criteria protection profile EN 419 241-2. i4p’s products have a continuous certification cycle to rapidly react to the compliance changes, thus meeting all existing and future customer needs. i4p’s TRIDENT HSM’s MPC version is the only physical HSM on the market today that natively supports truly distributed cryptography, based on the proven achievements of secure multi-party computation. More information, contact: PrimeKey – I4p – i4p was founded in 2014 to develop applied cryptographic solutions. The mission of the founders is to develop innovative solutions that revolutionize the IT security industry with electronic authentication solutions that provide the technological background for new directives governing data protection, as well as to develop and market distributed cryptographic procedures and distributed platforms based on them. The company’s founders and engineering team have pre-eminent expertise in both cryptography as well as in product and service development. For step-by-step instructions on how to integrate EJBCA and Trident HSM, you can find the ip4 PrimeKey EJBCA –Trident HSM Integration Guide on PrimeKey Documentation: Primekey is one of the world’s leading companies for PKI and digital signing solutions. Deployed as software, appliance or cloud, our products EJBCA and SignServer deliver the capability to implement an enterprise grade PKI system ready to support solutions such as IoT, e-ID, e-Passports, authentication, digital signatures unified digital identities and validation. PrimeKey has its head office in Stockholm, Sweden. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|About i4p About PrimeKey How can we help? h1|PrimeKey and i4p announce a new technology partnership h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * 2018-11-08 Guest blog by Thales eSecurity In “Signed, Sealed, Delivered,” Stevie Wonder sings “You’ve got the future in your hand — signed, sealed, delivered, I’m yours.” That is not much different from what happens with software and firmware code signing today. Whether it is a software upgrade for a program, a mobile application, or firmware for a device, code is signed, sealed, and delivered, and you are left with the future in your hands! Code signing is increasingly common and critically important. It ensures provenance, authenticity, and integrity. However, because it happens in the background – frequently automatically in the middle of the night — you likely don’t even know when it occurs. The process is analogous to a tamper seal on our medications. We certainly would not take our medicine if the seal on the bottle was broken. So why would we allow our applications and devices to install a software update, if we cannot verify the update’s provenance, authenticity, and integrity? In this blog, and in one by my PrimeKey cohort Malin Ridelius, we explore the need for trust throughout the software distribution chain. In the following, I focus on how to ensure that software and firmware updates do not become conduits for attacks, as updates become commonplace, and discuss the cryptographic mechanisms that need to be in place to protect underpinning signing keys. Read Malin’s blog “ ” to get the complete picture of this important topic. Today, more software and firmware is updated more often to support an exponentially increasing set of applications and devices that make up the growing Internet of Things (IoT) ecosystem. Gartner projects over 20.8 billion devices will be connected to the Internet by 2020 , and “IoT-based attacks are already a reality. A recent CEB, now Gartner, survey found that nearly 20 percent of organizations observed at least one IoT-based attack in the past three years.” And, “By 2021, regulatory compliance will become the prime influencer for IoT security uptake.” Counterfeit code is also on the rise. For example, according to ZDNet, “Security researchers have found that hackers are using code-signing certificates more to make it easier to bypass security appliances and infect their victims.” And the SSL Store’s Blog tells us that Chinese hackers used a legitimate company’s compromised digital certificate to sign its driver. So in this context, code signing is critical to keep your IoT and the data it generates safe. PKIs include hardware, software, policies, procedures, and processes that provide a mechanism to securely manage digital identities, including the identity of software. PKIs employ asymmetric cryptography, a key pair, to sign and validate the authenticity and integrity of code. PKIs hold the private keys used for signing, and issue the associated certificates and public key needed to validate the code. PKIs provide the framework to manage the issuance of identities used to identify and validate software. PKIs are critical to the secure operation of the IoT. According to our 2018 Global PKI Trends Study (issued in tandem with the Ponemon Institute), the IoT is the primary driver for new PKI deployments. The private signing keys, however, are the Achilles heel of the solution. If compromised, they can be used to sign what would appear to be legitimate certificates, enabling distribution of counterfeit code, and putting at risk the entire system. A root of trust is therefore needed to safeguard signing keys. Hardware security modules or HSMs provide a recognized, proven, and auditable way to secure critical cryptographic signing keys. Enterprises deploy their PKI code signing solutions with HSMs, to protect underpinning signing keys within a dedicated and certified security boundary that is separate from the rest of the IT environment. The use of HSMs is considered a best practice in PKI management , and it is often required to meet government and industry regulatory requirements. PKI solutions offered by Thales technology partner PrimeKey provide the technology needed to protect the and secure software distribution. Thales -enhanced security offerings strengthen these deployments and provide added operational, security, and compliance benefits. The future is in your hands. When it comes to software and firmware, make sure it is signed and sealed, before taking delivery and making it yours! To learn more about code signing solutions and the importance of a root of trust, visit Thales and PrimeKey, and to sign up for our joint webcast trust and Responsibility Throughout your Software Distribution Chain. Be sure to read Malin’s post! And if you need to reach me, you can find me on Twitter . Juan is the Senior Solutions and Partner Marketing Manager at Thales eSecurity. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|How can we help? h1|Signed, Sealed, Delivered! Code Signing Makes Software Yours h2|Why Is Code Signing Important? Public Key Infrastructure (PKI) Best Practices The Way Forward h3|Welcome Author: Juan C. Asenjo h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * Trust and security are built into the core of ZetesConfidens’ DNA and business. Being a Qualified Trust Service Provider (QTSP) as defined by the European eIDAS regulation, ZetesConfidens guide customers through PKI-based electronic administration processes, providing them with the assurance of who they are dealing with and enabling them to establish legally binding digital documentation. For ZetesConfidens, PrimeKey EJBCA Enterprise is part of the foundation, enabling ZetesConfidens to deliver their services in alignment with the company’s DNA; trust and security. As a division of Zetes, a European company with more than 20 offices in 16 European Union (EU) countries, ZetesConfidens takes care of the processes, technological developments, integrations and implementations behind e-signatures across the EU. Although the regulation seeks cross border interoperability to enable interaction at EU level, each country has its own specifics, like language or national ID schemes. For ZetesConfidens this translates to a need for a PKI solution flexible and interoperable enough to accommodate different needs and use-cases across the EU – while always operating in line with the requirements of the eIDAS regulation. In addition, ZetesConfidens takes on responsibility for lifecycle management for the certificates and solutions for many years to come, contributing to the need for a trusted, flexible and reliable long-term partner. For ZetesConfidens, that partner is PrimeKey. Bart Symons, Director of ZetesConfidens Trust Services, says Bart Symons sees great opportunities ahead. We ensure a seamless electronic interaction between citizens, businesses and public authorities, making transactions and access to services convenient and safe – partly based on PrimeKey EJBCA Enterprise. When you’re dealing with PKI services it is always about reliability, and we rely on PrimeKey. I am confident PrimeKey will be there over time, providing us with support when needed. EJBCA Enterprise is a powerful and flexible Certificate Authority and a complete PKI (Public Key Infrastructure) Management System. Server-side digital signatures give maximum control and security, allowing your staff and applications to conveniently sign code and documents. Driving transparence, interoperability and innovation across the European Union with eIDAS. We’d love to help you succeed. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. li|Share page st|How can we help? h1|ZetesConfidens – A Qualified Trust Services Provider at your service h2|Products used for this customer Get in touch with us h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions eIDAS, Qualified Trust Service Provider, QTSP, Qualified Certificates EJBCA Enterprise SignServer Enterprise Becoming an eIDAS (Q)TSP Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey What really differentiates PrimeKey is their people and approach – when we share feature requests, we really see results. With PrimeKey EJBCA Enterprise providing issuance of Qualified certificates, ZetesConfidens can take care of each step in the e-signing process, from registration and vetting of the signatory to provisioning of qualified certificates for both signatures and seals as well as the actual signature or sealing operation. ZetesConfidens hosts every step under one roof and guarantees a secure and standards compliant signature process, attracting customers from different sectors including government, banking, financial services and insuring. * * * * * * PrimeKey * * * * * * Swisscom is the largest IT/telecom company in Switzerland, providing internet access, mobile communication, TV, cloud, IoT and more. Swisscom’s Public Key Infrastructure (PKI) was the first one in Switzerland in 2005, and today their digital certificate services is an integral part of their business in which their PKI solution and its attributes are essential. With Swisscom’s RSA Digital Certificate Solutions reaching end of life and support ending, Swisscom needed a PKI migration and consolidation. Since stakes and complexities are high whenever you migrate and/or consolidate an enterprise PKI infrastructure, a proven and capable partner that could fulfill all their needs was critical. Another central need for Swisscom was to be able to make their . Since the implementation of PrimeKey EJBCA Enterprise, Swisscom can now offer eIDAS- and legally compliant electronic signature and time-stamping services for service providers, public authorities and companies, all across the EU. Alongside successfully becoming a Trust Service Provider (TSP), there were also benefits in regard to Swisscom’s PKI migration and consolidation. Swisscom has pinpointed that the set-up of the Certificate Authority (CA) is more structured than before and therefore easier to maintain – making their internal processes more effective. – Peter Amrhyn, Team Leader Engineering, Swisscom With EJBCA Enterprise making Swisscom an eIDAS compliant Trust Service Provider, Swisscom sees business opportunities ahead in both their B2B and B2C context. The new CA from PrimeKey enables Swisscom to improve and streamline their customers’ digital processes while following regulatory demands, all according to the initial critical needs that Swisscom set out to fulfil. EJBCA Enterprise is a powerful and flexible Certificate Authority and a complete PKI (Public Key Infrastructure) Management System. Driving transparence, interoperability and innovation across the European Union with eIDAS. We’d love to help you succeed. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. li|Share page st|How can we help? h1|Swisscom – Becoming eIDAS compliant and migrating from RSA to EJBCA Enterprise h2|Products used for this customer Get in touch with us h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions EJBCA Enterprise, Becoming an eIDAS (Q)TSP EJBCA Enterprise Becoming an eIDAS (Q)TSP Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey * * * * * * PrimeKey * * * * * * 2018-11-13 Whenever software is being distributed over the internet (or other insecure networks), or stored and run on untrusted media, it is crucial to use a reliable signing tool to digitally sign all executable files such as applications, libraries and drivers. Today harmful code is a real threat to users, organizations and manufacturing, as criminal groups and even governments use malicious software to steal and monitor data, export money or empty your bank account. Digitally signed code ensures that the transferred software is trusted and unmodified as long as a secure signing tool is used. Simply setting up any code signing tool you are able to find, may result in an insecure solution that makes you vulnerable to all sorts of attacks. This guide takes you through six things to consider when choosing your . Choosing a centralized code signing solution helps you keep secure control of your code signing keys and fully leverage Hardware Security Modules. Different project members or systems authenticate and share the same well protected code signing key and certificate when signing and providing audit records of who signed what. This solution streamlines the process, making it comprehensive, harmonizing and easy to use. Decentralized solutions require that the keys are available where the code needs to be signed. Organizations with distributed and geographically fragmented development centers, will have to implement complex processes for secure key distribution, usage and management. This will, for most organizations, lead to a less secure, cost-effective and user-friendly solution. Supported code signing formats are of course an important aspect to consider. A centralized solution should be able to be configured with all your current needs in one platform and also be extended with new formats over time as your business needs it to change. Examples of code signing formats are Authenticode for Portable Executables ( ), Java (JAR signing) and Windows Installer (MSI signing). Flexibility where the hash is created, client or server, will allow you to conform to security policies and confidentiality requirements. Hardware Security Modules (HSM) are the most secure way of storing and using your code signing keys. One single HSM can store multiple keys and can be reused for multiple formats and use cases. The result is centralized key management and control for your signing service. Being in control also means having traceable information about who signed what. Whether it is a system or project members that initiate the signing, the service should preferably allow different authentication methods. The most convenient solution for your end users is to integrate with your existing corporate authentication method. In code signing use cases different project members or systems can authenticate and share the same well protected code signing key and certificate when signing. Other use cases requires individual code signing keys where only one person is granted authorization. Speed to market is crucial for many customers and solutions. Improved security and quality is the objective of a code signing solution, but it needs to go hand in hand with improved efficiency and productivity. Streamlining the code signing process with your existing processes is done by integrating your build system with the code signing service. We recommend that you spend some time investigating the availability of easy-to-use integration interfaces. This can be crucial for the final success of the solution. A convenient and easy-to-use solution are often more secure in the long-term perspective. The solution should also offer a well-defined process for managing the lifecycle of keys and certificates that are used in the solution. It is very common that the expiration of the certificates is not monitored and proactively managed. Demonstrated capabilities to scale and provide the availability that is required for your code signing use case should be a must. Secondly, it is important to assess how the solution can support new use cases with new requirements on performance and reliability. Investing in a security solution inevitably creates a long-term partnership. Just as with all long- and short-term partnerships it is of importance to partner with a vendor/provider that are able to prove their credibility with various reference cases and proven installations. Another important aspect is to continuously grow with the vendor over time. New use cases are a fundamental part of any organization and therefore it is essential to have the same supplier that enables complete alignment of products and components (e.g additional components) which results in sustained compliance, optimized efficiency and reduced cost of maintenance. In conclusion there are many aspects of code signing that is important to take in consideration when deciding which partner and product that is relevant for your specific needs. From security and reliability to performance and flexibility, everything needs to be well-thought-out. Hopefully this guide will make your decision easier and help you in choosing the best solution for your company. Markus has worked at PrimeKey for almost 10 years and has had a continous focus on the signature software SignServer. He is today the product owner for SignServer and is responsible for the development of the product together with his team of 6 people. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|How can we help? h1|Six things to consider when choosing your code signing solution h2|Centralized or decentralized signing solution What is it that you need to sign? Security and control Integration with build systems Performance and reliability Reliable security partner now and in the future h3|Welcome Author: Markus Kilås h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * Siemens AG is the largest industrial manufacturing company in Europe, active in the fields of energy, healthcare, smart infrastructure, industrial automation and more. Through investments in areas like IoT, distributed energy management and infrastructure solutions for electric mobility, Siemens is setting the course for accelerated growth. Siemens Corporate Technology plays a key role in the pursuit of these digital growth opportunities, including providing PKI services to the Siemens business units and beyond. Siemens products range from wind turbines to healthcare technology and mass-transit railway automation, with many solutions used in critical infrastructure. A common denominator for these solutions is connectivity; almost everything Siemens manufactures runs software, communicating with customers and other systems. Siemens Corporate Technology supports various Siemens business units with cyber security, and their expertise is in high demand. While continued digitalization provides Siemens with great opportunities for growth, it raises the stakes when it comes to security and regulatory demands. To enable Siemens to cost-efficiently deliver on the highest standards in security and compliance, Siemens Corporate Technology provides PrimeKey- based certificate solutions to fulfill the needs of Siemens different business units. In addition to providing digital certificates for devices, establishing identities and enabling the devices to communicate securely, Siemens Corporate Technology have recently expanded their services with digital signatures. The signing service is used to sign software, configuration files, license files and strengthen security while fulfilling regulatory demands. At the same time, the security and processes relating to software updates is improved. The cost-efficiency and ease of use of the signing solutions is a core driver for the growing number of clients. After a successful launch, Siemens Corporate Technology is anticipating usage to grow rapidly in areas like industry automation, mobility, building technology and more. Great flexibility in signature formats, strong integration capabilities and collaborative ways of working were key considerations for Siemens when partnering with PrimeKey. Moving forward, the scalability of PrimeKey’s solutions will be put to test as the loads on Siemens PKI infrastructure will rapidly grow. Still, Christopher Schmid with Siemens Corporate Technology is confident. – Christopher Schmid, Service Governance, Digital Signature Service at Siemens Based on the success Siemens Corporate Technology has experienced with PrimeKey, investments in their PKI infrastructure will continue. The aim is to support a growing number of clients, to add features and to drive automation further. The foundation has been laid and Siemens is ready to securely pursue the digital growth opportunities ahead. Server-side digital signatures give maximum control and security, allowing your staff and applications to conveniently sign code and documents. EJBCA Enterprise is a powerful and flexible Certificate Authority and a complete PKI (Public Key Infrastructure) Management System. We’d love to help you succeed. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. li|Share page st|How can we help? h1|Siemens – The PKI foundation for Siemens digital growth opportunities h2|Products used for this customer Get in touch with us h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions IoT SignServer Enterprise EJBCA Enterprise Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey * * * * * * PrimeKey * * * * * * Bankgirot is a European clearing house tasked with delivering market-leading solutions in the payments area that increase the competitiveness of its customers. As the only clearing house for mass payments in Sweden, Bankgirot plays a central role in the Swedish payments infrastructure and processes the great majority of these types of payments. Bankgirot also provides solutions within the electronic documents and electronic identities area, including managed PKI services. PrimeKey supplies Bankgirot with a public key infrastructure (PKI), enabling secure communication on an insecure public network (the Internet). Fredrik Eriksson, Product Manager for PKI services at Bankgirot, was asked why Bankgirot had chosen PrimeKey as a partner for its PKI solutions: “There had been some issues with scalability in our previous PKI soft ware, so we were looking for a more stable solution that could accommodate the large volume growth that we were expecting. We were also not happy with the speed of the support given by the supplier. At that time, PrimeKey were able to demonstrate that they could fulfill both of these and many more of our requirements, so we began a successful relationship. “When running an online real-time service, it is important to keep the service in operation at all times. When we need support from the vendor, we do not want to wait a few hours while our case is being registered and assigned by people who are not aware of our needs. We need to get in direct contact with someone who can actually help us with any problems we may have. Now PrimeKey support gives us exactly what we need. Not only do we get an immediate response when we need it, but the support is also given by specialists, who in some cases were even involved in designing the products. In the past getting a response to our issues and getting a tailored suggestion for how to handle them could take hours or in some cases even days. Now PrimeKey is just a phone call away.” “If Bankgirot did a formal assessment of our work with PrimeKey, they would get a very high score for security, stability, services and quality.” EJBCA Enterprise is a powerful and flexible Certificate Authority and a complete PKI (Public Key Infrastructure) Management System. We’d love to help you succeed. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. li|Share page st|How can we help? h1|Excellent support saves money for the Swedish clearing house Bankgirot h2|Products used for this customer Get in touch with us h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions High requirements for security, The most widely used PKI and CA software EJBCA Enterprise Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey * * * * * * PrimeKey * * * * * * Turkey had already been trying to implement an e-Passport solution for some time. However, it had not made much progress. Countries in the Western Hemisphere urged Turkey to produce a new generation of passports. Turkish citizens could be forced to go back to the tedious system of applying for a visa. The situation even got the attention of the President of Turkey who made a statement, announcing that Turkey would start to issue a new generation of e-Passports by 1 June 2010. Lars Bågnert, VP, CISSP and Manager for Operations & Services at PrimeKey Solutions, worked with his team on PrimeKey’s project in Turkey. – PrimeKey was approached by one of our partners, who asked whether we could implement a public key infrastructure (PKI). A PKI is a set of hardware, software, policies and procedures needed to create, manage, distribute, use, store and revoke digital signatures. This is absolutely essential for e-Passports. After the President had made his statement, this PKI had to be up and running within six weeks. Despite the time pressure we answered ‘yes’, submitted an offer that was accepted and off we were to Turkey. PrimeKey was commissioned to deliver the PKI infrastructure, the necessary PKI policies and training for the PKI personnel, as a sub-contractor to our partner. – As the time frame was extremely short, we set up a workshop with all the stakeholders in Ankara to establish the roles and responsibilities of all participants. This was an interesting experience, as we had the chance to meet the minister and the staff involved in the project. In the afternoon the whole team moved to secure premises outside Ankara to look at the facilities where the project would be implemented. When we arrived, they showed us ‘a hole in the ground’, with some iron bars and plumbing. I thought it might be some kind of joke, as they had agreed to grant us access to the premises 4 weeks later. But they managed to get the building ready for us in 4 weeks and 2 days. – After a few very busy days, we were finally planning to go home. But things did not quite go according to plan. Some of you might recall the volcano in Iceland grounding all European flights and this had an impact on most of the project team. You could say that the challenge was actually ‘threefold’ – working with a new partner and a new customer with an extremely short turnaround time. – After everything had been installed, checked and approved Mr H. Avni Aksoy, the current Director of the IT Division at the Turkish Ministry of Foreign Affairs, gave the following comment; ‘I cannot think of a more aptly named company – PrimeKey has indeed been the prime key of Turkey’s success in our e-Passport project’. EJBCA Enterprise is a powerful and flexible Certificate Authority and a complete PKI (Public Key Infrastructure) Management System. Server-side digital signatures give maximum control and security, allowing your staff and applications to conveniently sign code and documents. We’d love to help you succeed. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. li|Share page st|How can we help? h1|Turkish Delight – or how to issue 10,000 high-quality e-Passports every day h2|Products used for this customer Get in touch with us h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions E-passports, Turkey EJBCA Enterprise SignServer Enterprise Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey * * * * * * PrimeKey * * * * * * Banks need to be at the forefront of enterprise cybersecurity. They represent a top target for attackers and the threat of financial losses, regulatory consequences, and reputational damage has spurred the banking industry to innovate and accelerate the field of cybersecurity. In Germany, a lot of that innovation is happening at Bank-Verlag. Bank-Verlag is a wholly owned subsidiary of the Association of German Banks, servicing private banks in Germany in the areas of IT security, electronic banking, cashless payments and regulatory compliance. In addition to actively participating in the development of security standards and safety procedures, Bank-Verlag develops and operates several secure services for German banks, including white-labelled online banking services, secure management of PSD2-requests, fraud detection systems and more. The latest addition to Bank-Verlag’s state-of-the-art security service portfolio is an eIDAS-compliant trust service for electronic transactions, such as remote signatures and seals as well as PSD2 certificates (QWAC and QSEAL). When designing the service, Bank-Verlag did not only need to consider eIDAS-compliance and adherence to the highest security standards; the service also needed to be flexible enough to support the varying needs of different banks. Although the requirements were tough, not only from a security perspective, but also regarding flexibility and configurability, Bank-Verlag managed them successfully. Bank-Verlag partnered with PrimeKey, placing PrimeKey’s PKI Appliance at the heart of their eIDAS-compliant trust service and to extend their knowledge and experience. The ready-to-use appliance proved powerful enough to address all Certificate Authority-related needs, while being adaptable enough to support specific use-cases and customer needs. The ease of use of the PrimeKey PKI Appliance significantly reduced development complexity for Bank-Verlag, ensuring quick time-to-market while minimizing risk and development resources. – Alexander Esser, Head of eIDAS Trust Service, Bank-Verlag Germany’s Federal Network Agency (BNetzA) recently certified Bank-Verlag as a qualified trust service provider, enabling Bank-Verlag to create qualified electronic seals and the associated qualified certificates in accordance with the eIDAS regulation. Soon to come is the certification for qualified electronic signatures. For Bank-Verlag, the qualified trust service is a strategic investment that provides opportunities to grow their customer base beyond financial institutions. Based on PrimeKey PKI Appliance, Bank-Verlag can rest assured that their PKI infrastructure will be flexible and scalable enough to support future needs and use-cases. EJBCA Enterprise is a powerful and flexible Certificate Authority and a complete PKI (Public Key Infrastructure) Management System. PrimeKey EJBCA Appliance offers the most cost-efficient, easy and secure way to deploy an enterprise PKI system. We’d love to help you succeed. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. li|Share page st|How can we help? h1|Bank-Verlag – Launching an eIDAS-compliant trust center for the German banking industry h2|Products used for this customer Get in touch with us h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions EJBCA Enterprise, PKI Appliance EJBCA Enterprise EJBCA Appliance Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey * * * * * * PrimeKey * * * * * * Dimension Data was approached by one of the country’s largest telecom providers, wanting to implement a PKI solution. Knowing that Service Providers often benefit from Open Source solutions, Dimension Data turned to PrimeKey. Here they found a PKI solution that not only was Open Source but that also complied with the 3GPP and IETF standards that the customer was striving to comply with. Dimension Data is a subsidiary of NTT group, with offices in 49 countries and more than 27 000 employees globally. The company operates in three areas; consulting services, technical- and support services and managed services. Dimension Data has an impressive list of customers and have collaborated with PrimeKey for PKI solutions in many projects. When the Dimension Data team specialized in service providers was approached by one of the largest telecom and mobile service providers in Germany, this was another good opportunity to work with PrimeKey. The large telecom provider was looking to move to LTE (4G) technology and was therefore required to comply to IETF and very specific PKI requirements, regulated in 3GPP (3rd Generation Partnership Project). As a service provider, they were also looking for an Open Source Solution providing flexibility and freedom. All of the requirements were met by PrimeKey and the PKI solution EJBCA. The project at hand involved thousands of LTE Radio Base Stations (eNodeB), LTE Security Gateway and the eNodeB vendor’s management system (OSS). For this major implementation, concerning the mobile network for a significant part of the German population, PrimeKey PKI and EJBCA manufactured certificates providing authentication for IPsec between eNodeBs and Security Gateways, as well as for SSL between eNodeBs and their OSS. The collaboration between Dimension Data, as a consultant to the telecom provider, and PrimeKey, as a supplier to Dimension Data, was very successful. The quality of the collaboration was proven when the telecom provider, during the project discovered the need for new functionality to support vendor certificates from different vendors. PrimeKey then implemented the missing feature and delivered CMPv2 using embedded vendor certificates, within two months. This timeframe that was very much appreciated by both Dimension Data and the end customer. PrimeKey and Dimension Data together delivered a high-quality solution that is continued to be supported and maintained 24/7. Today, the telecom provider is fully compliant with required standards and is planning to further extend the solution, adding tens of thousands eNodeBs in the near future. EJBCA Enterprise is a powerful and flexible Certificate Authority and a complete PKI (Public Key Infrastructure) Management System. We’d love to help you succeed. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. li|Share page st|How can we help? h1|Dimension Data ensuring secure mobile communication for the German people h2|Products used for this customer Get in touch with us h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Mobile communication, LTE EJBCA Enterprise Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey * * * * * * PrimeKey * * * * * * em|General deployment architecture for certificate enrollment of a base station at an operator PKI: 2021-01-19 Modern agile development and delivery practices enable frequent updates of deployed services. While this has the potential of increasing flexibility and user value of the services, it may also introduce security risks. Code signing ensures that a trusted organization has released the deliverables and that the code has not been altered or corrupted before being deployed in the target environment. Development organizations need efficient ways of integrating code signing into the automated continuous integration (CI) and continuous delivery (CD) toolchains. Signature formats differ between different execution platforms but PKI based signatures are the common cornerstone for any secure best practice system for distribution and deployment of SW deliverables. Jenkins is an open source automation server that enables developers to build, test, and deploy their software. PrimeKey’s SignServer, a server-side code signing solution, is multi-tenant and supports . The PrimeKey enables using a Jenkins pipeline with the build, test, and deliver stages for a Java application built using Maven. SignServer is remotely accessed by the build pipeline enabling a centralized secure private key storage in Hardware Security Modules (HSMs). In the delivery stage of the build pipeline, Jenkins uses the connection to SignServer to sign the deliverable. In order to optimize communication and minimize overhead, PrimeKey SignClient is used to generate a hash on the client-side and send the hash to SignServer for signing. This means that the full deliverable does not need to be transferred over the network. All generated signatures are kept in a central audit log that enables keeping track of all signed deliverables that have been released. Based on the APIs supported in SignServer for appending a signature to a deliverable, combined with scripts used in the setup of a Jenkins CI/CD pipeline, SignServer can be used in combination with Jenkins to build a secure CI/CD pipeline. In addition, to ensure mutual authentication, a TLS client certificate is configured in Jenkins, and SignServer is configured to accept code signing only from clients authenticated using client certificates. The TLS client certificates used in the solution can be issued using a CA set up for example PrimeKey EJBCA. EJBCA can also be used to issue the code signing certificates. By connecting SignServer and EJBCA, the code signing certificates may also be automatically renewed, enabling stable and smooth lifecycle management. Learn more about the integration between SignServer and Jenkins for automated code signing in a CI/CD Pipeline: Let us demonstrate the code signing capabilities of PrimeKey SignServer running on Azure integrated with Jenkins in a CI/CD Pipeline: PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|How can we help? h1|SignServer Code Signing integrated with Jenkins in a CI/CD pipeline h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * 2020-06-09 Let us demonstrate the code signing capabilities of PrimeKey SignServer running on Azure integrated with Jenkins in a CI/CD Pipeline. In this webinar, we will demonstrate an integration between PrimeKey SignServer and Jenkins for automated code signing in a CI/CD Pipeline. The solution will be running on Azure and code signing keys will be securely stored in the Azure KeyVault. Tuesday, Jun 23, 2020 6:00 PM – 7:00 PM CEST PrimeKey Senior Solution Consultant Selwyn Oh and Product Owner EJBCA Cloud Alex Gregory The webinar will include several hands-on demonstrations. Watch the recording: Fill in your email address and we will send you a link to the recording. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|Date: Time: Presenters: How can we help? h1|Webinar: PrimeKey SignServer in the Cloud h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey * * PrimeKey * * * * * * 2019-03-21 In typical IoT solutions, devices collect and send data to the IoT platform and back-end applications for analysis, in some cases after local processing. The data is used for both real time decisions/actions and long-term business development. This is the basic drive and DNA of most IoT solutions. This DNA is then supplemented with the need for agility and speed, both considered to be very important aspects of many IoT initiatives. In real life, that means that most IoT initiatives start small, tries the concept and then grows fast with the success of the use case. Infrastructure investments are added step by step and there is no time to restart or pause to rethink. Continuous feedback drives the evolution of the solution and refinement is an on-going process built into the development process. Small pilots can in just a few months grow from just a few to millions of devices. The fast-growing world of IoT devices is unfortunately not only positive, having a large number of devices connected over open networks will inevitably also be followed by a number of cyber security issues. Data breaches including lost/compromised personal or business information are obvious risks that most recognize. These can, and have in many cases, lead to significant financial and reputational damage. Another unfortunate scenario, that too many are exposed to, is that their solution and devices are being recruited to botnets and used to launch DDoS attacks. The evolutionary development of IoT devices combined with the severe threat that they face makes Trust a central component for any IoT solution. Trust in IoT solutions means that you can have confidence in that your will behave as you expect over time. Although there can be many tempting business opportunities in connecting your devices, it is important to understand how to protect your business before embracing the technological advantages. So what is my recommendation for you who’s looking in to IoT? should be deployed from the start and not applied afterwards, especially as adding security at a later stage often means higher costs and a less flexible security solution. Do not reinvent the wheel – there are already standards, industry regulations and legal frameworks available that will support you in applying a security framework for your IoT solution. Some action you can take to greatly reduce the risks in IoT are: As I said, you don’t have to reinvent the wheel to do this. Public Key Infrastructure (PKI), certificates and electronic signing are already de-facto standards for authentication, integrity and confidentiality on the Internet. PKI has proven to be scalable and flexible and it is now being specified and proven also in IoT. Some IoT eco systems are more complex than others and there can be multiple stakeholders. Maintaining security over time can be challenging. Each stakeholder has its interest in the data being generated by the solution and end-to-end encryption and data integrity is a pre-requisite to assure that business assets are secured not only from external attackers but also between the stakeholders within the eco system. With the scalability and flexibility of PKI it is the most cost-efficient and secure solution to manage electronic certificates and electronic signing in more complex and larger IoT eco systems. As you can see, a PKI solution for IoT must support a multi-layer infrastructure as well as external sources for certificates and identities that allows each stakeholder to communicate securely and manage secure updates in the solution over time. For each device, one or several identities and their lifecycles need to be managed. These start during manufacturing and software development, continues during deployment and operation and finally ends when the identities are revoked, and the device is discontinued or reset. The corresponding lifecycle management applies for users, software as well as for the devices themselves. Examples of users are administrators, business analysts and maintenance personnel. They are all a part of the trust chain. Finally, trust cannot be established by technology alone. It requires policies and procedures and that the roles and responsibilities of the different stakeholders in the IoT eco system solution is set. Again, there is no need to re-invent the wheel as there are already widely adopted policies and procedure frameworks for different business cases and markets. And if there is not, an experienced PKI vendor such as PrimeKey or our partners can advise on existing frameworks that can be reused to cater for the management and agreements that need to be established to enable a trusted IoT solution over time. Determining the best security software is an important decision that must be researched, reviewed, and resolved during the software evaluation process. Each organization has unique business challenges, including security requirements, budgets and the availability of internal resources. The PKI deployment choices are of course affected by this and therefore PrimeKey gives you the choice of, and the choice to combine, software, hardware Appliance and cloud deployments for your PKI solution. This means the PKI infrastructure can be deployed in the manner best suited to your business needs and that it can grow flexibly and expand over time. In conclusion: If you are looking into IoT, remember to think about security from the start and consider all the stakeholders in the eco systems. And if you need any help, don’t hesitate to contact us. We’ve done this before and know how to help. — Jiannis is the Senior Pre-Sales Engineer for the DA-CH area and has his base in Aachen, Germany. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Apply security frameworks that mandates regular software and firmware updates Secure authentication for devices, applications and administrators managing the solution Protect the integrity of the data and the device Encrypt the data Share page st|Contact Jiannis How can we help? h1|Public Key Infrastructure Security supporting the full IoT eco system h2|IoT security frameworks and PKI End-to-End security for all stakeholders in the IoT solution h3|Welcome Deployment options Author: Jiannis Papadakis h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * 2019-08-22 An essential aspect within the Industrial Internet of Things (IIoT) is the identification and authentication of different subcomponents. Starting with the so-called edge devices, gateway solutions and connected IoT platforms up to the back-office systems. The aim here is to establish a continuous chain of trust, as the only way to guarantee a reliable and trustworthy path for exchanging data. In order to realize these advantages, an IIoT solution must first be reliable. Which means users and communication partners, must be sure the IIoT systems will behave as intended and are safe from attacks and manipulation attempts – without restricting the reliability and availability of the application. That’s achievable through two basic and established security technologies: Public Key Infrastructures (PKIs) – as of today – are widely established and used in many areas of IT (server certificates for application servers, data servers, certificates for smart energy etc.). They establish a bond of trust between the respective IT/OT systems and components. In the case of Smart Energy, for example, certificates enable trust between electricity meters and energy supply systems. The basis for this is the aforementioned certificates, which are generated individually for each device, and thus contain the device’s identification data as well as providing it with an individual electronic signature. This prevents an attacker from imitating the identity of the device within the network. Without the use of these certificates, a cyber-criminal could, for example, plant a device in an IIoT infrastructure and have it infiltrate and hijack the IIoT network. One of the characteristics of IIoT environments is that systems in different locations often need to communicate with each other. But this doesn’t always happen via secure network connections. Here, too, a PKI can be the solution by verifying the identity and integrity of the respective communication participants. In conjunction with transport protocols such as TLS (Transport Layer Security), this solution ensures a secure data exchange between IIoT components, gateways and IIoT platforms. Secure communication in tandem with these authentications is especially critical, since mobile radio or wireless LAN frequencies are still commonly used in IIoT scenarios, like remote oil drilling facilities or wind farms. They transmit important status information and error messages via wireless communication networks but are much easier to tap into than wired industrial Ethernet infrastructures in a factory. In order to protect the software of IIoT systems from unauthorized access, different approaches are possible, for example with a dongle or an integrated security chip in the electronic circuits of the device. Another common tool is . Here, the manufacturer of a Software Stack ensures the integrity and the authenticity by signing the data with a , thus protecting both the software itself and their copyright. For this purpose, the provider or manufacturer of the application requires a digital certificate with the corresponding cryptographic key. By using this private key as part of a digital signature, the program code of the application is then sealed. If the public key is then integrated within the code of IIoT components, the integrity and authenticity of the signed application software executed on the system can be verified at any time. If a software update is pending, the IIoT system can recognize from the signature of the update package whether this new iteration actually comes from the provider or from a hacker impersonating them. To conclude, PKI, digital certificates and signing enables a number of security services that IoT and rely on to be able to deliver their services to the business application in a trusted way. These basic security services are Authentication, Integrity and Confidentiality. of users, devices and infrastructure components (e.g. gateways, routers, etc.), systems (data) and control devices (commands): This ensures that only authorized and trusted communication partners exchange information. Firstly, all participants must identify themselves. The system then checks whether the communication partner is actually the one in question or an instance that only pretends to be. : Data and commands cannot not be easily manipulated or substituted. : Sensitive information must be protected from unauthorized access. This applies to data that is transmitted as well as persistent data. “Sensitive” in this context includes data for operating machines or data that is part of the production process. In addition, should adhere to relevant standards and demonstrate security certifications where applicable. : A PKI, Signing and its complementary solutions such as a Secure Execution Environment should fulfill the standards of relevant certificates such as the and Common Criteria. Prospective customers should always check whether a provider takes the required compliance regulations into account. Finally, cyber security is a global problem and all stakeholders benefit from openness for increased trust. PrimeKey believes in open source and that our users can feel an increased trust in us and our solutions knowing that the source code is open. There are no back doors, no secrets, and no hidden agendas. If you are in the business of creating trust, then PrimeKey believes that trust and openness go hand in hand. Read about PrimeKey PKI, Signing Secure Execution Environment products that can be used in IIoT solution: This is an abstract from the PrimeKey white paper that takes a deep dive into Security for IIoT environments. The white paper is available here: Andreas Philipp has more than 20 years of extensive experience in several roles and positions within the Security Module Business. He joined PrimeKey in 2017 and is now Business Development Manager with his base in Aachen, Germany. Contact Andreas: PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|a Public Key Infrastructure (PKI) in conjunction with Code Signing, a digital signature on the program’s code, put in place by the manufacturer. Share page st|Authentication Integrity Confidentiality Certifications and Compliance How can we help? h1|PKI and Signing are fundamental for secure IIoT h2|Protecting communication Securing software with Code Signing h3|Welcome Author: Andreas Philipp h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * 2020-04-14 The industrial Registration Authority (RA) requires extended flexibility and robustness compared to classic Public Key Infrastructure RAs. It needs to be able to model and re-model the production processes while maintaining the security level required to create trusted device identities directly on the production floor. In a classic Public Key Infrastructure (PKI) concept, the Registration Authority (RA) is responsible for the certificate issuance process, including the authenticity of the identity information that is included in the certificate that is signed by the Certification Authority. It is often desirable to physically separate the Certificate Authority and the RA, allowing the Certificate Authority to reside in a secure environment with only minimal access, while the RA can reside “closer” to the actual issuing process and enables for an additional layer of security around the Certificate Authority. The Certificate Authority service is often managed in the company’s data center (IT) or by a service provider. This is also the case for industrial or smart manufacturing PKIs. However, what is new is that, the Registration Authority has to be located directly at the production line and carry out the identity verification and certificate issuance during production. This requires a new security approach for the Registration Authority concerning hardware requirements, separation of network interfaces, administrative functions to support the lifecycle of a production line and maintenance services. The industrial RA has to support all the capabilities of a RA in a classical PKI and more, including: The process of establishing the identity is one area where the industrial RA typically differs. Especially when matching the information. The process-related procedures must be considered and individually adapted and readapted as new products are being produced on the production line. Here, a wide range of variants must be considered: Which MES system must be queried; how is the existing data structured; is there a PLM or ERP system that must be queried, what happens in the event of a failure or error, which log information must be written to where and when? The final result for each new product is always to use defined unique identity information such as serial numbers, MAC addresses, motor identification numbers, etc. process it together with available information from relevant systems and, after successful validation, create the corresponding certificate signing request. In addition, there are sometimes no standardized interfaces in the production networks to communicate with devices during the manufacturing process. For example, some modules can only be accessed via serial interfaces and proprietary protocols. Other systems, such as industrial PCs (IPCs), have Ethernet interfaces, while others have industrial bus interfaces. The industrial RA requires extended flexibility and robustness compared to the classical PKI RA. It needs to be able to model and re-model the production processes while maintaining the security level required to create trusted device identities directly on the production floor. An industrial RA has to have a flexible and robust: On the 21st of April, PrimeKey is launching its new, first-of-its-kind, Registration Authority product for the manufacturing industry, . We will accompany the launch with two webinars: Industry executives will learn, among other things, how to model unique publishing processes for identity discovery, how to put them into operation and how to redesign them as soon as the production process needs to be updated. April 28, 2020, 4:00 p.m 45 minutes Free The focus lies on typical product identities as well as the functions of the Identity Authority Manager and its connection to PKI. In addition, the focus will be on formulating a modern IIoT product strategy and implementing the security functions with the Identity Authority Manager. May 12, 2020, 4:00 p.m. 45 minutes Free Andreas Philipp has more than 20 years of extensive experience in several roles and positions within the Security Module Business. He joined PrimeKey in 2017 and is now Business Development Manager with his base in Aachen, Germany. Contact Andreas: PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Key generation by the device Key generation by the RA using a built-in random number generator Creation of certificate requests according to the defined protocols and certificate specifications Support for relevant cryptographic algorithms Support the processes of establishing identity. Device interface for communication with different devices in the production. The interface will change as the production line is updated to produce a new product Trust service (PKI Service) interface for communication with the certificate-issuing services. The CA should change, but the Certificate Authority service might also change as the production line is updated to produce a new product Process modeling tool for creating, managing and adapting the identity verification processes. The process for identity verification will change as the production line is updated to produce a new product. IPC-based hardware, that connects to the production facilities and the trust service via separate, physically separated Gigabit Ethernet interfaces and support the defined security policy. Security module, the trust anchor, where all necessary cryptographic keys and data can be stored, a hardware (and in some cases software) protected area. Maintenance/update process that can be performed during operation and by personnel available at the production floor. This is important because an interruption of production processes is unacceptable in the majority of companies. Share page st|Date and time: Duration: Cost: Date and time: Duration: Cost: How can we help? h1|PKI in manufacturing – Creating an industrial PKI Registration Authority h2|The RA as it is defined in a traditional PKI becomes the new industrial RA Becoming the new industrial RA Two webinars provide deep practical insights h3|Welcome Author: Andreas Philipp h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Securing Industry 4.0 – Introducing the first industrial PKI solution to secure smart supply chains What’s inside the PrimeKey Identity Authority Manager – a techie’s dream Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * 2020-06-23 CLEVELAND, Ohio & SOLNA, Sweden – June 23, 2020 – Keyfactor, the leader in securing digital identities, and PrimeKey, a leading provider of open-sourcelutions, today announced a partnership and integration to simplify and automate PKI for large-scale enterprise and IoT deployments. Enterprises today – and a growing number of connected device manufacturers – rely on PKI to enable digital security. Enterprise security teams and IoT product developers issue trusted and unique identities necessary to protect sensitive data, ensure uptime and secure connections across cloud services and connected devices. “Companies adopting complex multi-cloud infrastructure or managing high-volume IoT deployments are testing the limits of PKI,” said Kevin von Keyserling, co-founder and chief strategy officer at Keyfactor. “Keyfactor’s certificate lifecycle management solution combined with PrimeKey’s powerful PKI backend delivers a simplified toolset to deploy and manage certificates, even at massive scale.” PrimeKey delivers uniquely scalable and flexible alternative to existing certificate authority (CA) software, providing turnkey PKI solutions for governments, financial institutions, and thousands of global enterprises. As a pioneer in open-source PKI, PrimeKey’s solutions address a range of digital identity use cases such as IoT, e-ID and e-Passports, as well as PKI migration and consolidation. Enterprises today use a mix of public and private CAs to support PKI, yet ever-increasing certificate volumes are a challenge to manage across multiple CA-provided tools. Using an API-based gateway, Keyfactor’s certificate management solution (Keyfactor Command) integrates with PrimeKey’s PKI (EJBCA Enterprise), providing end-to-end visibility and automation to all private and publicly issued certificates within a single, purpose-built platform. Additionally, the integration between EJBCA Enterprise and Keyfactor’s end-to-end identity platform for connected devices (Keyfactor Control) makes it easy and affordable for IoT device manufacturers to embed trusted identity into their IoT products at design, and secure firmware and software updates through the device lifecycle. “PrimeKey and Keyfactor share a mutual respect and mission to provide trust and security in zero-trust networks and manufacturing environments,” said Magnus Svenningson, chief executive officer at PrimeKey. “Scalable certificate management, turnkey PKI deployment and robust APIs are critical to solve today’s complex and evolving PKI and IoT use cases. This partnership is a great DNA match and value-add for our shared customer base.” To learn more about the integration, visit: Keyfactor empowers enterprises of all sizes to close their critical trust gap – when breaches, outages and failed audits from digital certificates and keys impact brand loyalty and the bottom line. Powered by an award-winning PKI as-a-service platform for certificate lifecycle automation and IoT device security, IT and InfoSec teams can easily manage digital certificates and keys. And product teams can build IoT devices with crypto-agility and at massive scale. Exceptional products and a white-glove customer experience for its 500+ global customers have earned Keyfactor a 98.5% retention rate and a 99% support satisfaction rate. Learn more at . PrimeKey is one of the world’s leading companies forlutions and has developed successful products, such as EJBCA Enterprise, SignServer Enterprise, EJBCA Appliance and PrimeKey SEE. As a pioneer in open source security software, PrimeKey provides businesses and organizations around the world with the ability to implement security solutions, such as e-ID, e-Passports, authentication, digital signatures, unified digital identities and validation. PrimeKey products are Common Criteria and FIPS certified; PrimeKey has numerous Webtrust/ETSI and eIDAS audited installations. PrimeKey has offices in Stockholm, Sweden; San Mateo, USA; Aachen, Germany and Melbourne, Australia. Together with global network of technology and reselling partners, PrimeKey is proud to count many of the industry leading companies and institutions within IT, Telecom, Banking, Industrial, Public CAs, and different branches of Government as long-time customers. For more information, please visit: Keyfactor Media Contact Sarah Hance 216.785.2291 MRB Public Relations Media Contact Angela Tuzzo 732.758.1100 PrimeKey Media Contact Lindsey Oredsson +46 70 8358 11-8 Akima Media GmbH Annika Hartman Garmischer Str. 8 + 49 89 17959 18-0 PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|Share page st|About Keyfactor About PrimeKey Contacts How can we help? h1|Keyfactor and PrimeKey Partner to Enable Highly Scalable PKI for Modern Enterprise & IoT Deployments h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey PrimeKey * * * * * * em|Integration enables certificate lifecycle automation and deployment for PrimeKey EJBCA 2020-03-18 Attend the 45-minute webinar for an introduction to the first Industrial PKI solution ever. Designed and engineered to meet the demands of Industry 4.0, enables the issuance of trusted identities during the manufacturing process. Webinar titled “Securing Industry 4.0 – Introducing the first industrial PKI solution to secure smart supply chains”. PrimeKey Business Development Manager Andreas Philipp. April 28, 2020, at 4 p.m. Central European Time (10 a.m. U.S. Eastern time)*. Learn about this groundbreaking technology which enables you to integrate PKI and technology into your industrial application. Attendees will learn: Fill in your email address and we will send you a link to the recording. Andreas Philipp has more than 20 years of extensive experience in several roles and positions within the Security Module Business. He joined PrimeKey in 2017 and is now Business Development Manager with his base in Aachen, Germany. Contact Andreas: Learn about our new product, Identity Authority Manager, that integrates directly into a smart manufacturing environment: Read about IoT and IIoT security solutions: PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. li|How PrimeKey innovates the industrial approach by providing a trusted identity authority mechanism to issue birth certificates or other identities during the production process. How it is now possible, with the Identity Authority Manager’s integrated workflow engine, to do the modelling of unique publishing processes, put them into operation, and do the remodelling when the production process needs to be updated. With the introduction of the Identity Authority Manager, the support for trusted digital identities becomes an integrated part of Industry 4.0. For the first time, it is possible to deliver on a trustworthy product strategy that is based on a smart and secure supply chain. Share page st|What: Who: When: Webinar Details: How can we help? h1|Webinar: Securing Industry 4.0 – Introducing the first industrial PKI solution to secure smart supply chains h2|PrimeKey introduces its new groundbreaking industrial PKI solution. h3|Welcome See the recording of the webinar Andreas Philipp h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey * * * * PrimeKey * * * * * * 2021-04-06 With the introduction of 5G mobile networks, completely new applications can be built utilizing the enhanced features available. With 5G mobile networks, the Internet of Things (IoT) really starts to take off. IoT is the new application area where society and the industry will benefit from how products are produced and managed throughout the whole lifecycle. Security needs to be scaled up to support up to millions of devices that could be managing critical infrastructure. So, security and trust in the device and in the data it produces become central due to the fact that if you can’t trust your IoT device ID or the integrity of the data it produces, the whole IoT application area will be a failure. Starting already with 2G (GSM) mobile networks and GPRS (General Packet Radio Service), IoT devices were connected to a mobile network. There are multiple applications where the devices are not moving but installed at a specific geographical place and the data collection feature of the mobile network is used. In order to trust the remote device, authentication must be strong. Also, there must be no hesitation if the collected values are correct, especially when the data is a base for billing a subscriber. An example of this kind of application is an electricity meter connected to the mobile network for remote data collection. One problem with the GSM connected IoT devices is the high energy consumption. In practice the GSM connected IoT devices need to be connected to the mains power supply making data collections from electricity meters a perfect application. In LTE-M there is a dedicated Power Saving Mode (PSM) making use of battery powering possible. With the introduction of 4G mobile networks, LTE, dedicated IoT networks were introduced. One variant is called LTE-M where the letter “M” is short for “Minus”. What is meant is that the specific mobile phone mobility features of the 4G network are reduced to a minimum in favor of other characteristics. The enhanced features of LTE-M benefits IoT applications. But several other features in LTE-M were also optimized for IoT devices like increased range of radio signals, Over the Air (OTA) software upgrades of IoT devices, deep indoor coverage (compared to ordinary LTE for mobiles), good enough throughput (< 4 Mbps) etc. LTE-M uses the ordinary LTE radio base stations so geographical coverage is extremely good (compared to non-mobile IoT networks like Sigfox). The single feature “national coverage” is often a critical feature if an IoT application should become a marketing success. Independent of the IoT device is a lawn mower, electrical car charge point, smoke detector or electric wheelchair the predictable coverage and reliable communication rules out most other features that non-mobile IoT networks might have. This includes the cost for the IoT device itself because a cheap IoT device which becomes unconnected is a useless IoT device! A strong advantage to using mobile networks for IoT is the security features built into the Subscriber Identity Module, SIM, card. Mobile operators have learned how to handle millions of subscribers using SIM cards in mobile phones. Prepared with encryption keys by the operator and sent out to the owner for use in the mobile device the basis for secure authentication, integrity and confidentiality is laid. Today mobile phone users are used to physical SIM cards, but standards have evolved resulting in Embedded SIM cards (eSIM) and Integrated SIM cards (iSIM). Those newer form factors for SIM cards makes them perfect for IoT devices because the physical handling of SIM cards is removed. The preparation of eSIM and iSIM can be handled via communication connections. The traditional physical SIM card has many limitations when used for the IoT market. The SIM card can only be prepared for a single mobile operator and must physically be replaced with another SIM card for a new operator. If the IoT device is crossing borders this becomes a blocking factor for a worldwide market. There is also a solution where the SIM card is replaced totally with software, a so-called soft SIM. From a security perspective this is a much more vulnerable solution compared to the hardware implementation used in eSIM which can act as a Trusted Computer Platform (TCP). One vendor who has realized the potential in the eSIM market is Korewireless, see . Developed by the mobile industry, IoT SAFE (IoT SIM Applet For Secure End-2-End Communication, see , enables IoT device manufacturers and IoT service providers to leverage the SIM as a robust, scalable and standardized hardware Root of Trust to protect IoT data communications. IoT SAFE provides a common mechanism to secure IoT data communications using a highly trusted SIM, rather than using proprietary and potentially less trusted hardware or software based secure elements implemented elsewhere within the device. A flexible PKI system from PrimeKey can become a vital component of a secure SIM card rollout. With the introduction of 5G mobile networks the evolution of dedicated IoT mobile networks continues, but at a faster speed compared to previous generations of mobile networks. By utilizing a number of new paradigms in 5G some completely new areas open up for a wider range of IoT applications. New 5G paradigms include: The combined result of the new paradigms above opens up completely new application areas like: Independent of the mobile network generation used, the security aspects of IoT remain the same. The remote IoT device must be capable of authenticating itself in a secure way, the transmitted data must be integrity protected so no manipulation can be done during transit and if the data transmitted is sensitive the data should be encrypted so confidentiality can be achieved. The new features of 5G in combination with the embedded SIM, eSIM, enables new possibilities for the IoT market. The ability to produce a single Stock Keeping Unit, SKU, simplifies for IoT device producers and customers. As the eSIM can act as a Trusted Computer Platform the security aspect is satisfied. A flexible PKI system from PrimeKey generating certificates and credentials stored on the eSIM or a separate secure element in the IoT device used in mobile systems is a well proven way to achieve all the security goals. With a sound security foundation using PrimeKey PKI, the customer can concentrate on the logical application. This is the area where the customer himself is the expert! Sign up for our upcoming webinar entitled “5G, edge & security for the connected factory” to learn more. Peter Heidenberg has the role of pre-sales engineer at PrimeKey, focusing on end-to-end solutions from both a technical point of view as well as a commercial point of view. Peter is based in Sweden at PrimeKey’s headquarters. He has over 20 years of experience working in Telecom, where his focus was on transmission & transport, and has for the last four years been focusing on IT security/PKI. PrimeKey Solutions AB Solna Access, Plan A8, Sundbybergsvägen 1 SE-171 73 Solna Sweden Call us on or mail us at © PrimeKey 2021. All rights reserved. di|I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy li|A new architecture of the 5G Core network with a service-based architecture instead of a node based. The service-based architecture makes it possible to distribute logical functions all the way out to for example a customer’s private mobile network. This makes it possible to process customer data at the edge of the mobile network so collected data and results are kept locally at the customer. The possibility to use a logically sliced mobile (backhaul) network makes it possible to logically and dynamically allocate bandwidth to dedicated IoT data. This guarantees IoT data will reach the destination in due time independent of other traffic like video streaming. A new design of the radio network utilizing new spectrum like millimeter radio waves resulting in dramatic higher bandwidth. The split architecture between mobile control data and user data in combination with virtualization makes it possible to run data processing on Commercial Off the Shelf (COTS) hardware thus reducing costs significantly. The Zero Trust principle gives as a result that there are no secure network zones any longer. Every communication connection should be properly authenticated, integrity protected and eventually encrypted to achieve confidentiality. This makes the use of certificates and PKI systems mandatory! URLLC, Ultra Reliable Low Latency Communication. This will make it possible to connect machines and manage those in real time. Examples are automated production, guided self-driving vehicles especially in restricted areas like harbors, mines, guidance of drones etc mMTC, massive Machine Type Communication. This will make it possible to collect IoT data from millions of different sensors resulting in smart cities, smart cars, smart electricity grid, smart utilizing of power etc. Mobile/Multi-access Edge Computing, MEC. This is local processing of collected data at the mobile edge, in practice a customer local computer processing collected IoT data in real time. This possibility in itself opens up new application areas like real time video analyzing from a production line, augmented reality for service personnel, artificial intelligence processing of collected data etc. Share page st|How can we help? h1|5G opens up options for new IoT application areas and security becomes fundamental for longterm trust h2|Securing your IoT devices using SIM cards New possibilities with 5G Conclusion Author: Peter Heidenberg h3|Welcome h4|Public Key Infrastructure (PKI) and Signing Software Turnkey PKI and Signing, and a Secure Execution Environment IT Security Solutions Stay up to date with our newsletters PrimeKey headquarters sp|PrimeKey Contact Peter: PrimeKey * * * * * *