|
|
 |
Signal Identity Manager Seamlessly Integrates with the Certificate Services for Microsoft Windows Server 2003, Enterprise Edition, and Active Directory
The SPYRUS Signal Identity Manager is a robust certificate and smart token management product that enhances the functionality of the Microsoft PKI—Windows Server 2003 Certificate Services. Signal Identity Manager is seamlessly integrated with Microsoft Windows Server 2003 Certificate Services and Active Directory, making full use of their functionality, security features and certificate management interfaces. Signal Identity Manager adds certificate registration capabilities to the Microsoft Windows Server 2003 CA and provides a broad set of functions for smart token issuance and management.
Although many enterprises recognize that smart tokens provide added security and functionality, few enterprises properly account for the total life cycle management of their tokens. Life cycle management is often the single most critical factor in a successful deployment of smart tokens. SPYRUS developed the Signal Identity Manager specifically to handle these management issues. The Signal Identity Manager includes back-up and key recovery mechanisms to enable the restoration of lost or misplaced tokens, which allows employees who lose their token to continue working. The Signal Identity Manager also provides Token Administration PIN management so that user tokens can be unblocked, either locally or remotely.
The Signal Identity Manager adapts to specific customer registration and token management requirements through enterprise-wide configurable Business Rules templates, which allow organizations to enforce security policies that align with their business policies and practices.
Key features and Functionality
Signal Identity Manager Architecture and Components
- Signal Admin Console - enables Signal Administrators to define Business Rules that set operational policy, and perform Signal Audit Log and Signal Token database management functions
- Signal RA Console - enables RA Operators to perform registration, policy, and token management functions within defined Business Rules
- Signal Client Console - enables end users to manage their tokens remotely from the enterprise
- SPYRUS LYNKS Hardware Security Module (HSM) - enables centralized key generation and key archival when mandated by the Business Rules in effect at the Signal RA Console
- Signal Token Database - a SQL Server database that maintains token Administration PIN records
- Signal Audit Log - a SQL Server database that provides an integrated enterprise-wide audit mechanism
Microsoft Enterprise Support
- A simple interactive GUI design that is consistent with Microsoft Windows Server 2003 CA
- Uses Active Directory and Windows Server 2003 security features - certificate templates, enterprise users, security groups and access permissions
- Operates across domain boundaries, i.e., in forests with multiple trees that contain root and peer domains
- Enforces enterprise-wide user role, access control and authorization management
- Designed for flexibility to achieve a rapid, cost effective deployment, tailored to suit individual organizations
Certificate & Request Management
- Remote certificate management - unlike the Microsoft Windows Server 2003 CA which is confined to the server room, the Signal Identity Manager operates in the office environment
- Browsing of certificates and certificate requests
- Approval, submission and rejection of pending certificate requests
- Revocation and suspension of issued certificates
- Signal Administrator configured enterprise-wide registration, enrollment and approval process
- Signal Operator configurable views and report generation
Smart Token Management
- For Microsoft Crypto Service Provider (CSP) compliant smart tokens including SPYRUS Rosetta Smart Cards and USB tokens
- Dynamic tracking of available smart tokens
- Browsing of keys and certificates on smart tokens
- Full smart token and certificate life cycle management that includes:
- Personalization of end user smart tokens
- Request processing and programming of keys and certificates on smart tokens
- Selectable on-token or centralized key generation
- Post-issuance certificate and key management on smart tokens
- Key and certificate back-up and recovery using Microsoft Windows Server 2003 CA as archiving agent
- Token Administration PIN backup, recovery and unblock
- Remote PIN reset
- Initialization of SPYRUS Rosetta Smart Cards and USB tokens
Policy Management
- Fully integrated with the security policy management of Microsoft Windows 2000 and Windows Server 2003:
- The Microsoft Windows Server 2003 CA authorizes, formats, issues and publishes certificates according to a set of predefined rules
- Certificate Templates specify the attributes a generated certificate will contain and a number of request handling requirements
- Microsoft network security facilitates user role management
- Active Directory provides the foundation for distributed secure networks
- Enterprise wide organizational policy managed through customizable Business Rules Templates providing:
- Flexibility to enforce a variety of security policies for any number of Microsoft Windows Server 2003 CAs
- Controlled access to Microsoft Windows Server 2003 CAs and the "User Community" serviced by each Signal Operator
- Controlled permissions for allowable Signal Operator certificate and token management operations
- Enforcement of unique evidence collection, certificate, token, and key management policy
- Management of the Signal Audit Log for integrity and high assurance
Complete Integration
Signal Identity Manager is integrated with the Microsoft Windows 2003 Certificate Services and designed to enhance the overall security and functionality available within the enterprise environment. It enforces the security policies of individual organizations from a centralized location using user role differentiation, evidence collection, tailored enrollment processes, and integrated enterprise wide audit mechanisms with signed audit log entries. The combined policy, certificate, and smart token management features make Signal Identity Manager the first truly integrated security management system to support the Microsoft Windows Server 2003 Certificate Services.
|
|
