Other our websites
Social media
Contact information

Units 7 &9. Commercial Official Tower Number 37. Dr. Fatemi Street. Valiasr Street. Tehran. Iran

Postal Code







Comprehensive PKI Services

  • Verification Authority (VA)

CRL and OCSP services

  • Public Key Directory (PKD)

Certificate repository

  • Key Management System (KMS)

Secure Key life-cycle management



  • Includes embedded HSM with

FIPS 140-2 Level 3 Certificate

  • Secure key generation and key storage by HSM
  • Secure customized Linux in core
  • Internal Firewall and Proxy
  • Working with different security zone and networks


Flexibility, Scalability and Reliability

  • Integration with other systems for
  • Integration by Web-Service and SDK
  • High Performance
  • Easy Administration and Configuration by command
  • Easy Maintenance and troubleshooting
  • Licensing features
  • New monitoring features
  • Power supply redundancy (optional)

High Available with redundancy and fault tolerance


  • Up to 32 Concurrent Connections
  • OCSP Service: 500 tps
  • PKD Download: 3000 tps


Software Development Kit

  • J2EE and J2SE SDK
  • .Net Framework SDK
  • Web-Service API (SOAP)


Hardware Security Module (HSM)

  • Includes embedded HSM with

FIPS 140-2 Level 3 Certificate

  • Embedded HSM 25/220/600 tps (1024 bit RSA signature/second)
  • Supporting various Network HSMs by PKCS#11 Interface (SafeNet, nCipher, Utimaco, Boll, etc.)


PKI Standards

  • RFC 5280

(X.509 Certificate and Certificate Revocation List (CRL) Profile)

  • RFC 4387

(X.509 Operational Protocols: Certificate Store Access via HTTP)

  • RFC 5019

(The Lightweight Online Certificate Status Protocol (OCSP) Profile for High-Volume Environments)

  • RFC 2253

(Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names)

  • RFC 2396

(Uniform Resource Identifiers (URI): Generic Syntax)

  • FIPS 180-4

(Secure Hash Standard (SHS))

  • FIPS 140-2

(Security Requirements for Cryptographic Modules)

  • PKCS#1

(RSA Cryptography Standard)

  • PKCS#10

(Certification Request Standard)

  • PKCS#11

(Cryptographic Token Interface)


Physical Characteristics

  • Connectivity: 1 Gbps Ethernet
  • Dimensions: 426 x 450 x 44 mm
  • 1U Rackmount

Integrated System for Validation of Electronic Certificate

PKA device model VA, presents all the PKI services related to validation of user’s certificate all in one device. This device has provided different services including VA and PKD all in one device. This device is able to receive the files of cancelled certificate lists (CRL) from addresses of regulated publication point (CDP) in conformity with the mentioned schedules in the executive instruction document of certificate (CPS) and save it in itself. Then this device can present online inquiry services of certificate OCSP to the servers and internal software systems of the organization. As such there is no need for direct connection of different services of the organization to CA. Also this device is able to provide the standard data base of CA or PKD based on LDAP protocol. As a result any token or certificate of the user registered in the system, one copy of his certificate is saved in PKA device and if would be retrieved in case of any need in future by LDAP standard protocol.


Support of Hardware Security Module (HSM)

This device has internal HSM secure production and maintenance of private keys for signature of reply to online inquiry for certificate status (OCSP Signer) which provides higher levels of security. In this system a system as Key Management System (KMS) has been provided that is responsible for full management of life cycle of keys including manufacturing, maintenance, providing, support, retrieving and transfer. Also for more security, in order to maintain the support version of private keys, one special smart card is used. On the other hand this device can be connected to various HSM devices under network based on standard PKCS#11.




Connectable to other software systems

PKA device has been designed in a manner it can be connected easily to other software of the organization; by this device all the software systems can be equipped with PKI-enabling. For this purpose, various connections with this device have been predicted for development of software. This device can render its different services in context of web-services and has programming library (SDK) for two platforms of Net Framework and JavaJ2EE/J2SE. By these tools, the other software systems can be equipped with PKI- Enabling easily and in shortest possible time.

Rendering Durable and Reliable Services

This device has been designed in manner that several of the same can be used with load balancer in combination form. In such architecture, two or more PKA devices are connected to each other in form of Active- Active in order to support higher transaction and to have more resistant against the probable destructions. As such the processing power of the complex can be increased and higher confidence coefficient to be achieved as to fault tolerance. As far as security may concern, this device has met different tests and  enjoys different security due arrangement and has internal firewall and proxy.





pka Having Patent Certificate from General Dept. of Industrial properties

Having confirmation of Security Lab of Informatics Industries Research Center under supervision of E-Commerce Development Center

Winner of 10th Sheikh Bahaei Technopreneurship National Festival

Equipped with HSM device having FIPS 140-2 Level 3 standard   











Download PKA-VA Product Brief


Our Customers