PKI Infrastructures

Large infrastructures may require to run redundant servers in different data centers, while smaller infrastructures usually need to build a very cost-effective, yet robust, small scale PKI. In either case, a flexible PKI allows the use of both optional directory servers, OCSP responders, and other optional components that are used in different National ID PKI architectures.

PKI infrastructure architecture

The Root CA is the PKI's trust anchor and is commonly isolated from the rest of the system, sometimes even kept completely off-line.
The SubCAs are the Certificate Authorities that issue certificates to be put on the electronic IDs. Revocation information is optionally published through revocation lists (CRLs) to directory servers, or made available on-line using the On-line Certificate Status Protocol (OCSP).

PKI Architecture

Return to Electronic IDs

eID Solutions

PrimeKey and EJBCA PKI offer:

Complete solutions for issuance of National eIDs and other eIDs.
Effective National eID PKI.
Flexible PKI architecture.
Fast time to market & no hidden costs.
Experience & references.

Types of eIDs

EJBCA PKI is suitable for issuance of all types of electronic IDs:

National ID cards
Health cards
ePassports
Electronic visas
Digital tachograph cards.

PKI Infrastructures

PKI Architecture

The use of National eIDs

Some usages of National eIDs are:

On-line access to public sector services, e.g. on-line tax declarations.
On-line voting.
Automatic verification of biometric information stored on the ID (i.e. photo and fingerprints).
Access to health records.

PrimeKey in the Press

"Challenger brings home order from BGC

PrimeKey Solutions, a small Stockholm based company, has within a few years become a powerful competitor to the major IT security companies.
Its most recent customer is Bankgirot BGC..."