CipherNET^®

High Assurance Certification Authority

Some situations demand the most trusted certificate management infrastructure in their ability to verify the identity, authority and integrity involved in each transaction. General Dynamics' CipherNET provides the highest level (Class 4) certification authority solution available, utilizing trusted platforms and design methodology.

CipherNET superior capabilities include the following:

• Class 4 and Class 3 certificate management
• High assurance security architecture
• Trusted Software Design Methodology (TSDM)
• Trusted operating system
• Scalability
• Flexibility and tailorability
• Dual key operation and multi-party control (CA Keys)
• One time entry of user registration information
• Optional role-based (organizational) certificates
• Support for multiple security policies
• Support for distributed environments
• Simultaneous support of v1 and v3 X.509 certificates
• Ease of use

These features ensure the highest-level of government standards are met in authentication, privilege and access control, privacy and confidentiality, integrity and non-repudiation services. This means CipherNET can be trusted to create policy, validate, approve, issue, and manage digital certificates via the Certification Authority Workstation (CAW). In addition, CipherNET allows the creation of either an individual's certificate or role-based (organizational) certificates that can be sent by an individual on behalf of an organization.

back to top

CipherNET^® Certification Authority Workstation (CAW)

The General Dynamics CipherNET CAW provides the most dependable cryptographic certificate and token management capabilities for use with ISO and MISSI public key certificate standards.

Designed using Trusted System Design Methodology (TSDM) guidelines, the CipherNET CAW validates every request before a certificate is created. Its dual key operation and multi-party control greatly enhances the product's ability to protect certification authority (CA) keys. Key recovery mechanisms are maintained through integral user and certificate databases. Private user information is kept safe and stored. A flexible infrastructure adapts to support the authoritative configurations of:

• Policy Approving Authority (PAA)
• Policy Creation Authority (PCA)
• Certification Authority (CA)
• Indirect Certificate Revocation List Authority (ICRLA)

The configuration can be tailored to specific hierarchical certificate management infrastructure requirements and also integrated into hierarchies.

Highly Secure Environment

Whether sending a message across the room or around the world, CipherNET CAW is the right solution for providing maximum security levels in highly sensitive communications environments. Its hardware-based, high-integrity signing engine is capable of managing both PCMCIA cards and software tokens.

The CAW validates every request before a certificate is created to ensure the privilege profile of the CA issuing the X.509 certificate. It also specifies whether the system operates with single or multi-party control over access to user PINs and the private keys it stores. Private user information is stored safely in the CAW integral user and certificate databases. Key recovery mechanisms also are maintained through these same databases. In addition, audit capabilities are available.

Easy to Use

CipherNET CAW is extremely easy to use. Data is entered only once, even when creating multiple certificates for a single user. Templates can be made as general as needed, so they can be retrieved and used to record a number of end users who are supported by the CAW. Certificates can be retrieved from the database -- thereby eliminating the need to retype certificate information.

Compliance and Certificate Management

CipherNET generates, supports, and maintains certificates that comply with both v1 and v3 X.509 formats. It also generates v1 Certificate Revocation Lists (CRLs) and Compromise Key Lists (CKLs) for legacy v1-based systems, v2 CRLs, and v3 Indirect Certificate Revocation Lists (ICRLs). In addition, it posts X.509 certificates, CRLs, ICRLs, and CRLs to the directory server. Furthermore, the CAW creates certificate templates that profile standard privileges contained in the X.509 certificate.

(Note: v3 certificates contain labels that specify the level of trust dictated by the certificate and security policies. The features allow applications to restrict access to information based on these labels.)

back to top

CipherNET^® Versions and Platforms

CipherNET CAW 5.0

CAW 5.0 provides the same high assurance, flexible, easy-to-use product as the CipherNET CAW 4.x, along with enhanced database capacity and faster processing times. CAW 5.0 is available in a Desktop or Laptop platform using the powerful Sun® UltraSPARC™ with the Trusted Solaris™ operating system. The Laptop is ideal for tactical operations.

CipherNET Registrar

The Registrar offers a cost-effective, integrated alternative to dedicated CAWs for the distribution of workload. The Registrar efficiently processes user registrations from additional or remote locations using a standard Microsoft Windows® NT-based system. Data security and authentication for the Registrar are provided by a PCMCIA hardware token. This ensures the Registrar has the highest level of cryptographic protection available today.

For More Information

If you would like more information or need Technical Support, please contact us caw-support@gdc4s.com or call 800-825-4813, DSN 644-1139, local 410-850-8316.

back to top