1.

Overall system idea and goals

Overseeing digital certificates is a fundamental and, at the same time, a complex problem
for an organization while they desire to guarantee secure communication and data
authenticity. The negative consequences of expired certificates, improper certification
lifecycle, and existence of hostile certificates embrace significant security threats,
including data compromise and non-conformity with the laws and rules. For the same
purpose, the existing tools for certificate management are not user friendly, scalable, and
free from defects as they could not incorporate modern security features in them.

These concerns are met by AmnCert, an Artificial Intelligence based CMS for digital
certificates that not only manages certificates throughout their lifecycles but also
provisonalize and detect aberrations and non-compliances with GDPR, PCI DSS, and
SSL/TLS. It is meant to help manage certificates, allow administrators to be notified on
time and enhance security measures. By employing important features like self-renewal,
bad certificate detection, active notification system, and compliance, thus AmnCert will
be a comprehensive and evolving system to help improve the standards of security while
also improving the organization’s efficiency.

The proposed system contains features that offer an interface where the management of
certificates is effectively exercised by organizations. There will be insight, compliance
reports, alerts, and monitoring for certificate adoption among administrators. The AI
malicious certificate recognition feature allows the system to identify specific threats and
avoid certain opportunities for cyber threats. As built-in scalable and secure, AmnCert is
prepared to satisfy modern requirements for certificate management in the infrastructure
of the modern IT sector.
This context diagram shows how AmnCert system interacts with the outside world at its
highest level of detail. The main actors that will come into contact with the system will be
the Certificate Authority, the Monitoring System and the System Administrator. The
Certificate Authority (CA) fits into the set up to verify and issue certificates. AmnCert
system sends request to the CA for validation or for renewal of certificates it receives a
response containing the status that ensures secure communication and is compliant.

The Monitoring System is also used to provide real-time alert and log feed to the
AmnCert system for expiring or suspicious certificates. In return, the system passes on
information of status with respect to certificates and compliance data to the monitoring
system to enhance visibility to the right course of action.

The System Administrator is also responsible for handling the complex backend
operations including management of database, setting rules in the system and working on
the well-being of total system. The administrator communicates with the system to obtain
logs as well as performance results, in order to confirm that the system is running
correctly and to guarantee that it is meeting all regulatory guidelines.

Organized at the core of these interactions, therefore, is the AmnCert system that players
across the ecosystem interact with to truly automate or centralize all certificate existence,
review and compliance, and possibly, detection of unusual occurrences. It provides secure
 and effective operational environment and effectively communicates with its external
entities to guarantee the credibility and authenticity of the digital certificates.

2. Requirements Gathering

The requirements collection process of AmnCert was carried out systematically in order
to avoid ambiguities, omission as well as to check conformity with project objectives.
This process included requirements specification, documentation and verification: all of
these throughout the software development life cycle. Two primary requirements
elicitation techniques were applied: a survey and interviews.

The approach used for these techniques is provided in the table below.

1) Survey:

a. Introduction:

A qualitative research approach of questionnaires was used to interview participants who

work in the field of IT, cybersecurity, and digital certificate management. The purpose of
the study was to establish key necessities, issues, and anticipations concerning the
AmnCert system. The survey was participated by 150 participants.

b. Methodology:

We conducted the survey using Google Forms which consisted of the following:

 5 Multiple-choice questions
 4 Checkbox questions
 2 Open-ended questions
 2 Scale 1-5 rating questions
 2 Yes/No questions
The survey was conducted through emails, LinkedIn, and through professional forums
and was available from 01st September 2024 to 15th September 2024. In essence, three
out of ten e-mails took seven minutes on average to elicit a response.

c. Summary:

As per the current participants:

 Recognizable risk: expired certificates (82%).

 74% stressed for Real-time notification and Alert features.
 69% underlined the use Of AI-based tools on alert over anomalies in certificates
for malicious activities.
 63% of them reported issues around compliance in place such as GDPR or PCI-
DSS.

(A summary of survey results are presented in Appendix.)

2) Interviews:

As for the quantitative data collection method, we ran a 20-minute focused interview to
Dr. Mohamed Elhadad on September, 15, 2024. Dr. Elhadad is a professor in information
security and cybersecurity, teaching at Abu Dhabi University as a lecturer in network
security and digital certificate organization.

The primary goal of the interview was to receive more detailed information on some
technical issues, the approach used by some companies to address the issues and do it in
compliance with the requirements of different legislation.

Key insights from the interview include:

 Certificate Management Automation: The requirements for the automation of the

certificate life cycle (creation, renewal, and cancellation) are rather obvious –
computerization allows avoiding mistakes and keeping the process as productive as
possible.
 Real-Time Monitoring and Alerts: The systems must be able to alert in real time about
expiring or otherwise compromised certificates that may cause disruptions.
 AI Integration: The solution that is based on AI technologies can help enhance
security greatly because it addresses the issue of anomaly detection of certificates.
 Compliance Reporting: To account for compliance, organizations need clear,
automated reports of compliance adapted to the standards such as GDPR and PCI-
DSS.

It was from these findings that important changes to the intended design and roll out of
the AmnCert system could be achieved.

3) Benchmarking with other systems:

In this study, we also compared AmnCert with other presented certificate management
systems concerning their main features, capabilities, and drawbacks. The rationale for the
study was to determine the revealed strengths and weaknesses in the competing systems
and put AmnCert in perspective.

Similar tools available in the market contain mostly partial solutions, they do not support
AI for anomaly detection, or real time alerting, or total compliance reporting. But while
some tools are designed to cover the automation of certificates, these do not address
choices like predictive key rotation or audit features.

The comparison results are summarized in the Table below:

3. Requirements Specifications
3.1 System Stakeholders
The main actors for the AmnCert system are as follows:
a) Certificate Authority (CA):
Certificate Authority is one of the important entities which is involved in
certification path validation and issuance of certificates. They tell whether the
certificate being used is authentic and reliable within their life cycle. The CA
communicates on the system to accept or reject requests for the certificates or
to request renewal.
b) Monitoring System:
 The Monitoring System is an external system that offers real time alert and
logs to the AmnCert system. It helps the system to notify the system
administrator of expired certificates, special situations and possibilities of the
security threats. still, it obtains new certificate status and compliancy data
from the system to facilitate easy monitoring.
c) System Administrator:
This position also supervises the organizational and administrative aspects of
the system and controls the user access to the system, monitors performance
and usage and enforces relevant guidelines. The administrator is also
responsible for managing all the databases, backup of the systems as well as
providing routine updated to make the system to be secure and effective.

3.2 User Requirements

Certificate Authority (CA):
 The CA is involved in making sure that certificates are given, verified, and
recalled through the system.
 The CA must be able to ensure that certificate requests of requests that
originate from the system are genuine.
 The responsibility of the CA is that it should provide new certificates on
request and make sure the issued certificates are secure.
 The CA should cancel improperly issued or expiry certificates as required by
the system.
 The CA must have a communication channel secure from tampering or other
forms of unauthorized access with the system.
Monitoring System:
 The monitoring system however makes it possible to be informed in real time
about the certificates and compliance status.
 It also means that the monitoring system should be able to notify real-time
provided certificates are expiring.
 It should inform the system of any suspicious certificates or anything that the
system regards as unusual within the certificates’ life cycle.
 It should be able to offer compliance updates and the status of certificate to the
monitoring system for tracking.
System Administrator:
  The System Administrator assures that all the activities are being run
proficiently and are protected.
 The administrator must have the overall responsibility of managing the
certificate database and make changes on the issued, renewed or revoked
certificates.
 The administrator should backup the system frequently and should ensure that
the System is available.
 The administrator is accountable for system wellbeing and if it runs smoothly
in order to avoid interruptions.
 The administrator should be able to set or influence the level of access
controls, and then control other actors based on their roles.
 The administrator should monitor audit logs as to security and compliance.
 The administrator must be able to manage the certificate database and update
records for issued, renewed, or revoked certificates.

3.3 Functional Requirements

1) Certificate Lifecycle Management
 FR-1: Security aspects of the entire communication must include
certificate generation, upgrade, cancellation, and time schedule.
2) Automated Certificate Renewal
 FR-2: Users have to be informed about certificates expiring within a
certain number of days (Let say 30 days) of their expiration through the
system.
 FR-3: It has to renew some of these automatically to minimize oversight
within the system.
3) Malicious Certificate Detection
 FR-4: The system must apply AI models to identify certificate metadata,
and, for example, highlight an enormous number of issuers or a low-grade
encryption algorithm.
 FR-5: For managerial action to be taken, alerts have to be created for all
the flagged certificate.
4) Role-Based Access Control (RBAC)
 FR-6: RBAC policies should be conducted in the system so that the
administrators could define roles and access control rights.
  FR-7: Specifically, it required only the authorized users to access the
sensitive certificate operations.
5) Compliance Monitoring and Reporting
 FR-8: The system has to track recognizable compliance requirements such
as SSL/TLS, GDPR, and PCI DSS.
 FR-9: For audit purposes, the system needs to produce compliance reports
that contain specifics.
6) Alert and Notification
 FR-10: In addition, the system should include notification for certificates
that are about to expire, potentially malicious or non-compliant
certificates.
 FR-11: They have to be delivered by email, SMS notification or any kind
of notification that could be received on the dashboard.
7) Comprehensive Audit Logging
 FR-12: It also must record all certificates-related operations and any users’
actions.
 FR-13: It means that logs have to be available when it comes to audit and
compliance.
8) Certificate Discovery and Inventory Management
 FR-14: The system has to perform periodic sweeping of networks, in order
to detect the current status of which certificates are active (public, internal
and subdomains).
 FR-15: It was mandatory that the system would keep a clear record of all
the certificates to ensure its visibility.
9) Report Generation
 FR-16: The system has to analyse usage and compliance of certificates,
and identify threats to the system.
 FR-17: Exporting should definitely be possible in formats such as PDF and
CSV.
3.4 Non-functional Requirements
1) Security
 NFR-1: For data at rest, the system must employ AES-256 such that for
data in motion, the TLS protocol should be used.
 NFR-2: RBAC has to be adopted and MFA to ensure that only the
authorized persons can get access to the system.
 NFR-3: There is need to ensure password policies that provide only strong
and different passwords.
2) Reliability
 NFR-4: There are important functions, for instance, automated renewals,
which should have high availability when supported by the system.
 NFR-5: The system has to be able to identify and manage failures,
guaranteeing their work’s smooth running.
 NFR-6: Contingency plans for data recovery also have to be provided for
the purposes of back up.
3) Availability
 NFR-7: Many functions related to certificate management will need to be
run within the system and for this reason, the system has to be on round
the clock.
 NFR-8: Maintenance downtimes can only occur occasionally and
preferably after giving a prior notice.
4) Usability
 NFR-9: The system should have a well formatted GUI for the user and the
user should be able to perform operations at most within thr3 clicks.
 NFR-10: The structure must be thoroughly evident and guide the user with
apparent interface uniformity.
5) Performance
 NFR-11: Certificate status checks, renewals or revocation must be
completed in less than 5 seconds.
 NFR-12: The system must operate for 1000 active users at least not slow
down its operation.
6) Scalability
 NFR-13: The system also need to accommodate thousands of certificates
due to increasing organizational requirements.
 NFR-14: Extra servers or services cannot pose problems in integration
during scaling.
7) Maintainability
  NFR-15: The process must be able to be updated often, corrected if the
need arises and be expandable in case new components are added.
 NFR-16: Entries should contain enough information which would help
address problems facing such a system.
8) Integration
 NFR-17: The system also needs to work with other security systems like
SIEMs, firewalls and others for management from one location.
9) Data Integrity
 NFR-18: Records in a database have to be broken down to a level where
modification is only allowed through authorized personnel only.
3.5 System Requirements

1. Compatibility:

AmnCert should also work on all popular browsers like Chrome, Firefox,
Safari, and Edge and should be easily integrated with most of the CA and
monitoring tools. It also has to be usable in cloud and on-premise solutions
due to the various requirements of different organizations.

2. Hardware Requirements:

The system should be able to be installed on a server with a minimum of

8GB RAM, multi-core processor preferably Intel Xeon standard, adequate
disk space in view of large certificates repositories and logs generated
routinely. The server must be capable of providing a high-speed network
because the systems must be integrated with other external systems such as
Certificate Authorities and Monitoring Tools.

3. AI and Automation Support:

Another should be AI related functionalities including anomaly detection,

automated certificate renewal, key rotation among others. This implies the
utilization of the complex machine learning libraries, and architectures
(i.e., TensorFlow and PyTorch), alongside confirming the conducive
infrastructural requirements to support computational complexity.
 Moreover, the system requires having safe mechanisms for integration
with other tools and services through the API.

4. Security Features:

It must be scalable to accommodate support for strong cryptographic

solutions (AES-256 for storage and TLS 1.3 for transmission). It should
also provide the compatibility of the HSM to store keys securely and
should have features that will meet the regulations.

5. Scalability:

The AmnCert system should be usable by organizations possessing

certificate inventories on the order of 100s to 10000s+, integrated
smoothly as the size of the cert inventory grows. It must also be designed
to work with cloud platforms so as to facilitate elasticity of resources
required for application.

3.6 Structured Natural Language

3.7 UML Use Case

It shows on the left (main users) how they are able to access the System,
interact and receive the final output. The admin can initiate the certificate
renewals and the requests are sent to the Certificate Authority. The Certificate
Authority can validate the certificate renewals, and upon generating audit logs,
the reports are sent to the admin. Likewise, the monitoring system oversees the
renewals and notifies the admin. The UML Use Case is presented in Figure __.