PKIntegrated adds key, certificate and token lifecycle management capabilities to NetIQ Identity Manager. This improves enterprise security and enables many new business processes that significantly increase productivity.
Digital certificates are an important tool for email encryption, smart card authentication and many other security applications. They enable the secure transfer of a physical identity into a digital one. Digital certificates are usually issued by a trusted certification authority (CA). The entire infrastructure of CA, registrars, and other components is referred to as Public Key Infrastructure (PKI).
PKIntegrated by cryptovision is a powerful PKI solution. It is used by more than 100 companies worldwide. PKIntegrated is integrated into the identity management system of NetIQ. When a new identity is generated, a new digital certificate is automatically created. Other events (e.g. change of name or termination of an identity) also have a direct impact on the digital certificate.
PKIntegrated was developed as an add-on for an identity management system, so it does not need its own database. Also directory service, user administration, registration, back-up and workflow functions do not have to be recreated. This architecture enables maximum interoperability between identity management and certificate management and enables lean, cost-saving PKI operation.
Since PKIntegrated takes over management functions from the identity management system, cryptovision can concentrate on its core competencies cryptography, PKI, and token integration. PKIntegrated therefore supports a wide range of modern functions such as auto-enrollment, multi-client capability, card management, certificate management via LDAP and key roaming.
What is a PKI?
Private and public keys play a major role for authentication, encryption, and digital signature. However, a private/public key pair is only of use if it is bound to a digital identity (this can be a person or a device). This binding is achieved with a digital certificate. A Public Key Infrastructure (PKI) is the entire combination of components and processes necessary for managing digital certificates.
Typical parts of a PKI include the certification authority, registration authorities, a certificate repository, and PKI applications. Every PKI is a unique and individual infrastructure. The differences between PKIs may be considerable, depending on applications, size, security requirements and many things more. For instance, a corporate PKI considerably differs from a PKI used for electronic identity (eID).
Even in an eID environment a PKI fulfills different tasks. PKI functionality not only enhances the security of eID cards, but also enables additional applications like card-based digital signatures or secure web authentication. In addition, many document verifying systems use private keys to authenticate against the card chip, which involves a number of special PKI standards.
What applications can I realize with?
- Disk encryption
- WWW login
- system login
- VPN login
- secure WiFi
- secure e-mail
Who uses PKIntegrated?
PKIntegrated is used (among others) by the following customers:
- Centrelink: Uses PKIntegrated for digital certificates for employee badges.
- Metropolitan Transportation Authority of the State of New York (MTA): Uses PKIntegrated for digital certificates for IDM.
- Toyota: Uses PKIntegrated for digital certificates for device authentication.
- NetIQ Identity Manager
MODULES, BASICS, KEY FEATURES, COMPARISONS
PKIntegrated contains the following modules
- CA engine: This is the core component, responsible for generating and signing digital certificates (according to RFC 5280 and X.509v3). The CA engine uses one or several keys, which can be stored on a Hardware Security Module (HSM) for higher security. An HSM is a specialized hardware component, which ensures that the CA keys are not compromised. PKIntegrated supports HSMs via PKCS#11. In addition to RSA it also offers ECC algorithms as specified in the NSA Suite B standard.
- IDM connector: A dedicated IDM driver realizes the connection between the CA engine and the IDM system.
- Administration interface: PKIntegrated is administered via a plug-in in the administration framework of the underlying identity management system.
- OCSP responder: This component accepts requests asking for the validity status of a certain digital certificate and replies with a valid or non-valid information. It supports the OCSP protocol as described in RFC 2560.
PKIntegrated is a high-end certification authority (CA) software. In contrast to other CA products, it is realized as an add-on for an identity management system which consolidates identity and certificate management. PKIntegrated is designed to meet high security requirements, complying with all relevant industry standards, including X.509, PKIX, OCSP, and SCEP.
Lean Solution by Integration
PKIntegrated works directly on the user objects of the underlying identity management system and reuses the existing administration interface. It neither needs a separate user database nor an administration interface of its own. This approach makes PKIntegrated lean and cost-effective.
All major identity management systems feature flexible registration capabilities – including manual enrolment, bulk registration, user self service, and automated provisioning. As PKIntegrated is integrated into an identity management system, all supported registration scenarios can be applied for PKI enrolment. This makes PKI user registration highly flexible.
Use of Other IDM Features
Identity management systems usually offer electronic workflow support, sophisticated back-up mechanisms, log data collection, and other useful features. PKIntegrated can be configured to leverage all of them. This makes PKIntegrated highly adaptable without requiring cumbersome infrastructure.
PKIntegrated provides fully automated certificate lifecycle management. Certificate generation, certificate renewal, and certificate revocation can be configured to require no administrator or user interaction.
PKIntegrated enables the creation, revocation, and renewal of digital certificates via an LDAP interface. Using this feature PKIntegrated can be connected to virtually any external system.
PKIntegrated can be used to operate several CAs with different keys and different policies in one system. Different technical users can access the installation with different personalized accounts.
- Connectors to virtually any data vault
- Logging via NetIQ Sentinel
- Smart card support
- Hierarchies, SubCA
- X.509 and CV
- ECC and RSA
- HSM, dual security
- Role-based administration
- Certificate based login
- Workflow, signed approval
- eDirectory integration
- Comprehensive role management
- Flexible profiles
- Easy regionalization
- Key Recovery
Overview of our products
Do you have questions? Feel free to contact us!
Do you have questions about one of our products or solutions? Don't hesitate to contact us.
We're happy to support you!