CMS (Credential Management System) is a comprehensive, flexible and highly configurable solution which has been specifically designed to manage all aspects of the lifecycles of certificates that are stored on the hardware devices (e.g. smart cards or tokens) or in files (soft certificate issuance).
A management system like CMS is required to successfully deploy smart cards or tokens within an organization, or to ensure the certification of the users or organization servers in soft certificate form. CMS is perfect for environments which require implementation of strong security measures based on authentication (which guarantees the identity of the user), confidentiality (encryption which protects vital data) and non-repudiation services (allow the execution of a transactions between two parties which are considered contractual).
CMS system is already used in different sectors like banking, government and enterprise where end users' identification has been extended to physical access control by using contactless technology.
Functionality
Support for different cryptographic devices such as Smart Cards or USB tokens from different vendors (SafeNet, ActivIdentity, Gemalto, Vasco and others that can be tested on request)
Support for complex business models (issuance of certificates/cards, PIN distribution, integration)
Support for different PKI Authority solutions (connectors for Entrust, Microsoft and Verizone, others can be integrated on request)
Compliance with standards and security policies
Simple integration with user’s IT environment (use of generically developed DataSource connector)
Simple extensibility to the support for different CA (CA Proxy connector development concept)
Support for Soft Certificate issuance where the certificates are stored in the PKCS#12 file, commonly used to store X.509 private keys with accompanying public key certificates, protected with a password based symmetric key
Scope of Implementation
Enterprise
Login to PC, server, network, PKI ready applications, web portal
Digital signing of e-mails
Data encryption
Control of physical access in buildings and offices
Control of printing/scanning on network printers/scanners
Banking
Authentication of end users for on-line banking applications
Digital signing of financial transactions
Financial data encryption
Government
Registers of digital certificates – qualified and standard digital signature
Key functionalities
Configurable deployment supports different workflows for management of users and PKI tokens (creating, personalization, distribution, updating, registration, renewal etc.)
PIN code management which includes printing or secure e-mail sending and remote unlocks based on security questions (number of questions is configurable)
Personalization of PKI tokens can be done by different allocation modes (centralized, decentralized, mixed etc.)
Usage of generic Datasource service for integration with customers' IT environments enables batch enrollment mechanisms to simplify large-scale deployments
Configurable certification according to defined policies (templates) of certification (on one device for the same user more certificates can be obtained for various purposes)
Possibility for soft certificates issuance for users, devices or servers (in PKCS#12 fi les)
Unique Web portal with modern and attractive GUI adapted for administration and usage by all users depending upon their roles in CMS system (administrators, helpdesk, end users, etc.)
Strong authentication through use of certificates for all activities within the CMS except for the first registration
Implemented different ways to perform the user authentication for the first registration with pre-defined token (username/password; possession of the PKI token and knowledge of a PIN in plain text or encrypted; Kerberos authentication)
Enabled traceability of all activities and integrated interface for search of audit records
Key escrow functionality for encryption keys
Simple management of replacement cards
Configurable deployment supports heterogeneous PKI environment (MS CA, UniCERT, Entrust) and usage of PKI devices from different vendors (ActivIdentity, SafeNet, Gemalto, Vasco etc.)
Provided export of data about users, assigned devices and issued certificates in XLS or PDF format
Usage of platform independent cryptographic API allows CMS to work on the Windows, Linux and Mac OS
All the functionalities are supported for major market browsers: Internet Explorer, Firefox, Opera, Safari
Modularity of the solution
Product page
For more information about CMS, please visit the product page at cms.asseco-see.hr
Contact
Write to us
If you have questions about our offer, please send us an inquiry.
In today's world IT security has become a major concern in every industry. Sensitive data and vital information are being transferred over unsecure channels on a daily basis. However, the usability of PKI as a security...
