Other our websites
Social media
Contact information

Units 7 &9. Commercial Official Tower Number 37. Dr. Fatemi Street. Valiasr Street. Tehran. Iran

Postal Code







Comprehensive PKI Services

  • Certification Authority (CA)

Certificate issuing and revoking

  • Registration Authority (RA)

Registering and certificate request

  • Verification Authority (VA)

CRL services

  • Key Management System (KMS)

Secure Key life-cycle management



  • Includes embedded HSM with

FIPS 140-2 Level 3 Certificate

  • Secure key generation and key storage by HSM
  • Secure customized Linux in core
  • Internal Firewall and Proxy
  • Working with different security zone and network

Flexibility, Scalability and Reliability

  • Integration with other systems for
  • Integration by Web-Service and SDK
  • High Performance
  • High Available with redundancy and fault tolerance
  • Easy Administration and Configuration by command
  • Easy Maintenance and troubleshooting
  • Licensing features
  • New monitoring features
  • Power supply redundancy (optional)


  • Up to 32 Concurrent Connections
  • Certificate Issuing: 10 tps
  • CRL Downloading: 250 tps


Software Development Kit

  • J2EE and J2SE SDK
  • .Net Framework SDK
  • Web-Service API (SOAP)


Token and Smart Card

  • Certificate Issuing on all types of Token and Smart Card based on
  • Certificate Issuing on Iranian Tokens including ParsKey and KeyA3 without any driver
  • Direct issuing on IDin card


Hardware Security Module (HSM)

  • Includes embedded HSM with

FIPS 140-2 Level 3 Certificate

  • Embedded HSM 25/220/600 tps (1024 bit RSA signature/second)
  • Supporting various Network HSMs by PKCS#11 Interface (SafeNet, nCipher, Utimaco, Boll, etc.)


PKI Standards

  • RFC 5280

(X.509 Certificate and Certificate Revocation List (CRL) Profile)

  • RFC 4387

(X.509 Operational Protocols: Certificate Store Access via HTTP)

  • RFC 2396

(Uniform Resource Identifiers (URI): Generic Syntax)

  • FIPS 180-4

(Secure Hash Standard (SHS))

  • FIPS 140-2

(Security Requirements for Cryptographic Modules)

  • PKCS#1

(RSA Cryptography Standard)

  • PKCS#10

(Certification Request Standard)

  • PKCS#11

(Cryptographic Token Interface)

  • PKCS#12

(Personal Information Exchange Syntax Standard)


(Microsoft Cryptography API)

Physical Characteristics

  • Connectivity: 1 Gbps Ethernet
  • Dimensions: 426 x 450 x 44 mm
  • 1U Rackmount

Integrated system for issuance and management of electronic certificate

The certificate issuance center (CA) is the main part of public key infrastructure PKA having the responsibility for issuance, cancellation and management of electronic certificates, PKA-CA device has been designed for hardware and software management of CA System. This system can place some CA at the same time and to render different services for each of them. It can also support various trust models and CA Hierarchy including external root, internal root, external mid, internal mid as well as cross- certification and can be used online and offline. Inside this device the possibility for automatic publication of the cancelled CRL has been predicted as well.


Support of Hardware Security Module (HSM)

The internal HSM is for secure production and maintenance of private keys of CA which provides higher levels of security. In this system a system as Key Management System (KMS) has been provided that is responsible for full management of life cycle of keys including manufacturing, maintenance, providing, support, retrieving and transfer. Also for more security, for maintenance of support version of private keys, one special smart card is used. On the other hand this device can be connected to various HSM device sunder network based on standard PKCS#11.


Token Registration and Management System

This device is equipped with internal registration system (RA) which provides the possibility for definition of users and issuance of certificate for token and smart card. Through this system it is possible to request for certificate cancellation in case of token loss and theft. There is also capability for searching in the issued and cancelled certificates through this system. Besides this system, the software development kit (SDK) has been predicted by which it is possible to add certificate and token issuance to other software systems. By such method, the automation software of the customer by assistance of one software library can call the web services of PKA and takes action for obtaining the electronic certificate.

Connectable to other software systems

PKA device has been designed in a manner it can be connected easily to other software of the organization; by this device all the software systems can be equipped with PKI-enabling. For this purpose, various connections with this device have been predicted for development of software. This device can render its different services in context of web-services and has programming library (SDK) for two platforms of Net Framework and JavaJ2EE/J2SE. By these tools, the other software systems can be equipped with PKI- Enabling easily and in shortest possible time.




pka Having Patent Certificate from General Dept. of Industrial properties

Having confirmation of Security Lab of Informatics Industries Research Center under supervision of E-Commerce Development Center

Winner of 10th Sheikh Bahaei Technopreneurship National Festival

Equipped with HSM device having FIPS 140-2 Level 3 standard   











Download PKA-CA Product Brief


Our Customers