Home Original page

EMV Certificate Authority | Lifecycle management of EMV CA and EMV Issuer certificates

This site uses cookies for analytics. By continuing to visit this site you agree to our Cookie Policy

EMV CA

Lifecycle management of EMV CA and EMV Issuer certificates

  • Issue certificates
  • Export certificates
  • Revoke certificates
  • Export CA CRL
  • Export Issuer CRL

Multiple Certificate Authorities

Multiple CAs

EMV CA can accommodate CA hierarchies of large enterprises and support CA functions for each country or sub-region.

Secure Administration

EMV CA is operated under dual control where users sign in using FIPS certified smart cards with defined roles as Administrator, Operator or Auditor. No single user can get full access to the system.

Secure Administration

Audit Logs

Auditing

EMV CA provides tamper evident audit logging. The audit logs are chained and integrity protected.

Hardware Security Module

All sensitive cryptographic operations are performed in FIPS 140-2 L3 certified hardware security modules (HSMs).

System Architecture - On Premise

EMV CA server is managed through an administration client that provides graphical user interface. EMV CA Server communicates with the administration client only over mutually authenticated and encrypted network connection. The EMV CA server accesses the HSM where sensitive key material is stored for issuing the certificates and several HSMs can be utilized for high availability and disaster recovery. The issued certificates are stored in the database.

On Premise Solution

System Architecture - Cloud Option

Reduce your investment cost by utilizing Thales Cloud HSM. You don’t need to own HSM appliances, as Thales will manage the appliances for you and you'll still have solo control over your key material. The data centers that host the HSM service are certified to ISO27001 and PCI-DSS. The service is certified to ISO27001, SSAE16, and SOC2 and utilizes Luna FIPS 140-2 Level 3 certified HSM appliances. The data centers are located in Frankfurt, Ottawa and Dallas. The service includes SLA, 2 factor authentication, build-in high availability and automatic backup.

Cloud Solution

Technical Specification & Services

Certificate Formats

EMV Visa

EMV MasterCard

Certificate Requests Formats

Visa

MasterCard

Certificate Revocation Format

EMV


Key Management

All CA keys are hardware protected

Hardware Security Module

Thales Luna HSM

Thales Cloud HSM

Operation System

Windows Server

Linux

Database

MsSQL

H2 SQL


Second Factor Authentication

FIPS certified smart cards

Operational Features

Audit logs are MAC protected and chained, and securely stored in Database

Maintenance & Support

Standard, 8x5

Professional Services

Onsite or remote support for building the infrastructure