SlideShare une entreprise Scribd logo
1  sur  4
Télécharger pour lire hors ligne
Entrust Managed Services PKI
Managed PKI for your Organization
Entrust Managed Services PKI establishes and manages certificate-based security           Managed PKI Benefits
across an organization through a reliable, customizable and flexible public               •	 Reliable service with mission-critical
key infrastructure (PKI). Entrust’s hosted PKI service eliminates up-front capital           support
investment and significantly reduces on-going operation cost associated with              •	 Reduces up-front investment
in-house PKI software, provides built-in maintenance capabilities and speeds
deployment time.                                                                          •	 Includes maintenance and audit costs
                                                                                          •	 Built-in certificate management
Industry-Leading PKI On Demand                                                            •	 Secure, government-grade facilities
For years, security-conscious organizations have turned to Entrust for PKI security.      •	 Simple, fast deployment
Entrust Managed Services PKI makes it easy to purchase exactly the PKI you need           •	 Reduces internal IT costs
today — one that easily scales to meet future business requirements. Certificate
                                                                                          •	 Flexible certificate deployment
deployment is fast and easy. Plus, digital certificate renewal is automated to deliver
reliable, hands-off security.                                                             •	 Rich policy to manage diverse user
                                                                                             communities
Reliable Security                                                                         •	 Email-signing and encryption
Entrust Managed Services PKI provides reliable service with continuous protection         •	 Secure remote access (VPN)
for your business. Housed in established secure facilities, the PKI service features a
                                                                                          •	 Tamper-proof electronic distribution
highly available, fully redundant infrastructure with intelligent monitoring, robust
                                                                                             of documents
data backup and exceptional disaster recovery.
                                                                                          •	 Encryption of documents and e-forms
Certificate Administration & Management
Entrust provides flexible enrollment and administration options, including Certificate
Revocation Lists (CRL) and Online Certificate Status Protocol (OCSP) services. There
is no need to register users in Active Directory, as with a Microsoft CA. Organizations
may supply certificates to their own network of trusted users worldwide.

Organizations also may manage certificates through a client-less Web application
or with Entrust Entelligence Security Provider, an easy-to-deploy desktop client.
Entrust provides Web-based certificate administration services to customers,
without installing any client software on premise. This includes:

•	 User Management Service (UMS), which allows certificate administrators to manage
    user accounts over the Web
•	 User Registration Service (URS), which allows end-users to create accounts and
   Entrust digital IDs; users with a registration password can self-administer their
   user accounts and Entrust digital ID over the Web
The Ready-To-Go CA
Entrust provides a highly available CA with intelligent monitoring and near real-time
replication between primary and standby disaster recovery facilities to minimize
downtown and data loss. High-end servers offer robust performance and scalability
as your organization grows.
Flexible CA Models
   Entrust Managed Services PKI is available in several service models to provide maximum flexibility. In all models, data and access are
   consistently and strongly protected.

   Entrust Standard CA                                                                     Non-Federal Issuers Shared Service Provider CA

   Offers dedicated CA partition to each customer. The                                     Commonly known as an NFI SSP certification authority,
   issuing CA is shared by multiple customers, with each                                   this service is for entities that require certificates trusted
   customer possessing its own Organization Unit (OU). The                                 by the U.S. Federal government. The Entrust NFI SSP CA is
   CA is governed by a pre-established Certificate Policy (CP).                            cross‑certified with the Federal Bridge Certification Authority
   The service is cost-effective and can be quickly deployed.                              (FBCA). Issuing certificates for PIV-I cards is a common
                                                                                           example of this service.

   Customer-Branded CA                                                                     Federal Shared Service Provider (SSP)

   Certificates are under an organization’s control and are                                This is a hosted PKI service for employees of the U.S. Federal
   branded with the organization’s name. This model offers                                 government, or their contractors, whom are sponsored by
   a tailored Certificate Policy (CP) and Certificate Practices                            the U.S. Federal departments. The Entrust Federal Root CA is
   Statement (CPS). Under this model, each customer is                                     cross-certified with the Federal Common Policy CA. Issuing
   provided dedicated resources and setup, including a root                                certificates for PIV cards is a common example of this service.
   CA, issuing CA and dedicated Administration Service
   components. Entrust Professional Services also are available
   to assist with customization, installation and CA migration.




                                Smartcards
                                                                                                       Administration
                                USB Crypto
                                 Token ID

                                                                                                         Enrollment
                                                               INTERNET
         0101010
         1010101


                                Roaming ID                                                                                                  ENTRUST MANAGED
                                                                                                                                              SERVICES PKI


                                Desktop ID                                                             Policy & Audit


                                   Transaction
                                      Details

                                   Confirmation
                                      code
                                     302800




                                                                                                     Web Service APIs
                                  Mobile


Figure 1: Entrust Managed Services PKI provides all the capabilities of a standard in-house PKI, but eliminates up-front capital investment and need for expert PKI staff.
CERTIFICATE INTEGRATION & MANAGEMENT
Entrust Managed Services PKI enables the auto-enrollment of certificates to your network of trusted users, remote employees,
partner, suppliers and devices, allowing end-users to sign documents and trust each other’s digital signatures. Auto‑enrollment
services are also supported for VPN, Web users and devices.

Automation via API                                                   Integration Toolkits
The service provides Web service APIs for third-party                Using Entrust’s library of toolkits, organizations may integrate
applications, such as mobile device management (MDM)                 PKI with unique security applications, such as smartcard
applications, to automatically enroll and revoke certificates        management solutions, mobile device applications, or
on to mobile devices.                                                physical and logical access control systems. The Entrust
                                                                     Authority suite of toolkits lets organizations integrate
                                                                     certificates into non-CryptoAPI applications that rely on
                                                                     or use Java, the Java Platform, C, C++, IPsec, TLS and more.



CORE SERVICES
•	 CA with high-availability and disaster recovery                   •	 Generation and storage of CA certificate signing keys
•	 Certificate and security management:                                in a tamper-proof device (HSM)

   •	 Key generation, storage and recovery                           •	 Annual audit by external third-party PKI auditor
   •	 Certificate generation and distribution, as well as CRL        •	 FIPS 140-2-compliant tokens for Local Registration
      or OCSP validation                                               Authorities or end-users
   •	 Issuance and management of certificates                        •	 Automated enrollment available
•	 Completely automated certificate update and renewal               •	 Web Service APIs for third-party software integration
                                                                     •	 24x7 support

WHY ENTRUST?
•	 Deployed in eGovernments worldwide                                •	 All data is backed up at a secure, off-site facility
•	 Cryptographic components are evaluated annually against           •	 CA operations and processes are audited annually
  the FIPS 140 and Common Criteria standards                           by an external auditor
•	 Entrust issues certificates trusted by the U.S. Federal Bridge    •	 Entrust is recognized by government, finance and industry
  Certification Authority (FBCA)                                       leaders around the globe for unequalled PKI deployment
•	 Provides cost-savings over in-house equipment and personnel         experience
COMPLEMENTARY SOLUTIONS
Entrust Entelligence Security Provider                                                                        Entrust Authority Toolkits
This thin-client desktop security software allows organizations to                                            Entrust Authority toolkits provide a common set of services
use a single digital identity to add security capabilities beyond                                             that permit developers to deploy applications that solve
authentication to applications such as email or file encryption.                                              business problems without having to spend valuable
                                                                                                              development cycles creating these common services.
Entrust IdentityGuard for Enterprise
For added enterprise security and management, the Entrust                                                     Entrust Authority Security Manager
IdentityGuard software authentication platform allows                                                         Prefer an in-house PKI? Entrust Authority Security Manager is
organizations to tailor authentication — whether for physical,                                                the world’s leading PKI and helps organizations easily manage
logical or mobile access — depending on the type of user, risk                                                their security infrastructure. The CA allows organizations to
assessment and application.                                                                                   easily manage the digital keys and certificates that secure
                                                                                                              user and device identities.



Entrust & You
More than ever, Entrust understands your organization’s                                                       Company Facts
security pain points. Whether it’s the protection of                                                          Website: www.entrust.com
information, securing online customers, regulatory                                                            Employees: 359
compliance or large-scale government projects, Entrust                                                        Customers: 5,000
provides identity-based security solutions that are not only                                                  Offices: 10 globally
proven in real-world environments, but cost-effective in
today’s uncertain economic climate.                                                                           Headquarters
                                                                                                              Three Lincoln Centre
Entrust’s identity-based solutions empower enterprises,                                                       5430 LBJ Freeway, Suite 1250
consumers, citizens and websites in more than 5,000                                                           Dallas, TX 75240 USA
organizations spanning 85 countries. This identity-based
approach offers the right balance between affordability,                                                      Sales
expertise and service. For strong authentication, fraud                                                       North America: 1-888-690-2424
detection, digital certificates, SSL and PKI, call 888‑690‑2424,                                              EMEA: +44 (0) 118 953 3000
email entrust@entrust.com or visit entrust.com/managedpki.                                                    Email: entrust@entrust.com




About Entrust
A trusted provider of identity-based security solutions, Entrust secures governments, enterprises and financial institutions in more than 5,000 organizations spanning
85 countries. Entrust’s award-winning software authentication platforms manage today’s most secure identity credentials, addressing customer pain points for cloud
and mobile security, physical and logical access, citizen eID initiatives, certificate management and SSL. For more information about Entrust products and services,
call 888-690-2424, email entrust@entrust.com or visit www.entrust.com.




Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries. In Canada, Entrust is a registered trademark of Entrust Limited. All other Entrust product names and service
names are trademarks or registered trademarks of Entrust, Inc. or Entrust Limited in certain countries. All other company names, product names and logos are trademarks or registered trademarks of their
respective owners. © 2012 Entrust. All rights reserved.
                                                                                                                                                                                                      22885/7-12

Contenu connexe

Plus de Entrust Datacard

INFOGRAPHIC: Why Did Datacard Group Acquire Security Expert Entrust?
INFOGRAPHIC: Why Did Datacard Group Acquire Security Expert Entrust? INFOGRAPHIC: Why Did Datacard Group Acquire Security Expert Entrust?
INFOGRAPHIC: Why Did Datacard Group Acquire Security Expert Entrust? Entrust Datacard
 
Zero to Dual_EC_DRBG in 30 minutes
Zero to Dual_EC_DRBG in 30 minutesZero to Dual_EC_DRBG in 30 minutes
Zero to Dual_EC_DRBG in 30 minutesEntrust Datacard
 
Advanced Solutions for Critical Infrastructure Protection
Advanced Solutions for Critical Infrastructure ProtectionAdvanced Solutions for Critical Infrastructure Protection
Advanced Solutions for Critical Infrastructure ProtectionEntrust Datacard
 
Easing the Pains of Certificate Management
Easing the Pains of Certificate ManagementEasing the Pains of Certificate Management
Easing the Pains of Certificate ManagementEntrust Datacard
 
Entrust Physical & Logical Access Solutions
Entrust Physical & Logical Access SolutionsEntrust Physical & Logical Access Solutions
Entrust Physical & Logical Access SolutionsEntrust Datacard
 
Entrust Mobile Security Solutions
Entrust Mobile Security SolutionsEntrust Mobile Security Solutions
Entrust Mobile Security SolutionsEntrust Datacard
 
Entrust Enterprise Authentication
Entrust Enterprise AuthenticationEntrust Enterprise Authentication
Entrust Enterprise AuthenticationEntrust Datacard
 

Plus de Entrust Datacard (7)

INFOGRAPHIC: Why Did Datacard Group Acquire Security Expert Entrust?
INFOGRAPHIC: Why Did Datacard Group Acquire Security Expert Entrust? INFOGRAPHIC: Why Did Datacard Group Acquire Security Expert Entrust?
INFOGRAPHIC: Why Did Datacard Group Acquire Security Expert Entrust?
 
Zero to Dual_EC_DRBG in 30 minutes
Zero to Dual_EC_DRBG in 30 minutesZero to Dual_EC_DRBG in 30 minutes
Zero to Dual_EC_DRBG in 30 minutes
 
Advanced Solutions for Critical Infrastructure Protection
Advanced Solutions for Critical Infrastructure ProtectionAdvanced Solutions for Critical Infrastructure Protection
Advanced Solutions for Critical Infrastructure Protection
 
Easing the Pains of Certificate Management
Easing the Pains of Certificate ManagementEasing the Pains of Certificate Management
Easing the Pains of Certificate Management
 
Entrust Physical & Logical Access Solutions
Entrust Physical & Logical Access SolutionsEntrust Physical & Logical Access Solutions
Entrust Physical & Logical Access Solutions
 
Entrust Mobile Security Solutions
Entrust Mobile Security SolutionsEntrust Mobile Security Solutions
Entrust Mobile Security Solutions
 
Entrust Enterprise Authentication
Entrust Enterprise AuthenticationEntrust Enterprise Authentication
Entrust Enterprise Authentication
 

Dernier

COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
UiPath Clipboard AI: "A TIME Magazine Best Invention of 2023 Unveiled"
UiPath Clipboard AI: "A TIME Magazine Best Invention of 2023 Unveiled"UiPath Clipboard AI: "A TIME Magazine Best Invention of 2023 Unveiled"
UiPath Clipboard AI: "A TIME Magazine Best Invention of 2023 Unveiled"DianaGray10
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
The Kubernetes Gateway API and its role in Cloud Native API Management
The Kubernetes Gateway API and its role in Cloud Native API ManagementThe Kubernetes Gateway API and its role in Cloud Native API Management
The Kubernetes Gateway API and its role in Cloud Native API ManagementNuwan Dias
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...
All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...
All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...Daniel Zivkovic
 
Governance in SharePoint Premium:What's in the box?
Governance in SharePoint Premium:What's in the box?Governance in SharePoint Premium:What's in the box?
Governance in SharePoint Premium:What's in the box?Juan Carlos Gonzalez
 
100+ ChatGPT Prompts for SEO Optimization
100+ ChatGPT Prompts for SEO Optimization100+ ChatGPT Prompts for SEO Optimization
100+ ChatGPT Prompts for SEO Optimizationarrow10202532yuvraj
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 

Dernier (20)

COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
UiPath Clipboard AI: "A TIME Magazine Best Invention of 2023 Unveiled"
UiPath Clipboard AI: "A TIME Magazine Best Invention of 2023 Unveiled"UiPath Clipboard AI: "A TIME Magazine Best Invention of 2023 Unveiled"
UiPath Clipboard AI: "A TIME Magazine Best Invention of 2023 Unveiled"
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
The Kubernetes Gateway API and its role in Cloud Native API Management
The Kubernetes Gateway API and its role in Cloud Native API ManagementThe Kubernetes Gateway API and its role in Cloud Native API Management
The Kubernetes Gateway API and its role in Cloud Native API Management
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...
All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...
All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...
 
Governance in SharePoint Premium:What's in the box?
Governance in SharePoint Premium:What's in the box?Governance in SharePoint Premium:What's in the box?
Governance in SharePoint Premium:What's in the box?
 
100+ ChatGPT Prompts for SEO Optimization
100+ ChatGPT Prompts for SEO Optimization100+ ChatGPT Prompts for SEO Optimization
100+ ChatGPT Prompts for SEO Optimization
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 

Entrust IdentityGuard Cloud Services PKI

  • 1. Entrust Managed Services PKI Managed PKI for your Organization Entrust Managed Services PKI establishes and manages certificate-based security Managed PKI Benefits across an organization through a reliable, customizable and flexible public • Reliable service with mission-critical key infrastructure (PKI). Entrust’s hosted PKI service eliminates up-front capital support investment and significantly reduces on-going operation cost associated with • Reduces up-front investment in-house PKI software, provides built-in maintenance capabilities and speeds deployment time. • Includes maintenance and audit costs • Built-in certificate management Industry-Leading PKI On Demand • Secure, government-grade facilities For years, security-conscious organizations have turned to Entrust for PKI security. • Simple, fast deployment Entrust Managed Services PKI makes it easy to purchase exactly the PKI you need • Reduces internal IT costs today — one that easily scales to meet future business requirements. Certificate • Flexible certificate deployment deployment is fast and easy. Plus, digital certificate renewal is automated to deliver reliable, hands-off security. • Rich policy to manage diverse user communities Reliable Security • Email-signing and encryption Entrust Managed Services PKI provides reliable service with continuous protection • Secure remote access (VPN) for your business. Housed in established secure facilities, the PKI service features a • Tamper-proof electronic distribution highly available, fully redundant infrastructure with intelligent monitoring, robust of documents data backup and exceptional disaster recovery. • Encryption of documents and e-forms Certificate Administration & Management Entrust provides flexible enrollment and administration options, including Certificate Revocation Lists (CRL) and Online Certificate Status Protocol (OCSP) services. There is no need to register users in Active Directory, as with a Microsoft CA. Organizations may supply certificates to their own network of trusted users worldwide. Organizations also may manage certificates through a client-less Web application or with Entrust Entelligence Security Provider, an easy-to-deploy desktop client. Entrust provides Web-based certificate administration services to customers, without installing any client software on premise. This includes: • User Management Service (UMS), which allows certificate administrators to manage user accounts over the Web • User Registration Service (URS), which allows end-users to create accounts and Entrust digital IDs; users with a registration password can self-administer their user accounts and Entrust digital ID over the Web The Ready-To-Go CA Entrust provides a highly available CA with intelligent monitoring and near real-time replication between primary and standby disaster recovery facilities to minimize downtown and data loss. High-end servers offer robust performance and scalability as your organization grows.
  • 2. Flexible CA Models Entrust Managed Services PKI is available in several service models to provide maximum flexibility. In all models, data and access are consistently and strongly protected. Entrust Standard CA Non-Federal Issuers Shared Service Provider CA Offers dedicated CA partition to each customer. The Commonly known as an NFI SSP certification authority, issuing CA is shared by multiple customers, with each this service is for entities that require certificates trusted customer possessing its own Organization Unit (OU). The by the U.S. Federal government. The Entrust NFI SSP CA is CA is governed by a pre-established Certificate Policy (CP). cross‑certified with the Federal Bridge Certification Authority The service is cost-effective and can be quickly deployed. (FBCA). Issuing certificates for PIV-I cards is a common example of this service. Customer-Branded CA Federal Shared Service Provider (SSP) Certificates are under an organization’s control and are This is a hosted PKI service for employees of the U.S. Federal branded with the organization’s name. This model offers government, or their contractors, whom are sponsored by a tailored Certificate Policy (CP) and Certificate Practices the U.S. Federal departments. The Entrust Federal Root CA is Statement (CPS). Under this model, each customer is cross-certified with the Federal Common Policy CA. Issuing provided dedicated resources and setup, including a root certificates for PIV cards is a common example of this service. CA, issuing CA and dedicated Administration Service components. Entrust Professional Services also are available to assist with customization, installation and CA migration. Smartcards Administration USB Crypto Token ID Enrollment INTERNET 0101010 1010101 Roaming ID ENTRUST MANAGED SERVICES PKI Desktop ID Policy & Audit Transaction Details Confirmation code 302800 Web Service APIs Mobile Figure 1: Entrust Managed Services PKI provides all the capabilities of a standard in-house PKI, but eliminates up-front capital investment and need for expert PKI staff.
  • 3. CERTIFICATE INTEGRATION & MANAGEMENT Entrust Managed Services PKI enables the auto-enrollment of certificates to your network of trusted users, remote employees, partner, suppliers and devices, allowing end-users to sign documents and trust each other’s digital signatures. Auto‑enrollment services are also supported for VPN, Web users and devices. Automation via API Integration Toolkits The service provides Web service APIs for third-party Using Entrust’s library of toolkits, organizations may integrate applications, such as mobile device management (MDM) PKI with unique security applications, such as smartcard applications, to automatically enroll and revoke certificates management solutions, mobile device applications, or on to mobile devices. physical and logical access control systems. The Entrust Authority suite of toolkits lets organizations integrate certificates into non-CryptoAPI applications that rely on or use Java, the Java Platform, C, C++, IPsec, TLS and more. CORE SERVICES • CA with high-availability and disaster recovery • Generation and storage of CA certificate signing keys • Certificate and security management: in a tamper-proof device (HSM) • Key generation, storage and recovery • Annual audit by external third-party PKI auditor • Certificate generation and distribution, as well as CRL • FIPS 140-2-compliant tokens for Local Registration or OCSP validation Authorities or end-users • Issuance and management of certificates • Automated enrollment available • Completely automated certificate update and renewal • Web Service APIs for third-party software integration • 24x7 support WHY ENTRUST? • Deployed in eGovernments worldwide • All data is backed up at a secure, off-site facility • Cryptographic components are evaluated annually against • CA operations and processes are audited annually the FIPS 140 and Common Criteria standards by an external auditor • Entrust issues certificates trusted by the U.S. Federal Bridge • Entrust is recognized by government, finance and industry Certification Authority (FBCA) leaders around the globe for unequalled PKI deployment • Provides cost-savings over in-house equipment and personnel experience
  • 4. COMPLEMENTARY SOLUTIONS Entrust Entelligence Security Provider Entrust Authority Toolkits This thin-client desktop security software allows organizations to Entrust Authority toolkits provide a common set of services use a single digital identity to add security capabilities beyond that permit developers to deploy applications that solve authentication to applications such as email or file encryption. business problems without having to spend valuable development cycles creating these common services. Entrust IdentityGuard for Enterprise For added enterprise security and management, the Entrust Entrust Authority Security Manager IdentityGuard software authentication platform allows Prefer an in-house PKI? Entrust Authority Security Manager is organizations to tailor authentication — whether for physical, the world’s leading PKI and helps organizations easily manage logical or mobile access — depending on the type of user, risk their security infrastructure. The CA allows organizations to assessment and application. easily manage the digital keys and certificates that secure user and device identities. Entrust & You More than ever, Entrust understands your organization’s Company Facts security pain points. Whether it’s the protection of Website: www.entrust.com information, securing online customers, regulatory Employees: 359 compliance or large-scale government projects, Entrust Customers: 5,000 provides identity-based security solutions that are not only Offices: 10 globally proven in real-world environments, but cost-effective in today’s uncertain economic climate. Headquarters Three Lincoln Centre Entrust’s identity-based solutions empower enterprises, 5430 LBJ Freeway, Suite 1250 consumers, citizens and websites in more than 5,000 Dallas, TX 75240 USA organizations spanning 85 countries. This identity-based approach offers the right balance between affordability, Sales expertise and service. For strong authentication, fraud North America: 1-888-690-2424 detection, digital certificates, SSL and PKI, call 888‑690‑2424, EMEA: +44 (0) 118 953 3000 email entrust@entrust.com or visit entrust.com/managedpki. Email: entrust@entrust.com About Entrust A trusted provider of identity-based security solutions, Entrust secures governments, enterprises and financial institutions in more than 5,000 organizations spanning 85 countries. Entrust’s award-winning software authentication platforms manage today’s most secure identity credentials, addressing customer pain points for cloud and mobile security, physical and logical access, citizen eID initiatives, certificate management and SSL. For more information about Entrust products and services, call 888-690-2424, email entrust@entrust.com or visit www.entrust.com. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries. In Canada, Entrust is a registered trademark of Entrust Limited. All other Entrust product names and service names are trademarks or registered trademarks of Entrust, Inc. or Entrust Limited in certain countries. All other company names, product names and logos are trademarks or registered trademarks of their respective owners. © 2012 Entrust. All rights reserved. 22885/7-12