Agribank – One of the largest banks in Vietnam, partnered with SAVIYNT, a trusted expert in PKI, to successfully upgrade and transform its CA system. Additionally, nearly 6,000 user data keys were migrated, enabling Agribank to optimize digital certificate management while meeting the stringent security standards of the banking industry.
| Overview Industry: Finance – Banking Project: Providing an electronic signature authentication gateway and digital signature solution for Agribank Timeline: 2020 – 2021 |
Agribank and the challenge of upgrading the CA System
Established in 1988, the Vietnam Bank for Agriculture and Rural Development (Agribank) is the largest bank in Vietnam in terms of operational network, with nearly 2,400 branches and transaction offices nationwide. Agribank plays a crucial role in economic development, particularly in the agricultural and rural sectors, while also supporting businesses.
In recent years, Agribank has been actively enhancing its products and solutions by integrating advanced information technology, proactively adopting Industry 4.0 solutions to develop new services, expand convenience, and improve the quality of e-Banking services. The bank has also collaborated with fintech companies through strategic partnerships to develop electronic wallets, payment collection and disbursement services, and facilitate cashless transactions. At the same time, Agribank has focused on building and improving solutions to enhance the processing capacity of its core banking system. The bank has set an IT development strategy for the 2021-2025 period, aiming to develop digital products and distribution channels while ensuring the security and safety of its IT infrastructure.
To align with this strategy, Agribank has long made well-structured investments in its internal Certification Authority (CA) system. This system is responsible for managing digital certificates and is implemented to ensure the security and confidentiality of electronic transactions and internal operations. It provides essential functions such as issuing, managing, and revoking digital certificates for applications and users within Agribank.
Implementing an internal CA system has enabled Agribank to enhance information security, ensuring data integrity and authentication in electronic transactions while meeting stringent cybersecurity requirements in the banking sector.
Since 2010, Agribank had been using VeriSign’s CA, which later became part of DigiCert. After a decade, in 2020, Agribank needed to upgrade and transition to the latest recommended version to maintain system reliability. Additionally, the bank had to migrate cryptographic keys to a new Hardware Security Module (HSM), as the previous device had been discontinued and was no longer supported.
SAVYINT – A leading PKI deployment partner in Vietnam
SAVYINT is a specialist in digital signatures and electronic storage, consistently ranked among the Top 10 cybersecurity and information security enterprises in Vietnam for many years. Beyond providing Public Digital Signature Certification Services, SAVYINT also offers Timestamping Services (SAVYINT Timestamp) and Qualified Trust Service Provider (QTSP) solutions for digital signatures and electronic seals. Notably, SAVYINT is the only provider in Vietnam offering a QTSP Remote Signing solution.
As a reputable Digicert partner with extensive experience in PKI deployment for the financial and banking sector, SAVYINT implemented a comprehensive solution to support Agribank, including:
- Secure HSM Signing Devices: Deployment of Thales/Gemalto Luna Network HSM S700 for both Data Center (DC) and Disaster Recovery (DR) environments.
- Core PKI Software (Digicert): Implementation of RootCA, SubCA, CRL/OCSP, ensuring security and compliance for both DC and DR.
- Electronic Signature Authentication & Centralized Digital Signing Platform: Enabling real-time authentication and digital signing for both corporate and individual customers.
- Digital Certificate Registration & Management Portal (RA): Allowing Agribank customers to efficiently register and manage public digital signatures.
- Cloud Infrastructure: Deployment of HPE Cloud and HCI servers for DC and DR.
- Integration with the Core Banking IPCAS server system, the Customer Management and Business Contract Signing System (CMS), the e-Banking system, and other internal systems.
- Data Migration: Converting the existing RootCA database to Agribank’s new RootCA system, ensuring compliance with SHA-384 and SHA-256 encryption standards.
- E-Bank digital signing, B2B e-Transaction Signing, local signing, Internet Banking signing, Core Banking signing, Document signing.
Successful CA system upgrade and user key migration for Agribank
After extensive research and implementation, SAVYINT successfully ensured the CA system upgrade for Agribank, meeting the required timeline and quality standards. The electronic signature authentication gateway and digital signature system fully complied with both international and Vietnamese standards for digital signatures and electronic authentication, while also adhering to the banking sector’s regulations on electronic transactions and cashless payments.
Additionally, SAVYINT successfully migrated nearly 6,000 user keys from the outdated Safenet G5 USB tokens to the new HSM S700 system. The solution was also seamlessly integrated with Agribank’s e-Banking CMS, and IPCAS systems.
With its deep expertise and exceptional deployment capabilities, SAVYINT earned Agribank’s trust and continued to provide the WebRA software for digital certificate issuance management. This solution enables administrators to automate digital certificate (CTS) issuance, as well as efficiently manage certificate renewal and revocation.
