Gatekeeper Certified PKI
Gatekeeper Certified PKI (Australian Government)
Cogito Group has been involved with the Gatekeeper Framework from its inception, providing feedback on drafts as they progressed to released policy documents. Cogito understands Gatekeeper from both a customer and provider point of view. Multiple Cogito staff members were part of the team that designed and built the first system to gain Gatekeeper accreditation, which was the Department of Defence system. Cogito staff were integral in submitting the very first Gatekeeper accreditation back in 2006/7 for the Department of Defence. This system is also the largest PKI of any type in Australia, if not the southern hemisphere.
Cogito Group has also received the most recent Gatekeeper accreditation for its own PKIaaS. Cogito staff also led the Australian Taxation Office CA renewal as well as the addition of an RA accreditation in 2019, along with designing, building, and maintaining this system, which provides services to most of the Australian adult population. When Cogito Group’s own accreditation is taken into account, this means that Cogito Group staff have assisted three of the eight organisations that have accreditation to receive and maintain that accreditation. This includes the first and the most recent. Of these three, two are also the largest of all systems accredited under Gatekeeper by volume of certificates issued, active or by many other metrics. Cogito is also the only Gatekeeper accredited organisation that is accredited for all three services being the CA, RA, and VA.
Cogito Group is accredited as a High Assurance Registration Authority, Certification Authority, and Validation Authority under the Australian Government’s Gatekeeper Public Key Infrastructure (PKI) Framework. Gatekeeper is the gold standard for PKI compliance set by the Australian Federal Government. It includes a suite of policies, standards, and procedures regarding the use of PKI and Digital Certificates in Government. Cogito Group’s Gatekeeper certification demonstrates our commitment to compliance with Australian Government standards and will allow our Government Agency subscribers to continue to trust our integrity and authenticity as a service provider.
The Gatekeeper Public Key Infrastructure (PKI) Framework governs the way the Australian Government uses digital keys and certificates to assure the identity of subscribers to authentication services. Subscribers can include individual users, organisations, and devices, such as applications and computers. Gatekeeper is mandatory for Australian Government agencies using PKI to authenticate their clients through the use of digital keys and certificates issued by Gatekeeper accredited Service Providers. Gatekeeper ensures a whole-of-government outcome that delivers integrity, interoperability, authenticity, and trust for Service Providers and their Subscribers. Gatekeeper aligns the application of PKI to the way government agencies interact with their customers.
Cogito Group, as an accredited Australian Government Gatekeeper provider, offers a full range of PKI services to Government Agencies.
Registration Authority
Cogito as a Certified Registration Authority (RA) undertakes functions such as identity proofing and processes requests for new digital certificates, requests for renewal of digital certificates and requests for revocation of digital certificates.
Certificate Authority
Cogito as a Certified Certification Authority (CA) creates and issues digital certificates and Certificate Revocation Lists (CRLs). Digital certificates issued by the CA are digitally signed which binds the subject name (i.e. Subscriber identity) to the public key.
Validation Authority
Cogito as a Certified Validation Authority (VA) is a PKI management entity which can be used to check the validity and currency of digital certificates. A VA is typically used when certificate generation and certificate status services are managed by separate Service Providers.
Elements of a PKI
- Repository is a generic term used to describe any capability which may store or make available certificates, CRLs or Online Certificate Status Protocol (OCSP) services to Subscribers. CRLs and OCSP services are maintained by CAs or VAs which contain the validity and currency status of certificates.
- Subscriber also referred to as an End-Entity, Certificate Holder, or Key Holder that is issued a key pair and certificate which, depending on the rules outlined in its associated Certification Practice Statement (CPS) and Certificate Policy (CP), can be used to authenticate to online resources or digitally sign or encrypt electronic documents. Subscribers are responsible for protecting the private key and not disclosing it to others. Subscribers can be individuals, organisations or NPEs.
- Relying Party receives, verifies and accepts digital certificates.
- Certificate Policy consists of a set of rules that indicate the applicability of the certificate to a particular community and/or class of applications with common security requirements.
- Certification Practices Statement (CPS) describes the rules and operating practices which the CA will follow when providing digital certificate services. It may include a description of service offerings, detailed procedures for certificate life‑cycle management, operational information, legal obligations and financial liabilities.
- Subscriber (and Relying Party) Agreement is a document that explains the rights and obligations of a Subscriber (and Relying Party) in accepting, using and protecting a digital certificate and key pair. The person responsible for the certificate and key pair issued to devices or NPEs will typically sign the Subscriber Agreement.
