eaZyCert Through its eaZyCert solution, ZetesConfidens offers all the professional services needed to ensure that the complete process is managed with operational excellence and offers 100% security in terms of legal and data protection. Based on the specific needs of a company, ZetesConfidens can offer PKI service operations to align the company’s activities with eIDAS regulations. Registration services The creation of a trusted digital identity under the form of a certificate starts with the registration process. During registration, the data of the certificate holder is captured and its identity validated. Here ZetesConfidens acts as the Registration Authority (RA). As an alternative, the actual registration process can also be delegated to a Subordinate Registration Authority (SubRA). These can be companies, governments or organizations. Regardless of context, ZetesConfidens always oversees registration procedures and briefs the Local Registration Authority Officers (LRAOs) who act on behalf of the SubRA, about how to correctly register the requester of a certificate. ZetesConfidens provides the best-fit registration procedure in line with the level of assurance requested. For the highest level of assurance, ZetesConfidens offers tools and services to execute the registration face to face or remotely (eg. via a webcam integrated to a pc, tablet or smartphone), where a verification of the subject’s identity is based on an authoritative source (population register, national ID, passport, etc.) and if applicable, combined with an organization specific authentic source. As such, ZetesConfidens also provides the tools and services to enroll and register an identity by means of an electronic signature (aka QES). FACE TO FACE WEB BASED MOBILE Once the registration of a subject is completed and validated, the RA informs the Certificate Authority (CA) to issue the digital certificate. As a Trust Service Provider, ZetesConfidens certifies the linkage between the ownership of the certificate and the subject. The way certificates are issued and applied is made publicly available. ZetesConfidens provides provisioning services for PKI smart cards, PKI USB tokens and provides a PaaS solution for the provisioning of qualified certificates on HSM devices. Certificate issuance & provisioning services Certificate Validation Services During the lifecycle of a certificate, ZetesConfidens immediately publishes any change in the status of each certificate issued under its control. In this way, the recipient can validate the trust and maintain a link between the user of the certificate and its owner. This publication is done via: ⦁ CRL publishing: ZetesConfidens will publish via a regular schedule the certificate revocation data, ensuring that an accurate certificate revocation list (CRL) is always available. ⦁ OCSP responder: service for publishing the revocation status of a digital certificate, according to RFC 6960. During the lifecycle of a certificate it might become necessary to suspend or revoke a certificate. Suspension can be useful for additional security until the QSCD is handed to the certificate holder, or to allow subjects a grace period due to a security issue. Unlike suspension, revocation is irreversible. A revoked certificate is no longer valid and terminates a certificate’s lifecycle before it reaches its expiration date. Suspension or revocation is executed by ZetesConfidens approved staff, or by a legal representative of this function within the SubRA. ZetesConfidens operates a certificate stop call centre (24/7) to which a subject can call in case of a security incident. Suspension and Revocation Management Services Managed PKI As they allow companies to focus on their core businesses, SaaS and PaaS solutions have grown in popularity during the last decade and will continue to do so. The same is true of Public Key Infrastructures. In this case, we talk about Managed PKIs, which take away the burden of having to buy, establish, operate and protect an in-house infrastructure, as well as hire staff with the necessary knowledge and expertise to manage such complex technology. With eaZyCert, ZetesConfidens takes care of the entire lifecycle of your digital certificates. Key benefits of a managed PKI include: ⦁ Increased Efficiency ⦁ Improved Cost Effectiveness ⦁ Customizable ⦁ Scalable to your needs A strong and proven software solution Based on Primekey’s EJBCA Enterprise software, a renown open source IT-security software for Certificate Issuance and Certificate Management, eaZyCert is able to offer the highest levels of assurance in terms of stability and service continuity. Primekey is one of the world’s leading companies for PKI solutions and works hand in hand with Zetes to ensure full compliance with eIDAS regulations. Read more on the EJBCA Enterprise software QSCD provider In order to obtain the highest level of assurance in terms of electronic signature (a Qualified Electronic Signature), it is necessary that digital certificates are used in conjunction with a Qualified Signature Creation Device (QSCD). Such a device can be a smart card or a USB key, which acts as the carrier of the digital certificates. A QSCD can also be a HSM in the case of server signing. Zetes has a strong track record in the production and personalization of smartcards, e.g. the Belgian eID, which it has been producing since 2003. With a highly protected card manufacturing plant (ZetesCardS) and with a personalization capacity of up to 100,000 cards a day, Zetes is able to deliver high volumes combined with high quality and security levels. ZetesCardS is certified for ISO 9001, ISO 14001 and ISO 27001. However, as the trend towards dematerialization grows, businesses, organizations and governments are, whenever possible, trying to step away from physical documents and opting for fully digital solutions. In the e-signature world, this means server signing. In collaboration with Cryptomathic, a global provider of secure server solutions with over 30 years’ experience, Zetes offers, through the use of trusted HSMs, a versatile, cloud based solution. This allows banks, governments, telco operators, car rental agencies and other service providers to offer a smooth digital signing experience for the convenience of their clients. Offering both certificate management and the QSCD production and management under one roof is an advantage in terms of reduced possibility of interferences during data transfer. As an additional safety precaution, the certificate authority and QSCD production and management processes are, however, two complete separate divisions, each of which has dedicated offices and personnel. This ensures we can avoid anyone being involved with both steps in the production process.