PKIWorks is a secure, highly configurable web-based system for certificate authorities offered by CommScope
CommScope is a WiMAX Forum device root certificate authority, as well as the root certificate authority for SSL/TLS certificates utilized by cable and telco operators. PKIWorks supports all aspects of the certificate authority operation, including key and certificate generation, renewal, revocation and CRL publication. In addition, PKIWorks also supports device ID Management.
PKIWorks generates standard X.509 digital certificates (version 3) and is capable of generating the RSA public/private key pair on behalf of customers (e.g., WiMAX) or accepting Certificate Signing Requests (PKCS#10) containing a customer generated RSA public key.
PKIWorks supports renewal of certificates, if desired, and provides email reminders to customers to renew their certificates before they expire. After the renewal process, a customer receives a new certificate with the same identity with extended lifetime. Specific certificate lifetimes and renewal notification policy are highly configurable and may vary per project.
PKIWorks supports revocation of certificates by the Certification Authority and provides online Certificate Revocation Lists, updated daily. Certificate revocation is necessary in cases such as when the private key for the certificate has been compromised and thus must no longer be used.
For large volume device manufacturers who need a large number of keys and certificates, PKIWorks supports generation of a batch of keys and certificates using customer device ID. PKIWorks also supports automatically assigning IDs within a predefined range.
PKIWorks supports user specification of ID ranges from which IDs are automatically chosen for certificates, based on configurable ID assignment policies, such as next-available and ID skipping. This helps customers manage their ID space and guarantee ID uniqueness.
PKIWorks supports two-factor user authentication via cryptographic USB
tokens provided by CommScope, for better security. Each user accessing PKIWorks must possess a cryptographic USB token (factor 1) and the password (factor 2) in order to use PKIWorks. The two factors of authentication include possession of the physical USB
token and the knowledge of the token password to access it.
If a customer requests PKIWorks to generate RSA private keys in addition to
the digital certificates, the RSA private keys are delivered to the customer securely encrypted using the
cryptographic USB token issued by CommScope, thus providing two-factor protection for the RSA private keys.
PKIWorks will retain private keys generated for each
customer based on a configurable policy. For example, if the customer wishes, all PKIWorks copies of
the private keys will be deleted as soon as the customer confirms successful receipt and decryption of
those private keys. And if the customer does not confirm receipt, PKIWorks can still delete the private
keys after a configurable timeout period.
CommScope PKI CENTER™
The CommScope PKI Center™, recognized for its leadership in content security, is one of the world's largest producers of keys and certificates for hardware devices, with more than 30 years of experience.