Information Security Corporation (ISC) specializes in the design and development of standards-conforming conventional and public key encryption and authentication software. For three decades, ISC has been an industry leader in encryption and Public Key Infrastructure (PKI). In today’s world, the need to authenticate and authorize users, servers, and devices is more important than ever. ISC is trusted by numerous federal and commercial clients for our expertise in the field and offers implementations of all popular cryptographic algorithms.

ISC’s Mission:

to develop and market PKI credential management tools and security applications based on the well-established cryptographic standards for authentication, confidentiality and information sharing

  • CertAgent

    NIAP Approved Certificate Authority, CertAgent, is the only product on NSA’s Commercial Solutions for Classified (CSfC) Program Components List. CertAgent issues RSA and ECC version 3 certificates and CRLs. CertAgent supports multiple external LDAP repositories and clustering for load balancing and high-availability. It allows remote administration and manual or automatic processing of certificate requests submitted via browser, or e-mail, or via secure RMI from a remote registration authority. Its HTML/Java RMI-based technology is easy to customize and maintain. For Windows, Linux, and Solaris.

    CertAgent 7.0 includes an integrated OCSP responder and supports:

    • RSA and NIST/NSA Suite B-compliant ECC keys and certificates
    • one or more registration authorities, including ISC’s own CCMS, via EST (RFC 7030) or a powerful, proprietary REST-based API
    • PacStar’s IQ-Core Software

    CertAgent is well known for its ease of installation, configuration, administration, maintenance, and use. It may now be run in NIAP-compliance mode on 64-bit Windows Server (release 2012R2 and above) and on CentOS (release 6 and above).

  • Acala™

    Acala is a software HSM emulator that acts as a universal key store as well as a cryptographic service provider. It

    • maintains a central repository for private keys and X.509 certificates, and
    • provides a secure environment for cryptographic operations.

    Authorized applications run on the Acala host access its services via an industry-standard PKCS#11 API.

  • Centralized Credential Management Servlet™ / CCMS™

    CCMS is an X.509 registration authority with integrated CMP-based enrollment, key escrow, and recovery services. It provides separate administrative and end-user web interfaces.

  • Central Key Generation Library (CKG)

    CKG is a linkable library of routines that can be used to instrument CertAgent or a third-party X.509 certificate authority. It supports the automation of PKI enrollment (keypair generation/PKCS#10 submission/certificate retrieval) via CMP, as well as credential archival activities (with or without private key escrow). Included are methods for generating RSA keypairs and creating/parsing PKCS#10 certificate requests, PKCS#7/#8/#12 PDUs, certificates, and certificate chains. It can generate and submit enrollment, certificate revocation, and credential recovery requests to a CMP server (e.g., CCMS) via TCP, HTTP, or HTTPS. Critical cryptographic operations may be performed in software (using ISC's FIPS 140-2 validated CDK) or on an auxiliary HSM (via PKCS#11).

  • Bagala™

    Bagala is a web service (based on REST over HTTPS) that allows applications to freely download (authenticated) data objects, but only grants upload rights to authorized administrators. Although the initial release is limited to the client-driven provisioning of proprietary configuration settings for ISC products, the product is capable of storing arbitrary data indexed by a DN (and attribute name) and therefore behaves like a generic data store with strong access controls on writes but not on reads.

  • Dhuma™

    Dhuma is an OCSP server designed to deliver optimal performance, high availability, load balancing, and management simplicity. Fully compliant with IETF Standards, Dhuma can be provisioned with CRLs manually, or via HTTP/HTTPS and LDAP/LDAPS. Dhuma periodically polls specified repositories to obtain CRL updates on a customizable schedule; CRLs are stored in a central database that can be accessed by all Dhuma servers in a cluster.

    • easily-managed web application that runs on commodity hardware
    • highly configurable, providing administrative control over nonce handling, unknown response generation, cache settings, response validity periods, and CRL polling frequency
    • supports software-based signing credentials and HSMs (for improved performance and security)
    • supports clustering for high availability and scalability (i.e., load balancing)
    • designed, developed, and supported by ISC staff located in the U.S.
  • Tara™

    Tara facilitates the automated provisioning of servers (and the applications they host) with PKI credentials and trust chains. Leveraging existing ISC web services (Bagala and CCMS), Tara administrators can centrally manage and deploy server and application credentials as well as common trust anchors throughout an enterprise. Once installed on a host, Tara periodically downloads and installs updated trust stores from a central server. Tara also manages the host’s PKI credentials, automatically handling scheduled key rollover events and reconfiguring relying server processes to use updated keying material.

    Tara is particularly useful in the automated provisioning of virtual servers as they come online in the cloud. When a new VM host instance is launched, Tara automatically interfaces with Bagala and CCMS to obtain that VM’s credentials and trust chains. When the VM is terminated, Tara informs CCMS that the host’s credentials are no longer in use.

    Tara’s flexible plug-in architecture allows admins to deploy management scripts specifically targeted to their particular network and PKI ecosystem. Template scripts for the most popular web service platforms are provided. Tara supports pooled certificates, short-term certificates, and normal certificates with revocation.

  • Credential Management Utility™ / CMU™

    CMU is a scriptable X.509 credential management utility that allows system administrators to automate many common PKI maintenance tasks that end users often find very difficult to perform manually. Currently available only for Windows.

  • CSP

    An operating system-agnostic virtual smartcard with an integrated, portable credential store and PKCS#11, Java, and CAPI interfaces that make its keys and cryptographic operations available to all applications (including CAPI- and non-CAPI-aware browsers). Its graphical user interface simplifies the PKI experience for end-users, allowing credentials to be moved effortlessly between workstations and obviating the need to replicate keys across independent applications. Its command line interface allows security officers to automate PKI enrollment, key rollover, and credential backup operations, among other tasks. Providing superior protection for private keys, it overcomes the password change/reset issues that plague IE and Mozilla. Optional DAS support provides access to role-based signing and 'community of interest' decryption services. For Windows, Linux, and Solaris.

  • SecretAgent

    ISC's premiere file encryption utility. Provides file and e-mail confidentiality as well as sender and message authentication. For Windows, Windows Mobile, Mac OS X, and all popular UNIX platforms.

  • SpyProof!

    The perfect tool to secure data on your local PC or notebook. Creates sharable, AES-encrypted, virtual drives on your local hard disk or on a remote server. Also allows you to secure and distribute sensitive data stored on all types of removable media, including CDs, DVDs, zip disks, SD and compact flash cards, and memory sticks. Currently available for Windows only.

  • DAS™

    A Java servlet that performs cryptographic operations on behalf of authorized users. DAS may be used for secure collaboration within a community of interest with a dynamic membership roster. It also enables role-based signing and other private key operations. When used with the CSP virtual smartcard, it can be accessed from within any security-enabled application on any platform.

  • Cryptographic Development Kits (CDKs)

    For developers wanting to add security to their mission-critical applications, ISC's CDK offers FIPS 140-2 validated implementations of today's standard cryptographic algorithms in the form of linkable libraries. For Windows and all popular UNIX platforms.

  • SecretAgent APIs

    Embed fully SecretAgent-compatible, file- or buffer-based cryptographic operations into your own applications. Provided as a DLL or shared library, SA5API packages are available for Windows and all popular UNIX platforms.

  • SecretAgent CLI

    This command line executable version of SecretAgent offers nearly all of the features of the standard GUI-based product plus additional capabilities that are more suitable for scripting and use by unattended server processes. Supports pipes to perform all cryptographic operations in memory. Spawning the SA6CLI from within your own application is typically simpler than linking against a SA6API library. For Windows and all popular UNIX platforms.