Control of using the smart cards,
and digital certificates

Centralized management and booking of digital signature tools

Certificate Manager

Many companies make it a common practice to use digital certificates and smart cards. These are used both internally - for e-mail protection, internal document flow, user authentication - and for communication with third parties, working at trading platforms, in remote banking services and for generating a qualified digital signature. The certificates can be issued either by the company’s own certification authorities, or by external organizations. The management of distributed population of smart cards becomes a complex task, which is to be solved by special systems. The Indeed Certificate Manager offers a centralized and effective solution for the task.

Task description

Generally, the following tasks can be set for the smart cards and certificate management:

    • Control of certificate and smart cards usage by the company employees
    • Tracking of third-party certificates issued by external CA to work in remote banking services

Solution

To solve the specified tasks, the required functions are implemented in the Indeed Certificate Manager (Indeed CM).

Control of certificate and smart cards usage

The special client agent is implemented in the Indeed CM to solve the task of controlling the usage of smart cards, tokens and certificates. The agent is installed onto user PC. It allows for a number of operations to be performed remotely:

    • Send the data on the smart cards used to the Indeed CM server - what PC the token is connected to and who exactly is working on the PC.
    • Block Windows session or smart cards, if usage rules are violated. E.g., a smart card can be assigned to user account or PC. If the user or PC does not correspond to the present one, the agent might lock the smart card.
    • Change of PIN code upon administrator request.
    • Media lock upon the administrator request
    • Update of certificates on the media
    • Deleting of data from the smart cards

Thus, the agent allows the administrators to audit smart card and token usage, as well as to perform operations with smart cards remotely on user PC. The agent also can prevent unauthorised use of the media.

In addition to the agent, the Indeed CM can track the user account status in Active Directory catalogue, and suspend the certificates of users with deactivated accounts. This allows to suspend the certificate for duration of employee leave or in case of dismissal.

Third-party certificate tracking

The information on the certificates written to the media is read at the moment of assignment of media to a user and is displayed in the user profile. When the certificate is about to expire, the system sends corresponding notification to the user and/or administrator.

Scheme for monitoring the use of key carriers

The solution contains the following main components.

Indeed CM Server is the core component of Indeed CM infrastructure. It is an ASP.Net application, operating on Internet Information Services (IIS) Internet Information Services (IIS) server. The Indeed CM Server provides for centralized management of system users, card repository and security policies. The Indeed CM Server also provides for receiving data from the agents and performing card unlock operations, as well as event logging.

Event log is the Indeed CM event storage. The log registers all the events associated with smart card life cycle and system parameters’ modification. The log can be viewed in the Indeed CM administrator console. Reports can also be generated in the console.

Smart card registry contains information on all the devices registered in the system. The registry can be viewed in the Indeed CM administrator console.

Indeed CM Agent is a client component, implementing the functions of monitoring and control of smart cards usage. The agent also provides for remote performing of operations with smart cards and tokens: locking, PIN change, certificate updating etc.

LEARN MORE
ASK A QUESTION IN A LIVE CHAT ON OUR WEBSITE
  • What questions does the product solve?
  • What are the infrastructure requirements?
  • How to run a pilot?
  • How much does the implementation cost?
industry about us
In the report from March 21, 2016 by KuppingerCole Indeed Identity was mentioned as “a specialist vendor” in access management market segment that delivers solutions for authenticating users, encrypting messages, and securing information on mobile phones.
KuppingerCole
Europe’s leading Analysts on the topics of Information Security in the era of Digital Transformation
"Indeed Identity is the company of professionals in the field of information security. They provide top-level solutions for PKI management and access control to corporate resources. We recommend this company as a reliable partner."
Sergey Yeliseyev
X-Infotech Owner, Business Development Director, Government eID solutions
Indeed Identity has been the Softline important partner for a very long time. Together, we realized a number of successful projects in many economic spheres. International corporations choose Indeed ID due to reliable software, competitive prices and great service.
Michael Lisnevsky
Softline group, Head of regional promotion of information security