The Public Key Infrastructure (PKI) is not only about PKI administrators and operators, but also about ordinary users who own electronic signature keys.
One of the reasons to deploy PKI is to make the system more user-friendly and efficient for users. This means that the overall efficiency of your PKI system depends on the quality and level of services provided.
Sadly enough, even though the technology keeps evolving at a high pace with brand new products emerging all the time, not much has changed for digital certificates and PKI tokens over the last 10 years. Remote work has been rapidly growing in popularity, making it even more difficult to maintain proper operation of digital certificates. The main reason for this is the need to manually handle hardware tokens. But this is exactly what you want to avoid with remote work.
You may often need to perform a certain action (change PIN codes, reissue certificates, etc.) for multiple users at the same time, i.e. perform a batch task. The standard routine is to have all users visit their PKI operators, or have the operators visit all users one by one, which happens more often. Batch tasks can prove even more difficult for both users and operators if your employees work remotely or are currently away working off-site, on a business trip or sick leave. In this case, batch tasks may require a lot of time.
Certificates used outside the corporate perimeter may bring additional challenges, for example, when a PKI token is locked, damaged, or compromised. You may find yourself in a really tough spot if a PKI token should suddenly fail in an area that is extremely hard to reach. In this case, delivering a new token within a reasonable time is close to impossible while the user’s job tasks will keep piling up.
Your inability to timely solve the issues and tasks faced by your users in relation to PKI tokens and digital certificates may result in financial losses owing to reduced labor productivity. The optimal solution would be to use specialized self-service and monitoring services offered as modules within the PKI Management software.
These software suites can help you sharply reduce the unproductive time required for solving various issues related to ensuring proper operation of your PKI tokens and digital certificates.
If you want to boost labor productivity in your company and make sure that all job tasks that require the use of PKI tokens and digital certificates are effectively solved, your best choice is to use a comprehensive solution, Indeed Certificate Manager containing relevant modules.
Indeed Certificate Manager comes with a user self-service portal that offers the following functions to end users:
- View the list of assigned PKI tokens and issued certificates
- Issue additional PKI tokens
- Unlock PKI tokens
- Revoke, suspend and resume digital certificates
- Revoke and wipe tokens
- Change PIN codes
- Reissue certificates
Even users who have no access to corporate resources can use the remote service portal from external networks. This service can help you address the following tasks:
- Unlock a token
- Report a token that has failed or has been compromised (the respective certificates will be revoked)
- Suspend a PKI token and respective certificates
Additionally, there is a specialized module, Indeed CM Agent, designed to control local smart cards and tokens connected to workstations, and remotely perform assigned tasks (change administrator PIN-codes, reissue certificates, etc.). Agents run assigned batch tasks and report their progress.
Now, batch tasks no longer require users and operators to adjust their schedules, push back their tasks, visit the office, etc.. The task initiated by a PKI operator will be completed once the user connects the token to their corporate workstation.
Indeed Certificate Manager also includes the following functions designed to make PKI operations more efficient:
- A notification system reminds the end users to renew their certificates or change PIN codes in a timely manner.
- The system supports virtual and network smart cards, which can be useful when a hardware token assigned to a remote employee fails. Thanks to this technology, you can use private keys without removable hardware tokens.
Indeed Certificate Manager allows you to set up relevant permissions on the self-service portal on individual user or user group levels.
Certificate operations available to users:
- Issue and reissue
- Suspend and revoke
- View issued and traced certificates
- Check certificate status
PKI token operations available to users:
- Assign and issue
- Content update
- Reset and change PIN codes
- Self-service portal
- Remote service portal
- Agent for client workstations
- Removable hardware tokens
- Microsoft Windows Registry
- Trusted Platform Module (TPM)
- Microsoft Windows Hello for Business
- Indeed AirCard Enterprise
Removable hardware tokens: