A growing number of companies and government agencies looking to streamline their business workflow are now transitioning to electronic document management.
The backbone of electronic document management systems are electronic signatures and public key certificates designed for verifying the signatures.
Today, digital certificates are widely used for managing remote banking services, submitting tender documentation via electronic platforms, and maintaining security in the Internet of Things (IoT) and automated process control systems (APCS).
Proper, clever, and secure use of digital certificates is an important prerequisite for smooth operation of a majority of modern organizations.
The cornerstones of digital certificate management are specialized technology solutions that are commonly referred to as Public Key Infrastructure (PKI). PKI is a set of software and hardware tools that can perform a full range of digital certificate operations.
Stringent criteria are in place for the security of the key PKI components (for example, certificate authorities and tokens). Security requirements are usually stipulated by national and international cyber security regulations.
However, companies have to use PKI components from different manufacturers to address their corporate needs. Moreover, digital certificates may be issued by different certificate authorities, both internal and external (most notably, this is true for accredited certificate authorities that can issue qualified certificates for electronic signatures).
If you don’t have a centrally managed PKI service in place, you are bound to face a number of issues, such as unaccounted tokens and excessive workload required for PKI operation and maintenance. And this can make your PKI solutions and electronic signatures much less effective.
However, all these issues can be addressed by deploying a comprehensive PKI management system. A PKI system should be able to perform the following tasks:
- Centralized monitoring and control over the use of PKI components
- Digital certificate lifecycle management, regardless of the issuing public key authority
- Controlled use of PKI tokens from different vendors
- Self-service tools for corporate users enabling them to manage their own PKI tokens and certificates
- Automation of routine operations for certificate authorities responsible for issuance, revocation, and renewal of digital certificates.
The Indeed Certificate Manager (Indeed CM) platform is a specialized category of IT solutions based on a combination of multiple classes of solutions:
- Public Key Infrastructure Management (PKI Management)
- Card Management System (CMS)
- Software Digital Certificate
The Indeed CM platform draws on our company’s long-term expertise in the development of information security products, specifically those that have to do with access management.
It is a software and hardware suite relying on a centralized policy for digital certificate management, controlled use of PKI tokens, and PKI status monitoring.
The key advantage of Indeed CM is that it supports a wide range of software and hardware produced by different vendors and designed to ensure proper operation of the PKI infrastructure.
With client web applications, digital certificate users and owners of electronic signatures can view their certificates and PKI tokens, check the validity of such certificates, and notify PKI administrators and operators about important events. In addition, web apps can be used by owners to revoke and renew their certificates and tokens without involving PKI administrators and operators.
The administrator and operator console is a convenient web application designed for configuring, managing and auditing PKI systems. Administrators can use it to manage PKI integration and configure the role model. Operators, on the other hand, can employ this tool in order to centrally register and issue PKI tokens, view logs and the device registry, monitor the use of tokens at workstations, and edit user policies for PKI products.
Client software can help you automate multiple tasks related to management of digital certificates and PKI tokens used at workstations.
PKI integration modules enable convergence with other important components related to PKI solution and IT infrastructure management.
Thanks to a convenient role-based model incorporated with the Indeed CM platform, you can assign appropriate access rights to personnel with various job descriptions. For example, among other things, you can clearly delimit the responsibilities of security administrators and CA operators.
Centralized control and management
Building a PKI management system is a complex task that requires multiple technical and organizational efforts.
If your PKI infrastructure includes one certificate authority and a few dozens of PKI tokens, it can be easily managed even with the software you already have. However, centralized management can prove a much more sophisticated task if you need to use numerous PKI tokens, a few certificate authorities (especially in the case of multiple manufacturers), or a large number of qualified electronic signatures issued by a third-party accredited certificate authority.
PKI management solutions can help you not only effectively manage your PKI components of varying origins, but also automate a series of routine operations related to issuing, revoking, and renewing your electronic signature certificates, as well as servicing your PKI tokens. This way, you can significantly reduce the workload of certificate authority operators without compromising the efficiency and cyber security of the processes.
You can also use the Indeed CM platform to delegate certain privileges to certificate holders so that they can service certificates and electronic signature tokens. Automated mechanisms embedded in the PKI management software can be used as intermediaries for these operations, so you no longer need to engage certificate authority operators. All these tasks can be addressed via appropriate self-service tools.
Operators often need to initiate large-scale jobs to handle user PKI tokens and certificates, while some of your employees may be absent from their workplace at that particular time (due to a business trip, vacation, or illness). Big companies with multiple branches are usually quite familiar with this situation. A specialized Indeed CM agent can help you address the tasks at hand automatically, keeping the involvement of CA operators at a minimum. Their functions will be limited to job assignment and progress monitoring, while the agent can take care of the execution across all individual workstations.
Centralized control and monitoring can be a real challenge if you rely on multiple solutions from different vendors to manage your business processes.
Security Information & Event Management (SIEM) software used to be the most popular solution for addressing this task, but its design and deployment procedure is rather sophisticated, and in some cases this package may be redundant.
The Indeed CM platform offers a specialized consolidated tool for monitoring your PKI infrastructure. All operations related to management of certificates and PKI tokens, as well as the list of job initiators, and information about various failures will be available in a unified event log. You will no longer need to analyze multiple system logs and cross-check user activity and the event time span.
One of the key tasks addressed by the Indeed CM software is that it can keep track of all certificates and PKI tokens linked to specific users, namely:
- It will keep a register of your PKI tokens: each token (a smart card, USB token, virtual token, or a container with a certificate and private key in the register) is assigned to a designated employee.
- It will keep a register of your company's own certificates: all certificates issued by your own certificate authorities are assigned to their owners.
- It will keep a register of certificates issued by third-party providers: if your company uses certificates issued by third-party (external) certificate authorities, you can add this information to the Indeed CM database and set up timely reminders for users and administrators about the upcoming expiry dates for third-party certificates.
Another important advantage of the Indeed CM platform is that it can send email notifications to users and administrators about any occurring events. For example, your administrators and/or users can be notified when their certificate is about to expire. This way, your certificates can be duly renewed without any idle time in your work process.
In addition, Indeed CM offers an easy-to-use tool for generating various reports about the operation of your PKI infrastructure. If you prefer to monitor the situation in real time without generating reports, you can opt to view a summary of operations across the entire PKI infrastructure on visual dashboards in the administrator console.
Corporate IT infrastructure today is an intricate structure of massive proportions that relies on multiple technical solutions for addressing various tasks. Many essential business processes, especially those related to cyber security, may involve technical tools from different vendors. PKI public key infrastructure is no exception.
PKI systems include the following technical tools:
- A certificate authority
- PKI tokens
- Digital certificates
- Certificate storage vault
- Target systems (EDMS, OS, etc.)
The key criteria used to evaluate PKI management solutions include, on the one hand, the list of supported solutions and manufacturers, and, on the other hand, the degree of integration with each specific solution.
The Indeed CM platform supports integration with several widely used certificate authorities. Thanks to this integration, it can not only monitor the lists of issued certificates, but also automate a number of routine operations. For example, you can opt to set up automatic mode for approving certificate requests, sending certificate requests to the CA, and delivering issued certificates to workstations with PKI tokens.
Another key feature of the Indeed CM solution is that it supports a wide rangeof PKI tokens from different vendors. Beyond technical support, the solution is also capable of keeping track of all tokens and relevant certificates and managing them (for example, setting up a PIN code policy).
Important integration capabilities include:
- An option to use digital certificates and PKI tokens for authentication in target systems via relevant external access management systems (for example, Identity Management)
- Support for mass issuance of PKI tokens and certificates via specialized smart card printers
- Integration with technical solutions and storage systems for certificates without PKI tokens (so-called virtual, software-based, and network smart cards)
- API for integration with other IT infrastructure components that rely on digital certificates
- Supported syslog for sending security event data to appropriate monitoring systems such as Security Information & Event Management (SIEM)
Indeed CM offers a high degree of integration with all the technical solutions and systems as required. This said, you can not only boost the overall efficiency of your PKI business process management, but also cut the costs associated with system management and maintenance.
- Сertificate authorities: Microsoft Windows CA, CAmelot
- CA operations: obtain certificate templates, create and send out certificate requests, approve certificate requests, issue certificates, suspend and revoke certificates, check certificate status, create and update CA user data.
- Tokens: removable hardware tokens, Microsoft Windows NT Registry, Trusted Platform Module (TPM), Microsoft Windows Hello for Business, and Indeed AirCard Enterprise.
- Removable hardware tokens: eToken (SafeNet), ESMART (SafeNetISBC), Yubikey (Yubico), ID Prime (Gemalto), and ePass (Feitian).
- Integration with access security tools, smart card printers, authentication management tools (Indeed Access Manager), and identity management tools − IdM (via API)