The Authentic8 Card Key
Management System (CKMS) is an integrated suite of products that
allows corporations to issue, personalize and manage smart cards
for the secure storage of digital certificates and encryption key
pairs.
PRODUCT FEATURES
Registration Client (RC)
The registration Client (RC) is a Web-based smart card request
form. Via a web site, the requestor simply submits the information
required to create a digital certificate and personalize a smart
card. The RC then sends the information to the Organizational
Registration Authority (ORA) application that will process the
request.
Organizational Registration Authority (ORA)
The ORA is a queuing system for validating (identity verification)
smart card requests. A corporation can manage security processes
and policies by customizing the validation process, requiring
as many or as few physical or logical validation checks as necessary.
Once all validation requirements are met the request is sent to
the first available Personalization Facility (PF).
Personalization Facility (PF)
The PF generates the key pair and requests a certificate from
the configured Certificate Authority (CA). The certificate is
created and published to a directory along with the public key.
The exterior of the smart card is then personalized with user
names, ID numbers, corporate logos, employee photos or bar codes.
As the PF prints the card, it places signed certificates, private
keys and other data on the smart card chip.
Certification Authority (CA)
The CA provides the X.509 certificate that will be loaded onto
the smart card. Certificates can be sent to a trusted third party
CA to be signed, or an organization can act as its own CA. The
CA can also revoke certificates, remove them from the database
and create certificate revocation lists (CRLs).
Directory Services (LDAP, X.500)
Via Lightweight Directory Access Protocol (LDAP) and/or X.500
the location of all certificates can be mapped. LDAP and/or X.500
can help manage certificates, check the certificate revocation
list (CRL) and look up public keys that need to be used for encrypting
documents or messages.
|