Indeed Certificate Manager

This product centrally manages the lifecycle of digital certificates and smart cards and automates PKI processes

get presentation
prew-product

Relevance

A growing number of companies and government agencies looking to streamline their business workflow are now transitioning to electronic document management.

The backbone of electronic document management systems are electronic signatures and public key certificates designed for verifying the signatures.

Today, digital certificates are widely used for managing remote banking services, submitting tender documentation via electronic platforms, and maintaining security in the Internet of Things (IoT) and automated process control systems (APCS).

Proper, clever, and secure use of digital certificates is an important prerequisite for smooth operation of a majority of modern organizations.

The cornerstones of digital certificate management are specialized technology solutions that are commonly referred to as Public Key Infrastructure (PKI). PKI is a set of software and hardware tools that can perform a full range of digital certificate operations.

Stringent criteria are in place for the security of the key PKI components (for example, certificate authorities and tokens). Security requirements are usually stipulated by national and international cyber security regulations.

However, companies have to use PKI components from different manufacturers to address their corporate needs. Moreover, digital certificates may be issued by different certificate authorities, both internal and external (most notably, this is true for accredited certificate authorities that can issue qualified certificates for electronic signatures).

If you don’t have a centrally managed PKI service in place, you are bound to face a number of issues, such as unaccounted tokens and excessive workload required for PKI operation and maintenance. And this can make your PKI solutions and electronic signatures much less effective.

However, all these issues can be addressed by deploying a comprehensive PKI management system. A PKI system should be able to perform the following tasks:

  • Centralized monitoring and control over the use of PKI components
  • Digital certificate lifecycle management, regardless of the issuing public key authority
  • Controlled use of PKI tokens from different vendors
  • Self-service tools for corporate users enabling them to manage their own PKI tokens and certificates
  • Automation of routine operations for certificate authorities responsible for issuance, revocation, and renewal of digital certificates.

Platform overview

The Indeed Certificate Manager (Indeed CM) platform is a specialized category of IT solutions based on a combination of multiple classes of solutions:

  • Public Key Infrastructure Management (PKI Management)
  • Card Management System (CMS)
  • Software Digital Certificate

The Indeed CM platform draws on our company’s long-term expertise in the development of information security products, specifically those that have to do with access management.

It is a software and hardware suite relying on a centralized policy for digital certificate management, controlled use of PKI tokens, and PKI status monitoring.

The key advantage of Indeed CM is that it supports a wide range of software and hardware produced by different vendors and designed to ensure proper operation of the PKI infrastructure.

With client web applications, digital certificate users and owners of electronic signatures can view their certificates and PKI tokens, check the validity of such certificates, and notify PKI administrators and operators about important events. In addition, web apps can be used by owners to revoke and renew their certificates and tokens without involving PKI administrators and operators.

The administrator and operator console is a convenient web application designed for configuring, managing and auditing PKI systems. Administrators can use it to manage PKI integration and configure the role model. Operators, on the other hand, can employ this tool in order to centrally register and issue PKI tokens, view logs and the device registry, monitor the use of tokens at workstations, and edit user policies for PKI products.

Client software can help you automate multiple tasks related to management of digital certificates and PKI tokens used at workstations.

PKI integration modules enable convergence with other important components related to PKI solution and IT infrastructure management.

Thanks to a convenient role-based model incorporated with the Indeed CM platform, you can assign appropriate access rights to personnel with various job descriptions. For example, among other things, you can clearly delimit the responsibilities of security administrators and CA operators.

Centralized control and management

Building a PKI management system is a complex task that requires multiple technical and organizational efforts.

If your PKI infrastructure includes one certificate authority and a few dozens of PKI tokens, it can be easily managed even with the software you already have. However, centralized management can prove a much more sophisticated task if you need to use numerous PKI tokens, a few certificate authorities (especially in the case of multiple manufacturers), or a large number of qualified electronic signatures issued by a third-party accredited certificate authority.

PKI management solutions can help you not only effectively manage your PKI components of varying origins, but also automate a series of routine operations related to issuing, revoking, and renewing your electronic signature certificates, as well as servicing your PKI tokens. This way, you can significantly reduce the workload of certificate authority operators without compromising the efficiency and cyber security of the processes.

You can also use the Indeed CM platform to delegate certain privileges to certificate holders so that they can service certificates and electronic signature tokens. Automated mechanisms embedded in the PKI management software can be used as intermediaries for these operations, so you no longer need to engage certificate authority operators. All these tasks can be addressed via appropriate self-service tools.

Operators often need to initiate large-scale jobs to handle user PKI tokens and certificates, while some of your employees may be absent from their workplace at that particular time (due to a business trip, vacation, or illness). Big companies with multiple branches are usually quite familiar with this situation. A specialized Indeed CM agent can help you address the tasks at hand automatically, keeping the involvement of CA operators at a minimum. Their functions will be limited to job assignment and progress monitoring, while the agent can take care of the execution across all individual workstations.

PKI audit

Centralized control and monitoring can be a real challenge if you rely on multiple solutions from different vendors to manage your business processes.

Security Information & Event Management (SIEM) software used to be the most popular solution for addressing this task, but its design and deployment procedure is rather sophisticated, and in some cases this package may be redundant.

The Indeed CM platform offers a specialized consolidated tool for monitoring your PKI infrastructure. All operations related to management of certificates and PKI tokens, as well as the list of job initiators, and information about various failures will be available in a unified event log. You will no longer need to analyze multiple system logs and cross-check user activity and the event time span.

One of the key tasks addressed by the Indeed CM software is that it can keep track of all certificates and PKI tokens linked to specific users, namely:

  • It will keep a register of your PKI tokens: each token (a smart card, USB token, virtual token, or a container with a certificate and private key in the register) is assigned to a designated employee.
  • It will keep a register of your company’s own certificates: all certificates issued by your own certificate authorities are assigned to their owners.
  • It will keep a register of certificates issued by third-party providers: if your company uses certificates issued by third-party (external) certificate authorities, you can add this information to the Indeed CM database and set up timely reminders for users and administrators about the upcoming expiry dates for third-party certificates.

Another important advantage of the Indeed CM platform is that it can send email notifications to users and administrators about any occurring events. For example, your administrators and/or users can be notified when their certificate is about to expire. This way, your certificates can be duly renewed without any idle time in your work process.

In addition, Indeed CM offers an easy-to-use tool for generating various reports about the operation of your PKI infrastructure. If you prefer to monitor the situation in real time without generating reports, you can opt to view a summary of operations across the entire PKI infrastructure on visual dashboards in the administrator console.

Technological integration

Corporate IT infrastructure today is an intricate structure of massive proportions that relies on multiple technical solutions for addressing various tasks. Many essential business processes, especially those related to cyber security, may involve technical tools from different vendors. PKI public key infrastructure is no exception.

PKI systems include the following technical tools:

  • A certificate authority
  • PKI tokens
  • Digital certificates
  • Certificate storage vault
  • Target systems (EDMS, OS, etc.)

The key criteria used to evaluate PKI management solutions include, on the one hand, the list of supported solutions and manufacturers, and, on the other hand, the degree of integration with each specific solution.

The Indeed CM platform supports integration with several widely used certificate authorities. Thanks to this integration, it can not only monitor the lists of issued certificates, but also automate a number of routine operations. For example, you can opt to set up automatic mode for approving certificate requests, sending certificate requests to the CA, and delivering issued certificates to workstations with PKI tokens.

Another key feature of the Indeed CM solution is that it supports a wide rangeof PKI tokens from different vendors. Beyond technical support, the solution is also capable of keeping track of all tokens and relevant certificates and managing them (for example, setting up a PIN code policy).

Important integration capabilities include:

  • An option to use digital certificates and PKI tokens for authentication in target systems via relevant external access management systems (for example, Identity Management)
  • Support for mass issuance of PKI tokens and certificates via specialized smart card printers
  • Integration with technical solutions and storage systems for certificates without PKI tokens (so-called virtual, software-based, and network smart cards)
  • API for integration with other IT infrastructure components that rely on digital certificates
  • Supported syslog for sending security event data to appropriate monitoring systems such as Security Information & Event Management (SIEM)

Indeed CM offers a high degree of integration with all the technical solutions and systems as required. This said, you can not only boost the overall efficiency of your PKI business process management, but also cut the costs associated with system management and maintenance.

Technical parameters

  • Сertificate authorities: Microsoft Windows CA, CAmelot
  • CA operations: obtain certificate templates, create and send out certificate requests, approve certificate requests, issue certificates, suspend and revoke certificates, check certificate status, create and update CA user data.
  • Tokens: removable hardware tokens, Microsoft Windows NT Registry, Trusted Platform Module (TPM), Microsoft Windows Hello for Business, and Indeed AirCard Enterprise.
  • Removable hardware tokens: eToken (SafeNet), ESMART (SafeNetISBC), Yubikey (Yubico), ID Prime (Gemalto), and ePass (Feitian).
  • Integration with access security tools, smart card printers, authentication management tools (Indeed Access Manager), and identity management tools − IdM (via API)
GET TECHNICAL DESCRIPTION

Watch product in work

Would you like to stay in line with PKI evolution and find answers to many questions related to PKI management?

  • Do you need to add an additional layer of control over digital certificates and manage them remotely?

Request a free demonstration of our product to learn how we help companies to implement efficient digital certificates management in a corporate environment

SCHEDULE PRODUCT DEMO
prew-product-work

Industries

Learn how multiple industries enjoy benefits from implementing our products

Prev
Next

industry about us

quot-mark
avt-1
Andy Woo
Regional Director of Pacific Tech

At Pacific Tech, we are continuously evolving and bringing new solutions to our partners and customers in the region. We are delighted to be partnering with Indeed Identity. With Indeed Identity, we found a comprehensive access management solution which perfectly complements the growing population of Singapore work-from-home workers. As a leading cyber security solution provider, this strategic partnership is perfect for our two companies.

read more
quot-mark
avt-2
KC KuppingerCole Report
Executive view

Indeed Identity’s innovative approach towards designing its whole product portfolio as a highly modular open application platform allows the customers to pick and choose the modules as needed and grow in the future as their business needs expand. Even out of the box, Indeed Certificate Manager provides comprehensive yet convenient management capabilities for both administrators and end users.

read more
quot-mark
avt-3
Michael Bürger
Founder & Sales Partner at EU-HUB Network

Since approximately 5 years now I’m working with Indeed Identity quite successfully. First as my vendor client and next as a trusted innovative software partner. Now we are re-selling Indeed Identity software as a Distributor for the EU and beyond. Often I met Indeed Identities CEOs, CTO, Product Management, Partner Managers and System Engineers, on the the phone and even in person in London and Munich and always my feeling was that this is are smart people, an excellent organized company, straight forward thinking and | don’t have any doubt that together we will be very successful this decade in the 2020s on everything we target.

quot-mark
avt-4
Leo Querubin
Executive Director for Business Development of Pointwest Technologies Corporation

The products of Indeed Identity, like Indeed Access Manager, a software for strong and multi-factor authentication (MFA), can provide the structural changes that force everyone to follow necessary cybersecurity procedures. Customers get the best of both worlds — the world-class cybersecurity products of Indeed Identity and the experience and expertise of the local cybersecurity landscape of Pointwest.

read more
quot-mark
avt-4
Volkan Duman
Information Technologies General Manager at vMind

As a result of the long-term laboratory tests and studies that we conducted, we believe that Indeed Identity products should certainly be on the Turkish market. Thanks to our partnership with Indeed Identity, we sought to expand the access control and certificate management market, which is located in a narrow profile in the country, as well as add value by transferring technology to our country. When we compare Indeed Identity products with similar products, we can safely say that they contain much more different features and are more inclusive.

read more
quot-mark
avt-4
Marko Pust
Director of OSI.SI

We have a long partnership with Indeed Identity for more than 2 years already. I can confidently say that Indeed CM is one of the best and technologically enhanced products for managing digital certificates and smart cards on the EU market. This product has a number of unique features such as Client Agent and Indeed AirCard Enterprise network-attached smart card that are highly valued by our customers. One of the customers said that Indeed CM brought automation and visibility to their PKI life.

quot-mark
avt-4
Heng Lie
Director of Synnex Metrodata Indonesia

I believe that Indeed Access Manager is an excellent solution for many of our clients. It manages access to all information systems of the enterprise and protects companies from internal and external cyber threats. It is a flexible platform combining different authentication scenarios and methods.

quot-mark
avt-4
Sergey Yeliseyev
X–Infotech Owner, Business Development Director, Government eID solutions

Indeed Identity is the company of professionals in the field of information security. They provide top-level solutions for PKI management and access control to corporate resources. We recommend this company as a reliable partner.

prod-1.jpg

SafeNet eToken 5110

To protect identities and critical business applications in today’s digital business environment, organizations need to ensure access to online and network resources is always secure, while maintaining compliance with security and privacy regulations.
  • Secure remote access to VPNs and Web portals and Cloud Services
  • Secure network logon
  • Digital signing
  • Pre-boot authentication
Order
prod-2

Gemalto Smart Card IDPrime 830

As cybercriminals get smarter and more determined than ever, more and more businesses and government agencies are coming to the realization that single-factor authentication solutions using simple usernames and passwords are not enough. Gemalto, the world leader in digital security, offers an extensive portfolio of strong authentication solutions.
  • Perfect integration in Windows environment
  • Centralized management control
  • No compromise on security
  • Enhanced cryptographic support
Order
prod-3

Gemalto Smart Card IDPrime 840

The IDPrime MD 840 is a contact interface smart card and is compliant with the new Regulation on Electronic Identification Authentication and Trust Services for Electronic Transactions in the Internal European Market (eIDAS). eIDAS is the European Regulation created to ensure a safe way for businesses, governments and citizens to do business online and includes rules for electronic signatures.
  • Compatible with any environment
  • Compliant with eIDAS regulations
  • Multi-application smart cards
  • Enhanced cryptographic support
Order
prod-4

Gemalto Smart Card IDPrime 3810

The IDPrime MD 3810 is a dual-interface smart card, allowing communication either via a contact interface or via a contactless ISO14443 interface, also compatible with the NFC standard. The IDPrime MD smart cards are designed for PKI-based applications, and come with a IDGo 800 minidriver that offers a perfect integration with native support from the Microsoft® environments, up to Windows 10 (without any additional middleware).
  • NFC Compliant
  • Centralized management control
  • No compromise on security
  • Enhanced cryptographic support
Order
prod-5

Gemalto Smart Card IDPrime 3811

The IDPrime MD 3811 IDPrime MD 3811 is a dual-interface smart card, based on a single chip, offering full PKI services either via a contact interface or via a contactless ISO14443 interface, also compatible with some NFC interfaces, already widely used by smartphones and tablets. It’s Plug and Play with Windows.
  • Perfect integration in Windows environment
  • Centralized management control
  • NFC Compliant
  • Compatible with any environment
Order
prod-6

HID Crescendo

HID Global’s Crescendo® is a family of credit card-sized smart cards designed to provide versatile and secure IT and physical access control. Crescendo leverages a state-ofthe-art smart card platform technology to deliver a standards-based solution for strong authentication and data protection.
  • Enhanced security credential
  • Broad range of applications
  • Part of the HID Global ecosystem
  • Easy migration
Order
prod-7

FEITIAN ePass2003

StorePass by FEITIAN is a hybrid device which combines Flash memory with Public Token Infrastructure technology. The onboard smart card provides strong protection to user credentials as well as a flash drive to carry regular programs and files.
  • Hardware random number generator
  • 64KB EEPROM memoryto store private keys
  • Multiple certificates and sensitive data
  • Support X509 v3 standard certificate
  • Support storing multiple certificate on one device
  • Onboard RSA2048 key pair generation, signature and encryption
  • 64 bit universal unique hardware serial number
Order
prod-8

FEITIAN BioPass 2003

FEITIAN BioPass 2003 enabled biometric technology in the USB token. No matter the token is stolen or lost, no one can personate the real owner of the token. BioPass2003 provides a higher security level on users' assets protection.
  • Operative Systems — Windows 2000 / XP / 2003 / VISTA / 2008 / 7 / 8 / 10 (32-bit y 64-bit) Linux (32-bit y 64-bit) *Under evaluation. Mac OS X *Under evaluation.
  • PKCS#11 Cryptographic Service Provider (CSP) Microsoft Smart Card Minidriver (Card Module)
  • Digest SHA-1/SHA-2
Order
prod-9

YubiKey 5 NFC

YubiKey 5 NFC can address the requirements for both single-factor and multi-factor passwordless authentication. With the token, a company can enhance cybersecurity and protect access to corporate resources by having strong hardware-based authentication with the use of PKI cryptography.
  • Provides tap-and-go authentication on NFC-enabled Android devices
  • Multi-Protocol, including FIDO2, Yubico OTP, OATH HOTP, U2F, PIV, and Open PGP
  • No battery or network connectivity required
  • Easily configure multiple protocols across computers, networks, and online applications and services
Order
prod-10

Futronic FS82 Fingerprint Smart Reader

The Futronic FS82 Fingerprint Smart Reader combines Futronic’s FS80 USB2.0 Fingerprint Scanner and an ISO7816 smart card reader into one device. Fingerprint scanner and smart card reader can be combined to do two-factor authentication.
  • Fingerprint scanning window size is 16×24mm
  • Image format is 8 bit 256 grayscale
  • High speed smart card interface, up to 412 Kbps if it is supported by card
  • Supports 5V, 3V and 1.8V smart cards
  • Detect smart card type automatically
  • Secure Pin Entry (SPE)
Order
prod-10

Biometric Smart Card Reader ASEDrive IIIe Combo Bio PIV

ASEDrive IIIe Biometric Smart Card Reader based on Athena’s ASEDrive IIIe technology. The ASEDrive IIIe Biometric card reader incorporate advanced biometric fingerprint sensors providing high quality and high performance Biometric capabilities to support One to One or One to Many match verification.
  • Biometric sensor: UPEK TCS1 TouchChip® sensor EIM
  • Interface: USB 2.0
  • Supports 5V and 3V smart cards
  • FIPS 201 certified reader and sensor
  • Host support: Windows, LINUX and Mac
  • Cards supported: ISO 7816 T=0, T=1, CAC and EMV
  • Power source: USB
Order
prod-10

Smart Card Reader ACR38U-H1

Built with the unique «Bridge Desktop» casing, ACR38U-H1 allows for upright insertion of smart cards. It belongs to the ACR38 family of high-speed smart card readers/writers, which has been proven to support highly demanding smart card applications. Low-cost but high-quality, the ACR38U-H1 creates lasting customer value and offers viable and user-friendly solutions for various smart card applications.
  • Smart card interface support: ISO-7816 Class A, B and C (5V, 3V, 1.8V) CAC & PIV Smart Cards
  • USB 2.0 Full Speed
  • Regulated 5V DC
  • Supply current — max. 50mA
  • CLK frequency — 4 MHz
Order
prod-10

Smart Card Reader ACR38U-I1

With the rapid growth of technology comes increases in electronic data theft. This emphasizes the need to secure electronic data, and therefore the integration of smart card technology into current IT infrastructures. Following this trend, ACR38U-I1 Smart Card Reader Series combines sophisticated technology and modern design to meet stringent requirements in smart card-based applications, such as payment systems and electronic identification, where a high level of security is becoming more essential.
  • Smart card interface support: ISO-7816 Class A, B and C (5V, 3V, 1.8V) CAC Smart Cards
  • USB 2.0 Full Speed
  • Regulated 5V DC
  • Supply current — max. 50mA
  • CLK frequency — 4 MHz
Order
prod-10

EDIsecure® XID 8300 ID Card Printer

The modular single-or double-sided EDIsecure® XID8300 Retransfer Printer was developed for industrial needs, thus it is provided with various optional modules such as bend remedy, flipper, and encoding modules. Based on wealth and experience with XID Retransfer Technology, the printer is ready for plug and play inline encoding and lamination. With its compact size, the printer delivers the right combination of reliability, performance and affordability for printing durable and secure cards.
  • Dye-sublimation retransfer
  • Single- or double-sided (optional) over-the-edge retransfer printing
  • Up to 120 cards per hour (singlesided)
  • Lifetime warranty (using EDIsecure® materials)
Order
prod-10

Thales nShield Connect HSMs

nShield Connect HSMs are certified hardware security appliances that deliver cryptographic services to a variety of applications across the network. These hardened, tamper-resistant platforms perform such functions as encryption, digital signing, and key generation and protection. With their comprehensive capabilities, these HSMs can support an extensive range of applications, including certificate authorities, code signing and more.
  • FIPS 140-2 Level 2 and Level 3
  • USGv6 accreditation
  • Common Criteria EAL4+ (AVA_VAN.5) for nShield Connect+ models
Order
prod-10

Cryptovision SCinterface

SCinterface integrates smart cards and other tokens into IT environments. SCinterface supports over ninety smartcards, security tokens and profiles on all common operating systems. There are many useful features, including biometrics and Microsoft Virtual Smart Card support. This is software that connects a card or security token (including the credentials it contains) to the application.
  • Certgate microSD (NXP JCOP)
  • G&D Sm@rtCafé Expert 3.2 USB token
  • NXP JCOP: V2.2.1 IDptoken 200
  • SwissSign SwissStick (CardOS M4.3B)
  • Swissbit
  • IDENTIV @MAXX (SCT3512)
Order