Certificate Registration Manager and PKI-VPN
The Protexx Managed Public Key Infrastructure Certificate Registration Manager and fully managed and supported PKI-VPN service is a fully integrated enterprise solution designed to secure intranet, extranet, and Internet applications while enabling fluid interaction with business partners, mobile workers, Web services devices, and other users.
The Protexx Certificate Registration Manager software works with our Trust Center Certificate Authority to streamline the enrollment process for handling large volumes of end-user certificate requests. It verifies the credentials of certificate requests and provides certificates to the requester.
The Protexx Certificate Registration Manager software enables organizations to set up either remote or local standalone enrollment centers for large user implementations at distributed geographic locations, thereby allowing organizations to scale their certificate management systems while moving the approval process closer to the users. This process significantly reduces the risk of approving certificates to unauthorized parties.
The Trust Center Certificate Authority is the backbone of our Identity Proofing system. Protexx will set up the entire data processing center to support the electronic signatures of the certificates, secure the communication between the partners in the data transfer process and secure the data in transit between the communicating facilities.
We are using our PKI certificates with the optional addition of biometric clip drive identification to generate a completely secure digital signature, see below.
The Trust Center consists of:
• Secure Signature Server • Certification Authority Software • X.509 Certificates • Registration Authority • Organization of the certification application • Issuing of the certificate • Online / offline certification • Renewal service of certificates • Revocation service of certificates • Delivery of certificates • Publishing of certificates via X.500 service • Certificate Repository • Service of a global registration authority operator • Certificate reports • Key length RSA 2048bit • Broadband internet access • Personnel with security clearance
These are the basic elements of a Trust Center; they are implemented in different combinations to achieve the individual client’s goals for security and authentication. The design of the Trust Center is completed during the Project Planning phase. Card Issuing Organizations Our parent company Widepoint and it’s subsidiary ORC is authorized to issue digital certificates to their constituents. It is essential to consider what type of information the organization already collects or utilizes to deliver services, certification or licensure to its members. Upon issuing a certificate to a member, the issuing organization is, in effect, verifying that person’s identity with respect to the organization.
In order to maintain a natural set of controls over certificate issuance – because the validity of the system is dependent on the certificate issuance and optional biometric registration process – organizations that currently provide services requiring identity verification for their members is a natural choice. It is also essential to select issuers that have little to gain from issuing a fraudulent identity.