About PKIWorks™ Basics
PKIWorks™ Basics is a system for certificate authorities operated by CommScope Sentry™ that supports the full lifecycle of key and certificate management. It is highly configurable to host new certificate authorities and to satisfy varying customer requirements in certificate profile and device ID management. Currently PKIWorks™ Basics supports hundreds of customers, including device manufacturers and cable and telco operators, for securing their devices and communication.
Features
Key and certificate generation
PKIWorks™ Basics generates standard X.509 digital certificates (version 3) and is capable of generating the RSA public/private key pair on behalf of customers (e.g., WiMAX) or accepting Certificate Signing Requests (PKCS#10) containing a customer generated RSA public key.
Certificate renewal
PKIWorks™ Basics supports renewal of certificates, if desired, and provides email reminders to customers to renew their certificates before they expire. After the renewal process, a customer receives a new certificate with the same identity with extended lifetime. Specific certificate lifetimes and renewal notification policy are highly configurable and may vary per project.
Certificate revocation
PKIWorks™ Basics supports revocation of certificates by the Certification Authority and provides online Certificate Revocation Lists, updated daily. Certificate revocation is necessary in cases such as when the private key for the certificate has been compromised and thus must no longer be used.
Large volume batch processing
For large volume device manufacturers who need a large number of keys and certificates, PKIWorks™ Basics supports generation of a batch of keys and certificates using customer device ID. PKIWorks™ Basics also supports automatically assigning IDs within a predefined range.
CRL publication
PKIWorks™ Basics provides online Certificate Revocation Lists for users to download, as well as to any system performing a certificate revocation check over HTTP.
Advanced ID management
PKIWorks™ Basics supports user specification of ID ranges from which IDs are automatically chosen for certificates, based on configurable ID assignment policies, such as next-available and ID skipping. This helps customers manage their ID space and guarantee ID uniqueness.
Two-factor user authentication
PKIWorks™ Basics supports two-factor user authentication via cryptographic USB tokens provided by CommScope, for better security. Each user accessing PKIWorks™ Basics must possess a cryptographic USB token (factor 1) and the password (factor 2) in order to use PKIWorks™ Basics. The two factors of authentication include possession of the physical USB token and the knowledge of the token password to access it.
Encrypted deliverables
If a customer requests PKIWorks™ Basics to generate RSA private keys in addition to the digital certificates, the RSA private keys are delivered to the customer securely encrypted using the cryptographic USB token issued by CommScope, thus providing two-factor protection for the RSA private keys.
Customizable key storage and deletion policy
PKIWorks™ Basics will retain private keys generated for each customer based on a configurable policy. For example, if the customer wishes, all PKIWorks™ Basics copies of the private keys will be deleted as soon as the customer confirms successful receipt and decryption of those private keys. And if the customer does not confirm receipt, PKIWorks™ Basics can still delete the private keys after a configurable timeout period.
Patent marking notice
For applicable patents, see www.cs-pat.com. That website is intended to give notice under 35 U.S.C. § 287(a) of articles that are patented or for use under the identified patents. That website identifies the patents associated with each of the patented articles.
Contact Us For More Information
Get in touch to learn more about our services and how you can start using PKIWorks™ Basics.