Easier to Manage

Because ADSS XKMS Server acts as a central trusted gateway, any changes in back-end PKI components do not impact end-user applications.  It also means all the complexities of back-end PKI protocols such as X.509, CRLs, OCSP, PKIX, LDAP etc. can be removed from front-end business applications which just need to to make standard XML/SOAP web services requests to ADSS XKMS Server. screenshot

Quick to Deploy

ADSS XKMS shields application developers from the complexity of traditional PKIs. They can now integrate digital signature, authentication and encryption web services into online business applications in a matter of hours. This allows them to concentrate on implementing business logic rather than solving complex trust issues.

High Availability

ADSS XKMS can work in parallel using standard load balancing techniques, sharing network traffic for high performance and high availability in demanding environments.

Auto Archiving

Automatically archive logs based on configurable policy to keep your database size in check. Log files are auto signed upon archiving. screenshot

Reporting

ADSS XKMS includes a detailed logging and reporting module that provides detailed analyses on overall service usage and low-level request/response viewers.  screenshot 1 | screenshot 2

Security

ADSS XKMS Server has been designed with maximum security features in mind, including: screenshot 1 | screenshot 2

• Strong identification & authentication of requestors (i.e. client applications) using SSL client certificates and IP address filtering
• Strong identification & authentication of operators using SSL client certificates and enforcing fine grained role-based access controls
• Secure event and transaction logs are maintained with details that show pre- and post-change state for all database record changes
• An optional dual control capability is provided so that a separate security role holder is required to review and approve configuration changes
• PKCS#11 compliant HSMs are supported for effective signing key protection
• XML/SOAP over SSL is supported
• Automated database integrity checking is provided (with optional manual checks)

Real-Time Alerts

Configure emails and/or SMS alerts for specific events and send these to specific operators. SNMP alerting is also supported. screenshot

Standards Compliance

ADSS XKMS is compliant with the W3C XKMS specifications.

Supports X-KISS

The XKMS specifications are split into XKMS Key Information Service Specifications (X-KISS) and XKMS Key Registration Service Specifications (X-KRSS). ADSS XKMS Servers supports the X-KISS Validation Service for checking the overall trust status of certificates.  Ascertia can extend to also support X-KRSS based on project need.

Supports multiple back-end PKIs

ADSS XKMS Server can work with multiple back-end PKIs including Certificate Authorities, CRL Issuers and OCSP responders to ensure global interoperability of trust services without have to get involved in complex trust schemes which require Root CA cross-certification or Bridge CAs

Operating System independence

ADSS XKMS Server is a standard J2EE application and supported on Windows, Linux (Centos, Suse) and Solaris (X86 and Sparc). Other UNIX flavours can be supported also upon request.

Database independence

ADSS XKMS Server configurations and transaction logs are stored within a DBMS, however because of our use of Hibernate® technology, it is DBMS independent. We support SQL Server, Oracle, MySQL and PostgreSQL.

HSM / Smartcard Independence

Any PKCS#11 crypto device (i.e. HSM, smartcard or USB token) can work with XKMS Server to generate cryptographic keys, store them and utilise them within the secure device.

PKI independence

ADSS XKMS Server relies completely on open PKI standards so it can work with any CA, CRL issuer, OCSP server, LDAP repository and TSA server. We have taken away all the complexities of interoperability!