Centralized
PKI management

The solution based on Indeed CM controls the use of digital certificates and smart cards by the company's employees and logs user's activity

schedule product demo

overview

Today digital signatures and digital certificates are widely used not only for meeting the internal needs of organizations, but also in interagency e-document flow, online banking, and e-tendering. In other words, proper, competent and secure use of digital signatures is critical for any organization.

PKI and asymmetric cryptography can help your company to address the following information security tasks:

  • Replace outdated password authentication with strong two-factor authentication for access to operating systems and applications (VPN, VDI, etc.)
  • Digitally sign and encrypt email
  • Use a qualified electronic signature to comply with regulatory requirements, enable legally valid document flow, interact with online banking systems, and participate in tenders and procurement
  • Encrypt files, disks, and other data

However, to properly support your PKI you have to address a number of new challenges:

  • Consistently manage different models of your tokens, as well as certificates issued by various certificate authorities.
  • Bring your certificates in line with user tasks, i.e. make sure that each smart card contains all the certificates required by the user without any redundant certificates.
  • Centrally manage policies regarding user PIN codes for tokens, i.e. establish policies for PIN code complexity and PIN change frequency.
  • Carefully monitor certificate validity and ensure their timely renewal.
  • Keep track of your tokens and assign them to specific employees and workstations to control how PKI tokens are used in your company.
  • Keep a log of cryptographic facilities.
  • Unlock the tokens that get locked when users forget their PIN codes.

As cloud computing continues to evolve and remote work gets more popular, various new technologies that do not require a hardware token for storing key data are gaining traction, such as network and virtual smart cards and electronic signature in the cloud and smartphone.

Addressing the challenges related to the operation and management of your PKI infrastructure may require a lot of time and money, not to mention the related information security threats. The optimal solution for addressing this task would be to use a specialized PKI Management product designed for centralized monitoring and management of your PKI.

The primary function of such products is to serve as a “certificate manager”. These software suites can help you significantly improve the efficiency of your PKI management and enhance your information security.

If you want to boost the efficiency of your PKI management, and to reduce the related costs, your best choice is to use a comprehensive solution, Indeed Certificate Manager. This product was designed to ensure centralization and increased efficiency of all operations related to digital certificates as well as PKI tokens.

Notably, Indeed CM is completely independent from the developers of certificate authorities and hardware tokens. This is why this solution works well for a variety of PKI products.

The Indeed CM platform offers the following functional features:

  • Management policies (issue, renew, revoke) for all certificates used in your company
  • Management policies for PKI tokens
  • Integration with public key infrastructure components: certificate and registration authorities, smart card printers, etc.
  • Integration with IT infrastructure components: directory services, certificate stores, mail services, etc.
  • Integration with information security tools: authentication management systems, workstation protection tools
  • Management services for PKI administrators and operators
  • User self-service
  • Summary of managed objects (users, tokens, digital certificates)
  • APIs for integration with third-party systems

Indeed CM supports the following operations with electronic signature keys and certificates:

  • Initiate key pair generation and send certificate request to the CA
  • Issue and revoke public key certificates
  • Ensure timely renewal of certificates

Indeed CM supports the following operations with PKI tokens:

  • Initialize a token and assign it to the user
  • Lock and unlock a token
  • Set and change user and administrator PIN codes (password policies are supported)

In other words, PKI administrators and operators can use Indeed CM as a multi-purpose console for certificate and PKI token management.

All parameters in Indeed CM can be set up via relevant policies. A policy contains all the necessary data to connect to certificate authorities, a list of certificates to be issued, and additional certificate parameters (create keys backups, reuse keys when renewing expiring/expired certificates, etc.).

A policy can be applied to a specific unit in the organizational structure (for example, an OU in an Active Directory Domain), and the settings for all users located in this unit or its child objects will be aligned with the policy.

You can also define user groups to filter the policy scope. That is, you can assign several policies to a single object in your organization, and the relevant policies will be selected based on user groups.

Integration with Active Directory.

Certificate authorities:

  • Microsoft CA
  • Cryptovision CAmelot

Types of operations with CAs:

  • Obtain certificate templates
  • Approve certificate requests
  • Issue and reissue certificates
  • Suspend and revoke certificates
  • Check certificate status
  • Create and update CA user data

Token types:

  • Removable hardware tokens
  • Microsoft Windows Registry
  • Trusted Platform Module (TPM)
  • Microsoft Windows Hello for Business
  • Indeed AirCard Enterprise

Removable hardware tokens:

  • ACOS (ACS)
  • HID Crescendo (HID)
  • ID-One Cosmo (Bit4id)
  • SCinterface (cryptovision GmbH)
  • TicTok V2, V3 (CRYPTAS it-Security GmbH)
  • eToken and IDPrime (Thales Group, the former SafeNet and Gemalto)
  • YubiKey (Yubico)
  • ePass (FEITIAN)

Get the budget estimation of your project

get questionnaire

Industry about us

Get in touch with us

Indeed Identity key employees have more than 10 years of experience in the cybersecurity field. Our team has implemented hundreds of projects for companies of different industries: banks and financial institutions, telecommunications, energy, transportation, government and educational institutions.

Anton Shlykov

Head of Technical Support

Mikhail Yakovlev

Indeed CM expert

Ivan Lobanov

Indeed CM expert

Mikhail Elychev

Indeed CM expert

other solutions