Build trusted IT infrastructures to keep communication secure in strongly networked systems.
PKI and key management
Security with keys and certificate
PKI and key management allows building trusted IT infrastructures and guarantee secure communication in highly networked systems. Reliable authentication as well as signing and encryption of data are mandatory for maximum IT security.
Public key infrastructures (PKI) allow to issue, manage and verify digital identities in a secure way.
The ECOS TrustManagementAppliance is a PKI and key management solution securing mobile devices, PCs, servers, processes and other devices in the (I)IoT area.
Functional Overview of the ECOS TrustManagementAppliance
As an all-in-one PKI solution, the Trust Management Appliance offers various functions for creating, managing, distributing and validating certificates, keys and other secrets.
Techem operates PKI
Techem, the leading service provider for smart and sustainable buildings, relies on securely encrypted data transmission of meter readings and consumption values from millions of buildings.
The ECOS TrustManagementAppliance secures the data traffic for over 52 million wireless data collection devices at Techem
Our case studies show practical applications of the PKI solution.
- Create, renew, revoke certificates
- Certificates, secrets and symmetric keys
- Key length and signature algorithm freely configurable
- Freely definable and assignable metadata
- Automatic certificate renewal
- Classifying and structuring of certificates
- Distributing certificates by LDAP, SCEP, CMC, CST, EST or Windows service
- Refueling or creation of certificates on the smartcard
- Self-service portal for users, helpdesk and administrators
- Secure storage in hardware security module
- Coupling with AD or other metadirectory
- All functions controlled via HTTP API
- Multi-level root- and sub CAs
- Central administration of tenant-specific root CAs
- Integration into existing PKI, as root- or sub CA
- Import interface for public and private certificates
- SNMP interface for the connection of a monitoring system
- syslog interface for the connection of an aggregation tool
- Operation under VMware, Microsoft Hyper-V, other virtualization platforms or dedicated hardware
- Preconfigured ISO image with ECOS Secure Linux and TMA
- Certificate validation via CRL or OCSP
- RADIUS server for IEEE 802.1X authentication
- Support of OTP tokens, software tokens and SMS
- Granular rights assignment by admin interface
- Predefined reports and custom report editor
- Automatic notification system via Active Reports
- Cluster operation, even cross-site